That's..... Interesting.
I've got vlan 1 on my HP Procurves marked as 'default_vlan'. I will have to look at this tomorrow. Thanks for the help so far. Kurt On Sat, Jan 15, 2011 at 15:39, Glen Johnson <[email protected]> wrote: > Kurt. > Just looked over my config and couldn't see why mine worked. > Found this on Cisco.com. > http://preview.tinyurl.com/6jongm > Section titled Significance of native vlan. > > The BVI1 interface maps to the native sub interface on the ethernet trunk. > I think the config I sent you is wrong, but for yours to work you need to set > the native vlan on both the switch and wap to vlan 99 if that is your > management vlan. > Pain in the back side to remember that but it does work. > Glen. > ________________________________________ > From: Kurt Buff [[email protected]] > Sent: Saturday, January 15, 2011 3:41 PM > To: NT System Admin Issues > Subject: Re: Cisco 1240AG config problem > > You are correct, I don't want the clients to ping the WAP - I'm trying > to remove the 15.31 address, and use the 99.121 address, but once I do > that, I can't reach the WAP any more, in any way, until I pull power > from it. (I'm not saving the running-config, just so I can do that!) > > That's why the mangement vlan 99 isn't configured on the radio side, > only on the Ethernet side. > > I surely wouldn't mind a look at that config, though. > > Kurt > > On Sat, Jan 15, 2011 at 12:25, Glen Johnson <[email protected]> wrote: >> I don't think you "want" the wireless clients to ping the wap. They should >> be able to ping hosts on the same vlan as the SSID they are on. >> When we were using fat waps, the only ip address the wap had was on the >> management interface. For security, no wireless clients could get to that >> IP. >> Have since switched to a wireless lan controller and life is much simpler, >> but if you need more help, let me know as I should have a copy of the config >> that I'll be glad to share. >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Saturday, January 15, 2011 2:42 PM >> To: NT System Admin Issues >> Subject: Re: Cisco 1240AG config problem >> >> On Sat, Jan 15, 2011 at 10:41, Michael B. Smith <[email protected]> >> wrote: >>> It's been a really really long time for me, but shouldn't the "ip >>> default-gateway" be an IP address on the BVI1 subnet? >> >> That seems to help somewhat. >> >> I updated as shown below, with the following results: >> - Another WAP on the same PoE switch as the WAP I'm configuring (all >> WAPs are on the 115 vlan but on different switches) can ping and telnet to >> 15.31 and to 15.1 and 99.1, but not to 99.121 - 15.1 and >> 99.1 are the addresses of the layer 3 switch. >> >> - A laptop wirelessly associated with 15.31 can ping the router address >> on the 99 and 115 vlans, but not WAP's addresses of 99.121and 15.31. The >> laptop gets 'destination host unreachable for the 99 address of the WAP, and >> alternating sequences of that and 'reply timed out' for the 15 address of >> the WAP (I've got four 'ping -t' prompts running on the laptop.) >> >> - No longer see on the WAP >> "% Unrecognized host or address, or protocol not running." >> when trying to ping from this WAP, nor the log errors >> " %IP_SNMP-3-SOCKET: can't open UDP socket" >> " Unable to open socket on port 161" >> >> - The WAP can ping itself on both addresses, and can ping the gateway on >> the 115 vlan (15.1), but not the gateway on the 99 vlan >> (99.1.) >> >> I also tried the config below except that I removed the 15.31 address from >> it entirely, and while the laptop remained associated and had the same >> access, I lost contact with the WAP, and the 99.121 address didn't come >> alive. >> >> Kurt >> >> ----------Begin updated conf snippet---------- interface FastEthernet0.99 >> encapsulation dot1Q 99 no ip route-cache bridge-group 99 no bridge-group >> 99 source-learning bridge-group 99 spanning-disabled ! >> interface FastEthernet0.115 >> encapsulation dot1Q 115 >> ip address 192.168.15.31 255.255.255.0 >> no ip route-cache >> bridge-group 115 >> no bridge-group 115 source-learning >> bridge-group 115 spanning-disabled >> ! >> interface BVI1 >> ip address 192.168.99.121 255.255.255.0 no ip route-cache ! >> ip default-gateway 192.168.99.1 >> ----------End updated conf snippet---------- >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
