update.
Still works on 12.3.8 after downgrade.
RootAP#sh ver
Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.3(8)JEA3, RELEASE
SOFTWARE (fc2)
Case A) both ACU client and repater joined to "BOB" infrastructure SSID:
RootAP#sh dot11 ass
802.11 Client Stations on Dot11Radio0:
SSID [BOB] :
MAC Address IP address Device Name Parent
State
0040.96a6.ec4f 192.168.1.3 Rptr-client DELLVARA e05f.b9e5.a02e
Assoc
e05f.b9e5.a02e 192.168.1.15 ap1240-Rptr RepeaterAP self
Assoc
RootAP#ping 192.168.1.15
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.15, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1002 ms
RootAP#sh bridge
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self
Bridge Group 1:
Address Action Interface Age RX count TX count
e05f.b9e5.a02e forward Do0.20 P 12 7
0040.96a6.ec4f forward Vi0.20 P 86 2
Bridge Group 150:
Case B) Client goes to SSID "client" on repeater:
*Mar 1 00:03:06.682: %DOT11-6-DISASSOC: Interface Dot11Radio0,
Deauthenticating Station 0040.96a6.ec4f
RootAP#
*Mar 1 00:03:10.397: %DOT11-6-ADD: Interface Dot11Radio0, Station
0040.96a6.ec4f Associated to Parent e05f.b9e5.a02e
RootAP#sh bridge
Total of 300 station blocks, 296 free
Codes: P - permanent, S - self
Bridge Group 1:
Address Action Interface Age RX count TX count
e05f.b9e5.a02e forward Do0.20 P 12 7
Bridge Group 150:
0040.96a6.ec4f forward Vi0.150 P 39 7
RootAP#sh dot11 as
802.11 Client Stations on Dot11Radio0:
SSID [BOB] :
MAC Address IP address Device Name Parent
State
0040.96a6.ec4f 192.168.20.2 Rptr-client DELLVARA e05f.b9e5.a02e
Assoc
e05f.b9e5.a02e 192.168.1.15 ap1240-Rptr RepeaterAP self
Assoc
Case c) try telnet from Root to Repeater and do show commands:
RootAP#192.168.1.15
Trying 192.168.1.15 ... Open
RepeaterAP#sh dot11 ass
802.11 Client Stations on Dot11Radio0:
SSID [BOB] :
MAC Address IP address Device Name Parent
State
003a.9969.2c20 192.168.1.14 ap1240-Parent RootAP -
Assoc
SSID [client] :
MAC Address IP address Device Name Parent
State
0040.96a6.ec4f 192.168.20.2 CB21AG/PI21AG DELLVARA self
Assoc
RepeaterAP#sh bridge
Total of 300 station blocks, 297 free
Codes: P - permanent, S - self
Bridge Group 1:
Bridge Group 150:
Address Action Interface Age RX count TX count
0040.96a6.ec4f forward Do0.150 P 50 8
RepeaterAP#
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen
Sent: 1. febrúar 2011 22:21
To: Kristján Ólafur Eðvarðsson
Cc: [email protected]
Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen)
Hi Kristian,
Thank you for looking so deep into this. I'm gonna try your configs
tomorrow or in the weekend. But there are 2 things that comes into
mind.
The configuration guide "Guidelines for Repeaters" point 4 says:
"Repeater access points support only the native VLAN. You cannot
configure multiple VLANs on a repeater access point.". !??! (Still
this is for 12.3(8) which is in the Lab, I can see you are running a
12.4 code)
And the IPX WB1 Lab 3.8 solves this in a different way, one SSID (not
on bridge-group1). Did Jason use 12.3 or 12.4 code?
Anyone how can comment on this issue? Join the battle Wireless Genies :o)
/Ralph
2011/2/1 Kristján Ólafur Eðvarðsson <[email protected]>:
> OK Ralph, here are my findings.
>
> nr.2 I don´t like to put the whole radio interface in a bridge group. I
> usually try to go for the subinterfaces and bridge together. This gives you
> more flexibility
> But did you have a excersise that instructed this or was this just something
> you made up ? At least I understand that this worked.
>
> nr.3 I first tried your configuration unchanged. It didn´t work any better
> than in your case. Something bugged me with native vlan 20 between the Aps.
> BVI interface always goes with bridge group 1 and always sends untagged
> packets over the wire. This doesn´t mean that you have to have your root on
> VLAN 1. It can be put on any VLAN with different switchport trunk native vlan
> on the switchport. But this is of course managment traffic. In my example
> that native vlan on my switches is 20. However I was able to make this work
> with VLAN 20 as native on both Aps and the client worked over VLAN150.
> However I could not do pings between the BVI interfaces of Root and Repeater,
> but bridging of the 150 vlan was working fine. But I added an exra SSID with
> VLAN for the clients. I am not sure how to make it work with the native in
> bridge group 20.
>
> nr.4 I am without a clue :) But I have noticed when I configure EAP-fast with
> root+WGB it takes about 10-15 sek to work if I don´t shut/no shut the radio
> interfaces.
> But yours is wpa-psk so it should be even simpler.
>
> But back to 3:
>
> So after this I took a look at my workbook and saw that the example used
> vlan1 as the infrastructure vlan. So I wonder if that is mandatory. When I
> changed
> my configuration for vlan 1 and bridge-group 1 between the Aps I could ping
> each other. So from what I understand is repeater infrastructure SSID always
> has to be native (also for bridges with multiple vlans) and extra vlans
> (ssids+vlans for clients for example) will be tagged at the repeater and the
> native vlan will be used for
> the Aps to communicate IAPP messages e.t.c for those extra SSIDs.
>
> So if you like the Repeater to be on some special vlan, it has to go with the
> Root AP. Aswell will the client in a single ssid setup. Even though you use
> vlan1
> between the Aps you can decide in your network what your native vlan trunk
> will do. So you can set them in vlan 20 or whatever.
>
> My configuration files are attached. A little explanation: Root 1 is with
> infrastructure ssid BOB in vlan1 (this is only between them) and bridge group
> 1 - client can connect there too if they don´t mind the infrastructure SSId
> setting. My ACU worked at least from the repeater. I created another VLAN 150
> and SSID client that trunks vlan 150 out to the wired network. A L3 switch
> has vlan 20 and vlan 150 with corresponding ip dhcp pools.
>
> The Repeater has actually the same configuration exept for the station role
> repeater. I created the fastethernet subinterfaces aswell. I decided to follow
> my earlier configuration cause it worked last time. It might not make make
> since the repeter ethernet interface is always down. But you can try to do
> without them, it would be interesting to see if that worked too. I didn´t
> bother to change subinterfaces names so don´t get confused ;)
>
> So Jason or any Autonomous Rainman, any comments or rectifications ? :-)
>
> regards. Kristjan
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen
> Sent: 31. janúar 2011 20:36
> To: Kristján Ólafur Eðvarðsson
> Cc: [email protected]
> Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen)
>
> Hi Kristjan,
>
> I still haven't found a way to make it work with vlans on the radio
> interface. My VLAN config is in the WLAN20native-WPA-RootAP.txt file.
>
> I did 4 scenarios this evening.
>
> 1. Simple root ap with repeater ap all on native vlan 1 and bridge-group1. I
> attached the 2 configs. Simple-WPA. This is as I see it as vanilla as it
> gets. And it works perfectly.
>
> 2. Same config but the Root AP now has bridge group 20 assigned to the d0
> interface and fas0.20 interface. Fa0.20 is dot1q vlan 20. I have attached the
> 2 files. (BridgeG20-d0-WPA). This also works but I did have to reboot the
> root-ap as the mac of the laptop client was stuck in bridge 1 mac table.
>
> 3. The ssid on the root ap now has a VLAN 20 assigned to it and the
> bridge-group 20 has been moved to interface d0.20. d0.20 is encap dot1 20
> native. The Repeater AP and the client can associate with the Root AP and get
> full IP traffic to VLAN 20. But when the client connects to the Repeater AP
> it never gets an IP. The laptop client is simply not seen as a dot11
> association on the root ap. (Config VLAN20native)
>
> 4. This is the funny part. My saved config from step 2 is now copied into the
> startup-config on both AP's and they are reloaded. They come up again and now
> it doesn't work. Reload the laptop, try another. Nope just don't work. Start
> pinging from the Repeater AP BVI1 to the Default Gateway in VLAN 20, and that
> works fine. 30 seconds later the laptop gets an IP. So my note being..... you
> need luck... :o)
>
> /Ralph
>
>
> 2011/1/31 Kristján Ólafur Eðvarðsson <[email protected]>:
>> I would be interesting to post your configurations for this.
>> I remember having this at Bootcamp and made it work. There is one
>> special think I remember. The AP-to-AP communication SSID+VLAN is
>> always native. Others are tagged. The thing is that the communication
>> goes over the native vlan but the Repeater and Root somehow bridge
>> them over and put them on correct VLAN after the traffic is passed between
>> the two.
>> I don´t have IPX workbook, but I had a similar case in Fastlanes workbook.
>> The user had a seperate SSID and repeater had another to communicate
>> to Root on the native vlan.
>>
>> regards. Kristjan
>> ------------------------------
>>
>> Message: 5
>> Date: Sun, 30 Jan 2011 14:59:24 +0100
>> From: Ralph Olsen <[email protected]>
>> To: [email protected]
>> Subject: Re: [CCIE Wireless] IPX-WB1 LAB 3.8 - Repeater
>> Message-ID:
>> <[email protected]>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Conclusion after looking deeper into this. You need luck to make it
>> work. :o)
>>
>> I have tried a lot of different combos and boilded it down to a SSID
>> with auth open. When the PC connect directly to the root AP it works
>> fine and gets an IP from a different VLAN that bridge-group one (vlan
>> 12 in the WB), but when it connects to the Repeater AP it doesn't
>> work. When the PC is on the repeater AP the traffic is unidirectional
>> only working from the PC -> repeater -> rootap -> Def.gw. Traffic in
>> the other direction gets cut off at the rootap.
>>
>> Can someone else try to make 3.8 work?
>>
>> /Ralph
>>
>> 2011/1/28 Ralph Olsen <[email protected]>:
>>> Hi Group,
>>>
>>> I just been looking into lab 3.8 in the IPX-WB1. Radio Roles - Repeater.
>>>
>>> Most of the things I have done works perfectly, the repeater AP
>>> associates with the root AP and I can see that it is using LEAP WPA
>>> as I wanted. ?Associated To AP AP1 001a.302e.4850 [LEAP WPA].
>>>
>>> But the part I can't get to work is: "Ensure that users would be able
>>> to get a DHCP address in the 10.10.12.0/24 subnet. Do not configure
>>> DHCP for this."
>>>
>>> In the DSG VLAN 12 on the AP1-d0 interface have been made native and
>>> in my mind that would map it to the d0 interface on AP2. When I
>>> connect with a client to AP1, I get the 10.10.12.0/24 DHCP offer
>>> right away. When I connect to the AP2 I never get an offer (or see
>>> request at the dhcp server).
>>>
>>> The ADU client associates fine with both AP1 and AP2: Interface
>>> Dot11Radio0, Station WL02-LAPTOP 0040.96b1.8207 Associated
>>> KEY_MGMT[WPA]
>>>
>>> Did Jason just become lucky in the DSG or is something missing?
>>>
>>> /Ralph
>>>
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> CCIE_Wireless mailing list
>> [email protected]
>> http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless
>>
>>
>> End of CCIE_Wireless Digest, Vol 22, Issue 41
>> *********************************************
>>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
