HI Jason, Great. I was beginning to wonder if it is an ios bug. Anyways, I scoured through the netpro forum for this issue and some links within explicitly mention that the native vlans for the root for the radio, ethernet and switch interface must all match. In this case, for the lab question from lab 3, in order for the repeater scenario to work along with management of the Aps, the BVI address may have to change to the subnet assigned to the native vlan. However it is still possible to continue using vlan 110 as the bv1 address as long as f0.110 stays with enc dot1q 110 (without native) and bridge group 1 configured. But having the bvi not belonging to the native vlan is pretty "untidy" imo.
btw, for lab 9, am I right to say that the proctor labs do not have cat6 with wisms? There is also no WLA to try on? Thanks. Alvin From: Jason Boyers <[email protected]> Date: Wed, 30 Mar 2011 11:08:12 -0400 To: Alvin Boey <[email protected]> Cc: <[email protected]> Subject: Re: [CCIE Wireless] Autonomous Mode Configs I see one thing that I need to change in the root configuration for the repeater. The native VLAN needs to be the same on the radio configurations and on the Ethernet interface. In other words, if VLAN 20 is native on the radio side (both on the root and the repeater,) then VLAN 20 has to be native on the Ethernet side as well (on the root - the switch can technically be different.) The root config would be changed to: int f0.20 encap dot1q 20 native The bridge-group on both the root and the repeater can be 20 for this, or whichever one you want. It you have the same native VLAN throughout, and you still cannot get a DHCP address, try saving the configs and rebooting :) Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: [email protected] On Mon, Mar 28, 2011 at 8:16 PM, <[email protected]> wrote: > Hi Jason, > > I've tried with various permutation of the repeater configuration with regards > to the bridge no assignment as well as the encapsulation dot1q native command > on both the dot11 and fa interface. From your lecture i understand that the > bridge group is used to link up the dot interface with the fa interface so i > think i'm not confused with the enc dot1q no and the bridge group no. > > With much effort, I can never get your configuration to work. The wireless > client when registered to the repeater will not be able to get ip add from the > dhcp. This is when the repeater is assigned a vlan in dot11 ssid and the vlan > gets dot1q native on the radio interface (necessary for infr ssid and repeater > mode) with the corresponding bridge group no. To test the link between the > repeater and the root, i changed the repeater's int d0.15 to bridge-group 1 > and edited the ip add of int bv1 to the same subnet as the configured vlan. I > can ping from the repeater to the LAN behind the root. I configured a static > ip on the client (since no dhcp assigned address) and pinged the LAN behind > the root, but it doesn't go through. I pinged the repeater bvi address from > the wireless client and it went through. I can ping the repeater from CAT2. I > can even see the arp of the wireless client in CAT2, but it just won't ping > through. > > The only time when i managed to get everything working is when everything > (both root and repeater) is on native vlan, bridge group 1. > very weird. > > Alvin > > > Quoting Jason Boyers <[email protected]>: > >> As part of my last vLecture, I said that I would send configs for the >> Repeater using a different bridge-group than BG 1, WGB using the >> workgroup-bridge client-vlan x command, and WGB connecting to a non-native >> VLAN. Note the use of the "bridge 20 protocol ieee" on the WGB, as well as >> the "spanning-tree bpdufilter enable" command on the switch attaced to the >> WGB. The WGB using the client-vlan command would not function without >> them. And, the WGB connected to the non-native VLAN requires that the >> "bridge 20 protocol ieee" command be applied to the root AP. Otherwise, the >> corresponding VLAN (whichever VLAN that bridge group is associated with on >> the Ethernet side) will go into a blocking state due to "self-looped." That >> means that the switchport sees the same BPDU that it sent for the VLAN being >> received on the same port. Hope these help clear up some confusion. >> >> Jason Boyers - CCIE #26024 (Wireless) >> Technical Instructor - IPexpert, Inc. >> Mailto: *[email protected] >> * >> >> REPEATER USING BG 20 >> ROOT AP >> dot11 ssid test >> vlan 20 >> auth open >> ! >> int dot 0 >> ssid test >> station-role root >> ! >> int d0.20 >> encap dot 20 native >> bridge-group 20 >> ! >> int f0.20 >> encap dot 20 >> bridge-group 20 >> >> REPEATER >> int d0.20 >> encap dot 20 native >> bridge-group 20 >> ! >> int f0.20 >> encap dot 20 >> bridge-group 20 >> ! >> dot11 ssid test >> auth open >> infrastructure-ssid >> ! >> int dot 0 >> ssid test >> station-role repeater >> >> WGB with Client-VLAN >> ROOT AP >> dot11 ssid test >> vlan 20 >> auth open >> ! >> int dot 0 >> ssid test >> station-role root >> ! >> int d0.20 >> encap dot 20 >> bridge-group 20 >> ! >> int f0.20 >> encap dot 20 >> bridge-group 20 >> >> WGB CLIENT >> dot11 ssid test >> auth open >> ! >> int dot 0 >> ssid test >> station-role workgroup-bridge >> ! >> bridge 20 protocol ieee >> ! >> workgroup-bridge client-vlan 20 >> >> WG SWITCH >> int f0/2 >> sw host >> sw access vlan 20 >> spanning-tree bpdufilter enable >> >> >> WGB TO NON-NATIVE VLAN >> ROOT AP >> dot11 ssid test >> vlan 20 >> auth open >> ! >> int dot 0 >> ssid test >> station-role root >> ! >> int d0.20 >> encap dot 20 >> bridge-group 20 >> ! >> int f0.20 >> encap dot 20 >> bridge-group 20 >> ! >> bridge 20 protocol ieee >> >> WGB CLIENT >> dot11 ssid test >> auth open >> ! >> int dot 0 >> ssid test >> station-role workgroup-bridge >> ! >> >> WG SWITCH >> int f0/2 >> sw host >> sw access vlan 20 >> spanning-tree bpdufilter enable >> > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
