Q:
cisco access point
Dear all,
network scenario: we have 3 core switches.STP root bridge for vlan 80 and vlan 61 is core 3 switch problem: when traceroute from vlan 50 to vlan 80 I can traceroute to vlan 80 clients but not for vlan 80 default gateway. for vlan 80 default gateway is core 1 192.168.21.252, core2 is 192.168.21.251, core3 192.168.21.253.(No HSRP for vlan 80) for vlan 50 default gateway is core 1 10.10.30.253 core 2 no ip core 3 10.10.30.252 (default gateway for all vlan 61 hosts)(no hsrp) when i trace route to vlan 80 any ip from vlan 50 any ip it shows the route 192.168.21.252. when i trace route to vlan 80 default gateway 192.168.21.253(which is the default gateway for all host in the vlan 80) i could not get traceroute. for all other vlans except vlan 50 there is no problem found. please suggest.
vlan 50 client configuraton "
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! no aaa new-model
! dot11 ssid <Removed) vlan authentication open ! dot11 arp-cache power inline negotiation prestandard source ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 50 XXXX encryption vlan 50 mode ciphers XXX ! ssid <Removed) ! traffic-metrics aggregate-report speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role workgroup-bridge mobile station period 1 threshold 70 antenna receive right antenna transmit right infrastructure-client ! interface Dot11Radio0.50 encapsulation dot1Q 50 native no ip route-cache bridge-group 1 ! interface Dot11Radio1 no ip address no ip route-cache shutdown dfs band 3 block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 channel dfs station-role root no dot11 extension aironet bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache speed 100 full-duplex hold-queue 160 in ! interface FastEthernet0.50 encapsulation dot1Q 50 native no ip route-cache bridge-group 1 ! interface BVI1 ip address 10.10.30.17 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.30.252 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! control-plane ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local ! workgroup-bridge client-vlan 50 end
------------------------ Vlan 80 client configuration
AP1_LT3#show run Building configuration...
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! no ip igmp snooping ip domain name <Removed) ! ! aaa new-model ! ! aaa group server radius rad_eap server XXXX server XXXX ! aaa group server radius rad_mac ! aaa group server radius rad_acct server 192.168.7.20 auth-port 1645 acct-port 1646 server 192.168.7.21 auth-port 1645 acct-port 1646 ! aaa group server radius rad_admin server XXXX server XXXX cache expiry 1 ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default group radius local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login aaa-http-access group rad_admin local aaa authentication enable default group radius enable aaa authorization console aaa authorization exec default group radius local aaa authorization exec aaa-http-access group rad_admin local aaa authorization network default group radius local aaa accounting exec default start-stop group rad_acct aaa accounting network default start-stop group rad_acct aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-id common dot11 activity-timeout client default 100000 dot11 activity-timeout repeater default 100000 dot11 activity-timeout workgroup-bridge default 100000 dot11 activity-timeout bridge default 100000 ! dot11 ssid <Removed) vlan 80 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa cckm infrastructure-ssid optional ! dot11 ssid <Removed) vlan 50 authentication open ! power inline negotiation prestandard source ! crypto pki ......................
! ! crypto ca certificate chain TP-self-signed-<Removed) certificate self-signed 01 <Removed)
quit username <Removed) password 7 <Removed) username <Removed) privilege 15 password 7 <Removed) ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 <Removed) transmit-key encryption mode ciphers wep128 ! encryption vlan 80 mode ciphers tkip ! encryption vlan 50 key 1 size 128bit 7 <Removed) transmit-key encryption vlan 50 mode ciphers wep128 ! ssid <Removed) ! ssid <Removed) ! speed basic-1.0 basic-2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2462 station-role root infrastructure-client ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.50 encapsulation dot1Q 50 no ip route-cache bridge-group 50 bridge-group 50 subscriber-loop-control bridge-group 50 block-unknown-source no bridge-group 50 source-learning no bridge-group 50 unicast-flooding bridge-group 50 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown dfs band 3 block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto hold-queue 160 in ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.50 encapsulation dot1Q 50 no ip route-cache bridge-group 50 no bridge-group 50 source-learning bridge-group 50 spanning-disabled ! interface BVI1 ip address 192.168.21.8 255.255.254.0 no ip route-cache ! ip default-gateway 192.168.21.253 no ip http server ip http authentication aaa login-authentication aaa-http-access ip http authentication aaa exec-authorization aaa-http-access ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! access-list 111 permit tcp any any neq telnet snmp-server view iso iso included snmp-server view dot11view ieee802dot11 included snmp-server community <Removed) view iso RO snmp-server community <Removed) view iso RW tacacs-server host 192.168.7.20 key 7 <Removed) tacacs-server directed-request radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.7.20 auth-port 1645 acct-port 1646 <Removed) radius-server host 192.168.7.21 auth-port 1645 acct-port 1646 <Removed) radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! bridge 1 route ip ! ! wlccp ap username <Removed) password 7 <Removed) ! line con 0 password 7 <Removed) line vty 5 15 ! sntp server 192.168.0.21 sntp broadcast client end
Software/Hardware used:
cisco ap 1242 series
network scenario: we have 3 core switches.STP root bridge for vlan 80 and vlan 61 is core 3 switch problem: when traceroute from vlan 50 to vlan 80 I can traceroute to vlan 80 clients but not for vlan 80 default gateway. for vlan 80 default gateway is core 1 192.168.21.252, core2 is 192.168.21.251, core3 192.168.21.253.(No HSRP for vlan 80) for vlan 50 default gateway is core 1 10.10.30.253 core 2 no ip core 3 10.10.30.252 (default gateway for all vlan 61 hosts)(no hsrp) when i trace route to vlan 80 any ip from vlan 50 any ip it shows the route 192.168.21.252. when i trace route to vlan 80 default gateway 192.168.21.253(which is the default gateway for all host in the vlan 80) i could not get traceroute. for all other vlans except vlan 50 there is no problem found. please suggest.
vlan 50 client configuraton "
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! no aaa new-model
! dot11 ssid <Removed) vlan authentication open ! dot11 arp-cache power inline negotiation prestandard source ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 50 XXXX encryption vlan 50 mode ciphers XXX ! ssid <Removed) ! traffic-metrics aggregate-report speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role workgroup-bridge mobile station period 1 threshold 70 antenna receive right antenna transmit right infrastructure-client ! interface Dot11Radio0.50 encapsulation dot1Q 50 native no ip route-cache bridge-group 1 ! interface Dot11Radio1 no ip address no ip route-cache shutdown dfs band 3 block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 channel dfs station-role root no dot11 extension aironet bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache speed 100 full-duplex hold-queue 160 in ! interface FastEthernet0.50 encapsulation dot1Q 50 native no ip route-cache bridge-group 1 ! interface BVI1 ip address 10.10.30.17 255.255.255.0 no ip route-cache ! ip default-gateway 10.10.30.252 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! control-plane ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local ! workgroup-bridge client-vlan 50 end
------------------------ Vlan 80 client configuration
AP1_LT3#show run Building configuration...
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! no ip igmp snooping ip domain name <Removed) ! ! aaa new-model ! ! aaa group server radius rad_eap server XXXX server XXXX ! aaa group server radius rad_mac ! aaa group server radius rad_acct server 192.168.7.20 auth-port 1645 acct-port 1646 server 192.168.7.21 auth-port 1645 acct-port 1646 ! aaa group server radius rad_admin server XXXX server XXXX cache expiry 1 ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default group radius local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login aaa-http-access group rad_admin local aaa authentication enable default group radius enable aaa authorization console aaa authorization exec default group radius local aaa authorization exec aaa-http-access group rad_admin local aaa authorization network default group radius local aaa accounting exec default start-stop group rad_acct aaa accounting network default start-stop group rad_acct aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-id common dot11 activity-timeout client default 100000 dot11 activity-timeout repeater default 100000 dot11 activity-timeout workgroup-bridge default 100000 dot11 activity-timeout bridge default 100000 ! dot11 ssid <Removed) vlan 80 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa cckm infrastructure-ssid optional ! dot11 ssid <Removed) vlan 50 authentication open ! power inline negotiation prestandard source ! crypto pki ......................
! ! crypto ca certificate chain TP-self-signed-<Removed) certificate self-signed 01 <Removed)
quit username <Removed) password 7 <Removed) username <Removed) privilege 15 password 7 <Removed) ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption key 1 size 128bit 7 <Removed) transmit-key encryption mode ciphers wep128 ! encryption vlan 80 mode ciphers tkip ! encryption vlan 50 key 1 size 128bit 7 <Removed) transmit-key encryption vlan 50 mode ciphers wep128 ! ssid <Removed) ! ssid <Removed) ! speed basic-1.0 basic-2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2462 station-role root infrastructure-client ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.50 encapsulation dot1Q 50 no ip route-cache bridge-group 50 bridge-group 50 subscriber-loop-control bridge-group 50 block-unknown-source no bridge-group 50 source-learning no bridge-group 50 unicast-flooding bridge-group 50 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown dfs band 3 block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto hold-queue 160 in ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.50 encapsulation dot1Q 50 no ip route-cache bridge-group 50 no bridge-group 50 source-learning bridge-group 50 spanning-disabled ! interface BVI1 ip address 192.168.21.8 255.255.254.0 no ip route-cache ! ip default-gateway 192.168.21.253 no ip http server ip http authentication aaa login-authentication aaa-http-access ip http authentication aaa exec-authorization aaa-http-access ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! access-list 111 permit tcp any any neq telnet snmp-server view iso iso included snmp-server view dot11view ieee802dot11 included snmp-server community <Removed) view iso RO snmp-server community <Removed) view iso RW tacacs-server host 192.168.7.20 key 7 <Removed) tacacs-server directed-request radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.7.20 auth-port 1645 acct-port 1646 <Removed) radius-server host 192.168.7.21 auth-port 1645 acct-port 1646 <Removed) radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! bridge 1 route ip ! ! wlccp ap username <Removed) password 7 <Removed) ! line con 0 password 7 <Removed) line vty 5 15 ! sntp server 192.168.0.21 sntp broadcast client end
Software/Hardware used:
cisco ap 1242 series
ASKED:
Oct 9 2009 10:37 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
0
