I just testet it on my setup. Everything works perfectly. Thx again Kristjan. :o)
/Ralph 2011/2/2 Kristján Ólafur Eðvarðsson <[email protected]>: > update. > > Still works on 12.3.8 after downgrade. > > RootAP#sh ver > Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.3(8)JEA3, > RELEASE SOFTWARE (fc2) > > Case A) both ACU client and repater joined to "BOB" infrastructure SSID: > > RootAP#sh dot11 ass > > 802.11 Client Stations on Dot11Radio0: > > SSID [BOB] : > > MAC Address IP address Device Name Parent > State > 0040.96a6.ec4f 192.168.1.3 Rptr-client DELLVARA e05f.b9e5.a02e > Assoc > e05f.b9e5.a02e 192.168.1.15 ap1240-Rptr RepeaterAP self > Assoc > > RootAP#ping 192.168.1.15 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.1.15, timeout is 2 seconds: > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1002 ms > > RootAP#sh bridge > > Total of 300 station blocks, 296 free > Codes: P - permanent, S - self > > Bridge Group 1: > > Address Action Interface Age RX count TX count > e05f.b9e5.a02e forward Do0.20 P 12 7 > 0040.96a6.ec4f forward Vi0.20 P 86 2 > Bridge Group 150: > > Case B) Client goes to SSID "client" on repeater: > > *Mar 1 00:03:06.682: %DOT11-6-DISASSOC: Interface Dot11Radio0, > Deauthenticating Station 0040.96a6.ec4f > RootAP# > *Mar 1 00:03:10.397: %DOT11-6-ADD: Interface Dot11Radio0, Station > 0040.96a6.ec4f Associated to Parent e05f.b9e5.a02e > > RootAP#sh bridge > > Total of 300 station blocks, 296 free > Codes: P - permanent, S - self > > Bridge Group 1: > > Address Action Interface Age RX count TX count > e05f.b9e5.a02e forward Do0.20 P 12 7 > Bridge Group 150: > > 0040.96a6.ec4f forward Vi0.150 P 39 7 > > RootAP#sh dot11 as > > 802.11 Client Stations on Dot11Radio0: > > SSID [BOB] : > > MAC Address IP address Device Name Parent > State > 0040.96a6.ec4f 192.168.20.2 Rptr-client DELLVARA e05f.b9e5.a02e > Assoc > e05f.b9e5.a02e 192.168.1.15 ap1240-Rptr RepeaterAP self > Assoc > > Case c) try telnet from Root to Repeater and do show commands: > > RootAP#192.168.1.15 > Trying 192.168.1.15 ... Open > > RepeaterAP#sh dot11 ass > > 802.11 Client Stations on Dot11Radio0: > > SSID [BOB] : > > MAC Address IP address Device Name Parent > State > 003a.9969.2c20 192.168.1.14 ap1240-Parent RootAP - > Assoc > > SSID [client] : > > MAC Address IP address Device Name Parent > State > 0040.96a6.ec4f 192.168.20.2 CB21AG/PI21AG DELLVARA self > Assoc > > RepeaterAP#sh bridge > > Total of 300 station blocks, 297 free > Codes: P - permanent, S - self > > Bridge Group 1: > > Bridge Group 150: > > Address Action Interface Age RX count TX count > 0040.96a6.ec4f forward Do0.150 P 50 8 > RepeaterAP# > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen > Sent: 1. febrúar 2011 22:21 > To: Kristján Ólafur Eðvarðsson > Cc: [email protected] > Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen) > > Hi Kristian, > > Thank you for looking so deep into this. I'm gonna try your configs > tomorrow or in the weekend. But there are 2 things that comes into > mind. > > The configuration guide "Guidelines for Repeaters" point 4 says: > "Repeater access points support only the native VLAN. You cannot > configure multiple VLANs on a repeater access point.". !??! (Still > this is for 12.3(8) which is in the Lab, I can see you are running a > 12.4 code) > > And the IPX WB1 Lab 3.8 solves this in a different way, one SSID (not > on bridge-group1). Did Jason use 12.3 or 12.4 code? > > Anyone how can comment on this issue? Join the battle Wireless Genies :o) > > > /Ralph > > > > > > 2011/2/1 Kristján Ólafur Eðvarðsson <[email protected]>: >> OK Ralph, here are my findings. >> >> nr.2 I don´t like to put the whole radio interface in a bridge group. I >> usually try to go for the subinterfaces and bridge together. This gives you >> more flexibility >> But did you have a excersise that instructed this or was this just something >> you made up ? At least I understand that this worked. >> >> nr.3 I first tried your configuration unchanged. It didn´t work any better >> than in your case. Something bugged me with native vlan 20 between the Aps. >> BVI interface always goes with bridge group 1 and always sends untagged >> packets over the wire. This doesn´t mean that you have to have your root on >> VLAN 1. It can be put on any VLAN with different switchport trunk native >> vlan on the switchport. But this is of course managment traffic. In my >> example that native vlan on my switches is 20. However I was able to make >> this work with VLAN 20 as native on both Aps and the client worked over >> VLAN150. However I could not do pings between the BVI interfaces of Root and >> Repeater, but bridging of the 150 vlan was working fine. But I added an exra >> SSID with VLAN for the clients. I am not sure how to make it work with the >> native in bridge group 20. >> >> nr.4 I am without a clue :) But I have noticed when I configure EAP-fast >> with root+WGB it takes about 10-15 sek to work if I don´t shut/no shut the >> radio interfaces. >> But yours is wpa-psk so it should be even simpler. >> >> But back to 3: >> >> So after this I took a look at my workbook and saw that the example used >> vlan1 as the infrastructure vlan. So I wonder if that is mandatory. When I >> changed >> my configuration for vlan 1 and bridge-group 1 between the Aps I could ping >> each other. So from what I understand is repeater infrastructure SSID always >> has to be native (also for bridges with multiple vlans) and extra vlans >> (ssids+vlans for clients for example) will be tagged at the repeater and the >> native vlan will be used for >> the Aps to communicate IAPP messages e.t.c for those extra SSIDs. >> >> So if you like the Repeater to be on some special vlan, it has to go with >> the Root AP. Aswell will the client in a single ssid setup. Even though you >> use vlan1 >> between the Aps you can decide in your network what your native vlan trunk >> will do. So you can set them in vlan 20 or whatever. >> >> My configuration files are attached. A little explanation: Root 1 is with >> infrastructure ssid BOB in vlan1 (this is only between them) and bridge >> group 1 - client can connect there too if they don´t mind the infrastructure >> SSId setting. My ACU worked at least from the repeater. I created another >> VLAN 150 and SSID client that trunks vlan 150 out to the wired network. A L3 >> switch has vlan 20 and vlan 150 with corresponding ip dhcp pools. >> >> The Repeater has actually the same configuration exept for the station role >> repeater. I created the fastethernet subinterfaces aswell. I decided to >> follow >> my earlier configuration cause it worked last time. It might not make make >> since the repeter ethernet interface is always down. But you can try to do >> without them, it would be interesting to see if that worked too. I didn´t >> bother to change subinterfaces names so don´t get confused ;) >> >> So Jason or any Autonomous Rainman, any comments or rectifications ? :-) >> >> regards. Kristjan >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen >> Sent: 31. janúar 2011 20:36 >> To: Kristján Ólafur Eðvarðsson >> Cc: [email protected] >> Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen) >> >> Hi Kristjan, >> >> I still haven't found a way to make it work with vlans on the radio >> interface. My VLAN config is in the WLAN20native-WPA-RootAP.txt file. >> >> I did 4 scenarios this evening. >> >> 1. Simple root ap with repeater ap all on native vlan 1 and bridge-group1. I >> attached the 2 configs. Simple-WPA. This is as I see it as vanilla as it >> gets. And it works perfectly. >> >> 2. Same config but the Root AP now has bridge group 20 assigned to the d0 >> interface and fas0.20 interface. Fa0.20 is dot1q vlan 20. I have attached >> the 2 files. (BridgeG20-d0-WPA). This also works but I did have to reboot >> the root-ap as the mac of the laptop client was stuck in bridge 1 mac table. >> >> 3. The ssid on the root ap now has a VLAN 20 assigned to it and the >> bridge-group 20 has been moved to interface d0.20. d0.20 is encap dot1 20 >> native. The Repeater AP and the client can associate with the Root AP and >> get full IP traffic to VLAN 20. But when the client connects to the Repeater >> AP it never gets an IP. The laptop client is simply not seen as a dot11 >> association on the root ap. (Config VLAN20native) >> >> 4. This is the funny part. My saved config from step 2 is now copied into >> the startup-config on both AP's and they are reloaded. They come up again >> and now it doesn't work. Reload the laptop, try another. Nope just don't >> work. Start pinging from the Repeater AP BVI1 to the Default Gateway in VLAN >> 20, and that works fine. 30 seconds later the laptop gets an IP. So my note >> being..... you need luck... :o) >> >> /Ralph >> >> >> 2011/1/31 Kristján Ólafur Eðvarðsson <[email protected]>: >>> I would be interesting to post your configurations for this. >>> I remember having this at Bootcamp and made it work. There is one >>> special think I remember. The AP-to-AP communication SSID+VLAN is >>> always native. Others are tagged. The thing is that the communication >>> goes over the native vlan but the Repeater and Root somehow bridge >>> them over and put them on correct VLAN after the traffic is passed between >>> the two. >>> I don´t have IPX workbook, but I had a similar case in Fastlanes workbook. >>> The user had a seperate SSID and repeater had another to communicate >>> to Root on the native vlan. >>> >>> regards. Kristjan >>> ------------------------------ >>> >>> Message: 5 >>> Date: Sun, 30 Jan 2011 14:59:24 +0100 >>> From: Ralph Olsen <[email protected]> >>> To: [email protected] >>> Subject: Re: [CCIE Wireless] IPX-WB1 LAB 3.8 - Repeater >>> Message-ID: >>> <[email protected]> >>> Content-Type: text/plain; charset=ISO-8859-1 >>> >>> Conclusion after looking deeper into this. You need luck to make it >>> work. :o) >>> >>> I have tried a lot of different combos and boilded it down to a SSID >>> with auth open. When the PC connect directly to the root AP it works >>> fine and gets an IP from a different VLAN that bridge-group one (vlan >>> 12 in the WB), but when it connects to the Repeater AP it doesn't >>> work. When the PC is on the repeater AP the traffic is unidirectional >>> only working from the PC -> repeater -> rootap -> Def.gw. Traffic in >>> the other direction gets cut off at the rootap. >>> >>> Can someone else try to make 3.8 work? >>> >>> /Ralph >>> >>> 2011/1/28 Ralph Olsen <[email protected]>: >>>> Hi Group, >>>> >>>> I just been looking into lab 3.8 in the IPX-WB1. Radio Roles - Repeater. >>>> >>>> Most of the things I have done works perfectly, the repeater AP >>>> associates with the root AP and I can see that it is using LEAP WPA >>>> as I wanted. ?Associated To AP AP1 001a.302e.4850 [LEAP WPA]. >>>> >>>> But the part I can't get to work is: "Ensure that users would be able >>>> to get a DHCP address in the 10.10.12.0/24 subnet. Do not configure >>>> DHCP for this." >>>> >>>> In the DSG VLAN 12 on the AP1-d0 interface have been made native and >>>> in my mind that would map it to the d0 interface on AP2. When I >>>> connect with a client to AP1, I get the 10.10.12.0/24 DHCP offer >>>> right away. When I connect to the AP2 I never get an offer (or see >>>> request at the dhcp server). >>>> >>>> The ADU client associates fine with both AP1 and AP2: Interface >>>> Dot11Radio0, Station WL02-LAPTOP 0040.96b1.8207 Associated >>>> KEY_MGMT[WPA] >>>> >>>> Did Jason just become lucky in the DSG or is something missing? >>>> >>>> /Ralph >>>> >>> >>> >>> ------------------------------ >>> >>> _______________________________________________ >>> CCIE_Wireless mailing list >>> [email protected] >>> http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless >>> >>> >>> End of CCIE_Wireless Digest, Vol 22, Issue 41 >>> ********************************************* >>> >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
