Ok, I just tried to configure the whole thing: - authentication open eap + authentication network-eap - radius-server local on root AP - DHCP server on core switch behind AP - infrastructure-client on AP - WGB using dot1x profile to authenticate on root AP - DHCP client configured on WGB BVI1
And all works fine. I added vlans in the WGB to act as a trunk link, and I can ping many clients behind my WGB in different vlans. I'm sure there is a specific command interacting with the infrastructure-client that made your association/authentication fail. Unless the radio was buggy, and when you removed the infrastructure-client command, if forced the radio interface to reset. 2014-02-06 Andre Aubet <[email protected]>: > Jay, > > Can you share your full configuration for the two APs? I just tried myself > to configure a WGB using infrastructure-client on the root AP, but it works > great. > > Andre. > > > 2014-02-06 Jay Killion (jakillio) <[email protected]>: > >> No, I just used "station-role workgroup-bridge" configured. But you >> make a great point, it's good to try the different options together to find >> out what breaks what. >> >> >> From: Jason Boyers <[email protected]> >> Date: Thursday, February 6, 2014 8:19 AM >> To: Jay Killion <[email protected]> >> Cc: Andre Aubet <[email protected]>, "[email protected]" >> <[email protected]> >> >> Subject: Re: [OSL | CCIE_Wireless] Autonomous - Reliability >> >> On the WGB, do you have "station-role workgroup-bridge multicast mode >> client" configured? That is incompatible with the "infrastructure client" >> command on the root side. I found it helpful to go through the different >> combinations ("station-role workgroup-bridge" with and without the various >> multicast mode commands, with and without infrastructure client, and such) >> to ensure how things will and will not work. There are some combinations >> that simply won't pass traffic. >> >> Jason Boyers, CCIE #26024 (Wireless) >> Blog: netboyers.wordpress.com >> >> >> On Thu, Feb 6, 2014 at 8:29 AM, Jay Killion (jakillio) < >> [email protected]> wrote: >> >>> Hey Andre - >>> >>> Yes, the full requirement was, "Ensure that the association reliable. >>> So the AP disassociates clients only many packets are lost. Use the maximum >>> reliable setting for the association to stay up.". Given that the word >>> "reliable" and "reliability" are used 7 times in the CCO WGB documentation >>> and *every single one* of them are in the section on "infrastructure >>> client", I interpreted the requirement as wanting both "packet retries" and >>> "infrastructure client". But anyways... >>> >>> Yes, I was using both "auth open" and "auth eap" for the SSID. The >>> WGB would associate and authenticate every time without any issue, even >>> after rebooting both sides. The instant I removed "infrastructure client" >>> from the root side, without any further changes, the WGB side immediately >>> received DHCP and pings started working. >>> >>> I'm still not sure why it wouldn't work with "infrastructure client", >>> but good to know for the future. >>> >>> >>> From: Andre Aubet <[email protected]> >>> Date: Thursday, February 6, 2014 1:50 AM >>> To: Jay Killion <[email protected]> >>> Subject: Re: [OSL | CCIE_Wireless] Autonomous - Reliability >>> >>> Hi Jay, >>> >>> You really met an interesting behavior here!!! >>> >>> I just read the complete lab requirement, it says: >>> Ensure that the association reliable. So the AP disassociates clients >>> only many packets are lost. Use the maximum reliable setting for the >>> association to stay up. >>> >>> For this, I would have used the packet retries command I think. It >>> allows the client entry to be removed only after a specified number of >>> missed 802.11 packets (maximum being 127 I think). >>> >>> About the infrastructure client, what it actually does: >>> >>> - sends a first time the multicast/broadcast frame, and re-send it >>> in an encapsulated unicast frame to the WGB. It allows the frame to be >>> acknowledged by the WGB. >>> - allows the WGB, which is normally treated as a wireless client, to >>> associate to an infrastructure only AP >>> >>> In your configuration, this is weird the WGB can't get an IP address. >>> You say the association works fine, but the DHCP Discover isn't received by >>> the DHCP server. If it didn't work with a static IP address, I would think >>> something is missing in your configuration. >>> >>> By any chance, were you using the authentication network-eap method to >>> associate, or only authentication open eap. I think network-eap (Cisco >>> proprietary) is a requirement when using an infrastructure mode. >>> >>> Andre. >>> >>> >>> 2014-02-06 Jay Killion (jakillio) <[email protected]>: >>> >>>> Hi all - >>>> >>>> I'm working on WB2 lab 3 and the following requirement was given for >>>> an autonomous WGB, "Ensure that the association is reliable." I thought >>>> the question was looking for me to configure "infrastructure client" on the >>>> root AP since CCO documentation says to do this for "increased >>>> reliability". Turns out that wasn't what the lab was looking for, but it >>>> did bring up an interesting result - no DHCP even though the WGB associated >>>> without any issue. >>>> >>>> The other requirement for this task was to have the WGB receive it's >>>> IP address via DHCP. I couldn't for the life of me figure out why DHCP >>>> wasn't working, as my debugs showed the AP sending them but never getting a >>>> reply (or being seen by the DHCP server). Even if I configured a static IP >>>> address for the BVI, pings still wouldn't work. >>>> >>>> I finally looked at the answer to see what I was missing and noticed >>>> IPX didn't use "infrastructure client" as part of their solution. I >>>> removed that piece and everything immediately started working. I've read >>>> what "infrastructure client" does - reliably deliver multicast and ARP's, >>>> but I don't see why this broke the ping / DHCP from the WGB. >>>> >>>> Any insight? >>>> >>>> Thanks >>>> Jay Killion, CCIE #17873 R/S >>>> >>>> >>>> _______________________________________________ >>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>>> >>>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>>> >>> >>> >>> _______________________________________________ >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>> >>> iPexpert on YouTube: www.youtube.com/ipexpertinc >>> >> >> >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
