No problem. It was a good excercise for me aswell ! :) Actually I didn´t realize I was using 12.4 ! I just addedd those recently to my lab and forgot to downgrade.
I have heard that before about vlans not being supported. But in my Fastlane book there is a case where you do vlans over repeaters. Before then I didn´t think it was possible. This was 12.3.8ja. Sometimes Cisco documentation isn´t accurate. Or sometimes something may work and Cisco says not supported. That means if you run into trouble and want TAC help you might end up emtpy handed cause of unsupported feature. But I shall downgrade those 2 guys now and see if it still works. I'll let you know. regards. Kristjan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen Sent: 1. febrúar 2011 22:21 To: Kristján Ólafur Eðvarðsson Cc: [email protected] Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen) Hi Kristian, Thank you for looking so deep into this. I'm gonna try your configs tomorrow or in the weekend. But there are 2 things that comes into mind. The configuration guide "Guidelines for Repeaters" point 4 says: "Repeater access points support only the native VLAN. You cannot configure multiple VLANs on a repeater access point.". !??! (Still this is for 12.3(8) which is in the Lab, I can see you are running a 12.4 code) And the IPX WB1 Lab 3.8 solves this in a different way, one SSID (not on bridge-group1). Did Jason use 12.3 or 12.4 code? Anyone how can comment on this issue? Join the battle Wireless Genies :o) /Ralph 2011/2/1 Kristján Ólafur Eðvarðsson <[email protected]>: > OK Ralph, here are my findings. > > nr.2 I don´t like to put the whole radio interface in a bridge group. I > usually try to go for the subinterfaces and bridge together. This gives you > more flexibility > But did you have a excersise that instructed this or was this just something > you made up ? At least I understand that this worked. > > nr.3 I first tried your configuration unchanged. It didn´t work any better > than in your case. Something bugged me with native vlan 20 between the Aps. > BVI interface always goes with bridge group 1 and always sends untagged > packets over the wire. This doesn´t mean that you have to have your root on > VLAN 1. It can be put on any VLAN with different switchport trunk native vlan > on the switchport. But this is of course managment traffic. In my example > that native vlan on my switches is 20. However I was able to make this work > with VLAN 20 as native on both Aps and the client worked over VLAN150. > However I could not do pings between the BVI interfaces of Root and Repeater, > but bridging of the 150 vlan was working fine. But I added an exra SSID with > VLAN for the clients. I am not sure how to make it work with the native in > bridge group 20. > > nr.4 I am without a clue :) But I have noticed when I configure EAP-fast with > root+WGB it takes about 10-15 sek to work if I don´t shut/no shut the radio > interfaces. > But yours is wpa-psk so it should be even simpler. > > But back to 3: > > So after this I took a look at my workbook and saw that the example used > vlan1 as the infrastructure vlan. So I wonder if that is mandatory. When I > changed > my configuration for vlan 1 and bridge-group 1 between the Aps I could ping > each other. So from what I understand is repeater infrastructure SSID always > has to be native (also for bridges with multiple vlans) and extra vlans > (ssids+vlans for clients for example) will be tagged at the repeater and the > native vlan will be used for > the Aps to communicate IAPP messages e.t.c for those extra SSIDs. > > So if you like the Repeater to be on some special vlan, it has to go with the > Root AP. Aswell will the client in a single ssid setup. Even though you use > vlan1 > between the Aps you can decide in your network what your native vlan trunk > will do. So you can set them in vlan 20 or whatever. > > My configuration files are attached. A little explanation: Root 1 is with > infrastructure ssid BOB in vlan1 (this is only between them) and bridge group > 1 - client can connect there too if they don´t mind the infrastructure SSId > setting. My ACU worked at least from the repeater. I created another VLAN 150 > and SSID client that trunks vlan 150 out to the wired network. A L3 switch > has vlan 20 and vlan 150 with corresponding ip dhcp pools. > > The Repeater has actually the same configuration exept for the station role > repeater. I created the fastethernet subinterfaces aswell. I decided to follow > my earlier configuration cause it worked last time. It might not make make > since the repeter ethernet interface is always down. But you can try to do > without them, it would be interesting to see if that worked too. I didn´t > bother to change subinterfaces names so don´t get confused ;) > > So Jason or any Autonomous Rainman, any comments or rectifications ? :-) > > regards. Kristjan > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen > Sent: 31. janúar 2011 20:36 > To: Kristján Ólafur Eðvarðsson > Cc: [email protected] > Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen) > > Hi Kristjan, > > I still haven't found a way to make it work with vlans on the radio > interface. My VLAN config is in the WLAN20native-WPA-RootAP.txt file. > > I did 4 scenarios this evening. > > 1. Simple root ap with repeater ap all on native vlan 1 and bridge-group1. I > attached the 2 configs. Simple-WPA. This is as I see it as vanilla as it > gets. And it works perfectly. > > 2. Same config but the Root AP now has bridge group 20 assigned to the d0 > interface and fas0.20 interface. Fa0.20 is dot1q vlan 20. I have attached the > 2 files. (BridgeG20-d0-WPA). This also works but I did have to reboot the > root-ap as the mac of the laptop client was stuck in bridge 1 mac table. > > 3. The ssid on the root ap now has a VLAN 20 assigned to it and the > bridge-group 20 has been moved to interface d0.20. d0.20 is encap dot1 20 > native. The Repeater AP and the client can associate with the Root AP and get > full IP traffic to VLAN 20. But when the client connects to the Repeater AP > it never gets an IP. The laptop client is simply not seen as a dot11 > association on the root ap. (Config VLAN20native) > > 4. This is the funny part. My saved config from step 2 is now copied into the > startup-config on both AP's and they are reloaded. They come up again and now > it doesn't work. Reload the laptop, try another. Nope just don't work. Start > pinging from the Repeater AP BVI1 to the Default Gateway in VLAN 20, and that > works fine. 30 seconds later the laptop gets an IP. So my note being..... you > need luck... :o) > > /Ralph > > > 2011/1/31 Kristján Ólafur Eðvarðsson <[email protected]>: >> I would be interesting to post your configurations for this. >> I remember having this at Bootcamp and made it work. There is one >> special think I remember. The AP-to-AP communication SSID+VLAN is >> always native. Others are tagged. The thing is that the communication >> goes over the native vlan but the Repeater and Root somehow bridge >> them over and put them on correct VLAN after the traffic is passed between >> the two. >> I don´t have IPX workbook, but I had a similar case in Fastlanes workbook. >> The user had a seperate SSID and repeater had another to communicate >> to Root on the native vlan. >> >> regards. Kristjan >> ------------------------------ >> >> Message: 5 >> Date: Sun, 30 Jan 2011 14:59:24 +0100 >> From: Ralph Olsen <[email protected]> >> To: [email protected] >> Subject: Re: [CCIE Wireless] IPX-WB1 LAB 3.8 - Repeater >> Message-ID: >> <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1 >> >> Conclusion after looking deeper into this. You need luck to make it >> work. :o) >> >> I have tried a lot of different combos and boilded it down to a SSID >> with auth open. When the PC connect directly to the root AP it works >> fine and gets an IP from a different VLAN that bridge-group one (vlan >> 12 in the WB), but when it connects to the Repeater AP it doesn't >> work. When the PC is on the repeater AP the traffic is unidirectional >> only working from the PC -> repeater -> rootap -> Def.gw. Traffic in >> the other direction gets cut off at the rootap. >> >> Can someone else try to make 3.8 work? >> >> /Ralph >> >> 2011/1/28 Ralph Olsen <[email protected]>: >>> Hi Group, >>> >>> I just been looking into lab 3.8 in the IPX-WB1. Radio Roles - Repeater. >>> >>> Most of the things I have done works perfectly, the repeater AP >>> associates with the root AP and I can see that it is using LEAP WPA >>> as I wanted. ?Associated To AP AP1 001a.302e.4850 [LEAP WPA]. >>> >>> But the part I can't get to work is: "Ensure that users would be able >>> to get a DHCP address in the 10.10.12.0/24 subnet. Do not configure >>> DHCP for this." >>> >>> In the DSG VLAN 12 on the AP1-d0 interface have been made native and >>> in my mind that would map it to the d0 interface on AP2. When I >>> connect with a client to AP1, I get the 10.10.12.0/24 DHCP offer >>> right away. When I connect to the AP2 I never get an offer (or see >>> request at the dhcp server). >>> >>> The ADU client associates fine with both AP1 and AP2: Interface >>> Dot11Radio0, Station WL02-LAPTOP 0040.96b1.8207 Associated >>> KEY_MGMT[WPA] >>> >>> Did Jason just become lucky in the DSG or is something missing? >>> >>> /Ralph >>> >> >> >> ------------------------------ >> >> _______________________________________________ >> CCIE_Wireless mailing list >> [email protected] >> http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless >> >> >> End of CCIE_Wireless Digest, Vol 22, Issue 41 >> ********************************************* >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
