The thing that makes me wonder there is that the WGB is seeing the same MAC addresses in two different bridge groups. What happens if you configure the following on both APs:
bridge 1 protocol ieee bridge 11 protocol ieee Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] * 2011/6/8 Kristján Ólafur Eðvarðsson <[email protected]> > Hey guys, > > > > 3.9 configs attached. I got this working it seems. > > switches with vlan trunk and native 110 for both AP ports. Seperate > switches. > > Not that is needed on the AAP2 WGB.. > > > > I had one interesting problem. OF course everything didn´t work at once > > but after reloading WGB one time it didn´t work. I tried remove the f0.11 > subinterface > > and paste it back in and that made the phone client on vlan11 switchport > work ! > > strange stuff. I did that becuase show bridge showed only traffic going one > way... > > > > I hope Jason gives me hell and shows me that something is wrong :D > > > > regards. Kristjan > > > > *From:* Jason Boyers [mailto:[email protected]] > *Sent:* 8. júní 2011 16:12 > *To:* Stalder Dominic > > *Cc:* Kristján Ólafur Eðvarðsson; [email protected] > *Subject:* Re: [OSL | CCIE_Wireless] 1. Re: [CCIE Wireless] Autonomous > Mode Configs (Vit) > > > > The use of the "workgroup-bridge client-vlan x" command is an either/or > type of command. In other words, it should only be used if you are not > configuring VLANs and subinterfaces on the WGB. The command itself does > that for you (though you won't see them in the configuration or as actual > subinterfaces when running "show ip int brief." > > > > Because of that, you cannot use the command and have the WGB connect to the > root using one VLAN and have clients connect on another VLAN. The same VLAN > is used for both with the command. > > > > Also, in most cases, WGB doesn't support passing multiple VLANs. There is > an exception listed for the 1100s. > > Jason Boyers - CCIE #26024 (Wireless) > > Technical Instructor - IPexpert, Inc. > Mailto: *[email protected] > * > > 2011/6/8 Stalder Dominic <[email protected]> > > Hi Kristjan / group > > I have almost the same problem with the workgroup-bridge client-vlan > command. In my lab, I would like to have the WGB over VLAN 804 and the > Client in VLAN 800 (attached a primitive diagram), so this is my > configuration: > > Root AP: > > Version 12.4(25d)JA, RELEASE SOFTWARE (fc1) > > dot11 ssid VLAN804 > vlan 804 > authentication open > authentication key-management wpa > guest-mode > wpa-psk ascii 7 00271A1507545A545C > ! > interface Dot11Radio0 > ! > encryption vlan 804 mode ciphers aes-ccm > ! > ssid VLAN804 > ! > packet retries 128 drop-packet > no preamble-short > station-role root > rts threshold 2312 > beacon dtim-period 10 > no dot11 extension aironet > ! > interface Dot11Radio0.800 > encapsulation dot1Q 800 > bridge-group 10 > ! > interface Dot11Radio0.804 > encapsulation dot1Q 804 native > bridge-group 1 > ! > interface FastEthernet0.800 > encapsulation dot1Q 800 > bridge-group 10 > ! > interface FastEthernet0.804 > encapsulation dot1Q 804 native > bridge-group 1 > ! > interface BVI1 > ip address 2.250.30.1 255.255.248.0 > ! > > WGB: > > Version 12.4(25d)JA, RELEASE SOFTWARE (fc1) > > dot11 ssid VLAN804 > vlan 804 > authentication open > authentication key-management wpa > guest-mode > wpa-psk ascii 7 00271A1507545A545C > ! > interface Dot11Radio0 > ! > encryption vlan 804 mode ciphers aes-ccm > ! > ssid VLAN804 > ! > station-role workgroup-bridge > bridge-group 99 > ! > interface Dot11Radio0.800 > encapsulation dot1Q 800 > bridge-group 10 > ! > interface Dot11Radio0.804 > encapsulation dot1Q 804 native > bridge-group 1 > > > ! > interface FastEthernet0 > bridge-group 1 > > ! > interface FastEthernet0.800 > encapsulation dot1Q 800 native > no ip route-cache > bridge-group 10 > ! > interface BVI1 > ip address 2.250.30.2 255.255.248.0 > ! > ip default-gateway 2.250.24.30 > ! > bridge 10 protocol ieee > ! > workgroup-bridge client-vlan 800 > > I can ping from the Router the Root AP and the WGB, but the client can not > ping the Router in anyway. What is wrong with my configuration? > > Thanks a lot in advance and best regards > Dominic > ------------------------------ > > *Von: *Kristján Ólafur E›var›sson <[email protected]> > *Datum: *Tue, 7 Jun 2011 15:21:51 +0000 > *An: *Vit <[email protected]>, Jason Boyers <[email protected]> > *Cc: *"[email protected]" < > [email protected]> > *Betreff: *Re: [OSL | CCIE_Wireless] 1. Re: [CCIE Wireless] Autonomous > Mode Configs (Vit) > > > > Hey Vitaly and group. > > I labbed this up. > > I got work-group bridge to work in „workgroup-bridge client vlan 998“ mode > I started to get the root ap working with the wgb-04 ssid connected to VLAN > 998 > with DHCP server on a switch/router for the 10.10.98.0/24 subnet. > > I´m using 2x 1242‘s in this setup and software version of 12.3.8 JEA3 > > I had one problem at first, this was after enabling infrastructure-client > on the Root. > The WGB got Dhcp address through the bridge-link but no other traffic was > working from the root. > It was fixed after rebooting the Root. Here are the configs on the WGB and > Root. I made some fun > addons to this excercise that you can see in next post :D > ! > Root config: > ! > hostname Root > ! > ! > dot11 ssid wgb-04 > vlan 998 > authentication open > ! > ! > interface Dot11Radio0 > no ip address > no ip route-cache > ! > ssid wgb-04 > ! > speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 > station-role root > infrastructure-client > ! > interface Dot11Radio0.998 > encapsulation dot1Q 998 native > no ip route-cache > bridge-group 1 > bridge-group 1 block-unknown-source > no bridge-group 1 source-learning > no bridge-group 1 unicast-flooding > bridge-group 1 spanning-disabled > ! > ! > interface FastEthernet0 > no ip address > no ip route-cache > duplex auto > speed auto > hold-queue 160 in > ! > interface FastEthernet0.998 > encapsulation dot1Q 998 native > no ip route-cache > bridge-group 1 > no bridge-group 1 source-learning > bridge-group 1 spanning-disabled > ! > interface BVI1 > ip address 10.10.98.5 255.255.255.0 > no ip route-cache > ! > ip default-gateway 10.10.98.1 > ! > bridge 1 route ip > ! > ---------------------------------------------- > WGB config: > ! > hostname WGB > ! > ! > dot11 ssid wgb-04 > authentication open > ! > interface Dot11Radio0 > no ip address > no ip route-cache > ! > ssid wgb-04 > ! > speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 > 48.0 54.0 > station-role workgroup-bridge > bridge-group 1 > bridge-group 1 spanning-disabled > ! > ! > interface FastEthernet0 > bridge-group 1 > bridge-group 1 spanning-disabled > hold-queue 160 in > ! > interface BVI1 > ip address dhcp > no ip route-cache > ! > ip default-gateway 10.10.98.1 > ! > cdp timer 5 > ! > bridge 1 route ip > ! > workgroup-bridge client-vlan 998 > ! > #The bridge gets an IP address from the switch dhcp pool. > #My next test will be using a client on vlan 998 on the WGB connected > switch (WGB in trunk mode) > ! > > > > *From:* Vit [mailto:[email protected] <[email protected]>] > *Sent:* 6. júní 2011 23:14 > *To:* Jason Boyers > *Cc:* Kristján Ólafur Eðvarðsson; [email protected] > *Subject:* Re: [OSL | CCIE_Wireless] 1. Re: [CCIE Wireless] Autonomous > Mode Configs (Vit) > > Thanks Jason, > > > > Yes, I see Root AP (and connected switch) native vlan packets arriving to > the port on a switch connected to WGB and I had to configure native vlan on > this port to match the one on another side.... But no vlan 11 packets are > arriving on the switch connected to WGB... > > > > Kind regards, > > Vitaly > > 2011/6/7 Jason Boyers <[email protected]> > > Just to confirm - using the "workgroup-bridge client-vlan *x*" command > requires the following: > > > > 1) Root AP has a subinterface with the specified VLAN (mapped to the > required SSID) > > 2) If a switch is connected to the WGB, it must use a trunk. The native > VLAN should be the same as the native on the root AP (both wired and > wireless.) Otherwise, STP will detect that it is receiving BPDUs for one > "native" VLAN on a different "native" VLAN and block both. > > > > But, as you said, lab it up :) > > > Jason Boyers - CCIE #26024 (Wireless) > > Technical Instructor - IPexpert, Inc. > Mailto: *[email protected] > > *2011/6/6 Vit <[email protected]> > > > Hey Kristjan, thanks for your response. > > > > Yes, I have a basic config on both root and WGB AAPs, e.g. auth open, ssid > and that's it :) Assigning static address to wired WGB-client didn't help as > well, so it's not DHCP-related issue. I had sub-interfaces configured on the > Root AAP, e.g. d0.11, but I believe they needed, otherwise what's the point > of having 'work clie 11' on the WGB. Could you please share a working > config, I will test if it works with wired WGB-clients and you will practice > speed ;o) > > > > Thank you. > > > > Regards, > > Vitaly > > > 2011/6/6 Kristján Ólafur Eðvarðsson <[email protected]> > Hey Vitaly, > > I tested this out in a lab recently. I reccon that the only command > need for the workgroup-bridge vlan x is needed. This will hide all > other stuff you would normaly do. for example int dot0.11 blablabla. > But with other stuff on the wire I didn´t test it but if the WGB was > working > from wired, I suppose clients on the WGB VLAN should work too. > > I find sometimes in cases with dhcp or other broadcast/multicast issues > the infrastructure-client command on the Root AP helps. After all > it is meant to deliver multicast (and broadcast ?) packets reliably.. > > Putting a static IP of course might help to isolate the problem to > start with and also to simplify security before troubleshooting the > DHCP related issues. I like to add the security stuff as the last step > to see all radio related stuff working first. > > my 5 cents.. > > regards. Kristjan > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 5 Jun 2011 19:57:04 +0100 > From: Vit <[email protected]> > To: [email protected] > Subject: Re: [OSL | CCIE_Wireless] [CCIE Wireless] Autonomous Mode > Configs > > Message-ID: <[email protected] < > mailto:jn_izf-zk7bb43gph3bw%[email protected]<jn_izf-zk7bb43gph3bw%[email protected]>> > > > > > Content-Type: text/plain; charset="iso-8859-1" > > Guys, > > I've got a question regarding the 'workgroup-brdige client-vlan X' command > and Jason's post -> > http://onlinestudylist.com/archives/ccie_wireless/2011-March/002018.html > > Has anyone managed to get WGB with client-vlan working, e.g. wired clients > connected to the WGB are able to get ip address from a DHCP server and ping > the rest of the world through the wireless link between Root and WGB? When > I > create d0.11 subinterface on the WGB, then everything works, once I delete > d0.11 (and reboot the WGB to remove Virtual-Dot11Radio0.11) and apply 'work > clie 11' then wired clients register on the Root AAP but do not get ip > addresses... Yes, I also applied 'bridge 11 proto ieee' to WGB, but no > joy... > > Any help will be much appreciated. > > Regards, > Vitaly > > ----------------------------------------------------------------------------- > > > -- > Regards, > Vit > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com <http://www.ipexpert.com> > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.PlatinumPlacement.com> > > > > ------------------------------ > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
