Re: [CCIE Wireless] Lab 3 question 3.10

[Phil Priest]

Hi,

 

I also found that the d0.11 interface needed to be added to allow
traffic across bridge group 11.

 

Additionally, for VLAN 12 traffic to traverse the bridge link, d0.12
would be required on each side of the link would it not???

 

Phil

 

From: ccie_wireless-boun...@onlinestudylist.com
[mailto:ccie_wireless-boun...@onlinestudylist.com] On Behalf Of Stalder
Dominic
Sent: 29 January 2011 00:28
To: Ron Marosko; ccie_wireless@onlinestudylist.com
Subject: Re: [CCIE Wireless] Lab 3 question 3.10

 

Hi Ron

Thanks for the answer, but the question is asking for a root - non-root
bridge connection, so the workgroup-bridge client will not help.

> 1. Allow wired users to connect through AAP2 to the same VLAN as users
on SSID Test2

I tested with a trunk on the switch side and this works.

> 2. The AAP2 must also allow users to connect to SSID Test1, with the
traffic passing back to through AAP1:

With the Dot11Radio0.11 configuration on both AAPs, it works as
expected, so I configured it as I already stated and it did what I was
expecting ;-)

interface Dot11Radio0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
!

But maybe Jason can clarify on this.

Regards and have a nice weekend.
Dominic




________________________________

Von: Ron Marosko <rmaro...@gtri.com>
Datum: Fri, 28 Jan 2011 07:54:12 -0700
An: Dominic Stalder <dominic.stal...@clounet.ch>, "
ccie_wireless@onlinestudylist.com" <ccie_wireless@onlinestudylist.com>
Betreff: RE: Lab 3 question 3.10

I'm thinking the line "workgroup-bridge client-vlan 12" may play into
this somewhere?
 
I haven't seen the lab stuff yet, but I'm actually doing a similar
situation here in my house, with a 1242 acting as a WGB, and clients on
the wired net need to be on a different VLAN from native.
 
Snippet:
dot11 vlan-name NetMgt vlan 400
dot11 vlan-name RJR vlan 12
!
dot11 ssid WBR
   vlan 400
   authentication open
   authentication key-management wpa
   infrastructure-ssid
   wpa-psk ascii 7 <yeah you wish>
!
[...]
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 400 mode ciphers aes-ccm
 !
 encryption vlan 12 mode ciphers aes-ccm
 !
 ssid WBR
 !
 station-role workgroup-bridge
!
interface Dot11Radio1.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface Dot11Radio1.400
 encapsulation dot1Q 400 native
 no ip route-cache
 bridge-group 1
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
!
interface FastEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
!
[...]
workgroup-bridge client-vlan 12
end
 
So while my net management traffic happens on VLAN 400 (172.20.1.x/24),
the clients are on VLAN 12 (10.50.53.x/24)... and are fetching DHCP from
upstream server. The switch connected to Fa0 is a dumb netgear 10/100,
so doesn't understand 802.1q. I'm guessing the "workgroup-bridge
client-vlan" is stripping out the 802.1q tag for vlan 12.
 
...Ron
 
 
--
Ron Marosko, Jr.
. . . . . . . . . . . . . . . . . . . . . . . . . . 
CCIE No. 4526 (R/S), CWNA
 
Consulting Network Architect
Advanced Technology Services
Global Technology Resources, Inc.
1108 West Dickinson Blvd, Suite A
Fort Stockton, TX 79735 USA
o: +1 432 336 5600 x110
c: +1 720 233 3147
f: +1 303 865 5888
e: rmaro...@gtri.com <mailto:rmaro...@gtri.com> 
"To know me is to fly with me."
 
Cisco Federal Mobility Partner of the Year and Western Region Partner of
the Year - May 2010 
 
GTRI provides world-class business solutions creatively tailored to the
specific needs of each customer. Client satisfaction is our top
priority, and we measure our success by our customer's ultimate success.

 
 
 

From: ccie_wireless-boun...@onlinestudylist.com [
mailto:ccie_wireless-boun...@onlinestudylist.com] On Behalf Of Stalder
Dominic
Sent: Friday, January 28, 2011 5:09 AM
To: ccie_wireless@onlinestudylist.com
Subject: [CCIE Wireless] Lab 3 question 3.10

Hi there

I have some questions about 3.10:

1. Allow wired users to connect through AAP2 to the same VLAN as users
on SSID Test2

As I understand, the wired clients should get an IP from 10.10.12.0 /24.
But with the following configuration on AAP2, they get an IP from
10.10.210.0 /24:

interface FastEthernet0.110
 encapsulation dot1Q 110 native
 no ip route-cache
 bridge-group 1
!

If they should be in VLAN 12, the Fa 0.12 should be the native VLAN,
shouldn't it? Or would it be a prerequisite, that I have configured a
trunk on the  access switch, connected to AAP2 Fa 0?

2. The AAP2 must also allow users to connect to SSID Test1, with the
traffic passing back to through AAP1:

Also here, the wireless clients connecting to SSID Test1 on AAP2 should
get an IP from 10.10.11.0 /24? But then I would also need the following
on AAP1, not only on AAP2. Otherwise the VLAN 11 is not provided over
the bridge link:

interface Dot11Radio0.11
 encapsulation dot1Q 11
 no ip route-cache
 bridge-group 11
!

Maybe I am wrong, but this is why I ask you guys ;-)

Thanks a lot in advance and best regards
Dominic 

<<image001.gif>>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com