| [HELP] AiroNet Multi Vlan's, but problems on just one This is probably a simple problem, but any help would be much appreciate as i have spent lots of time on this issue. Here is the problem:
I created multiple VLANs on a bridge AiroNet access point. That was so I could have multiple SSID's and for the most part it has worked out well. HOWEVER, I cannot communicate with devices on the same VLAN. This boggles my mind, that I can ping a device if it's on a separate SSID/VLAN. but the minute both the devices are on the same SSID/VLAN, they can't communicate with each other.
The reason this seems so odd, but has given me so many problems is that I have configured the device succesful enough that I can communicate across multiple VLAN's problem-free, so why on earth can't I communicate/even just ping when on the same VLAN?
If anyone can offer some suggestions, that would be much appreciated. |
|
|
|
 PaulgDisplaced YooperPremium
join:2004-03-15
Neenah, WI
kudos:1 | Sounds like client isolation is enabled. |
|
| said by Paulg:Sounds like client isolation is enabled.
Thanks, but that's not it, the only bridge-group commands I have on my vlans are:
bridge-group 1
bridge-group 1 spanning-disabled
I don't have the "port-protected" command anywhere on there. |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | reply to danielk81
That's text book client isolation. Post your full config (minus passwords, etc.) Also, what model AP is it?
(I don't know that I have the same problem... cell phones so rarely try to talk to other cell phones  ) |
|
| said by cramer:That's text book client isolation. Post your full config (minus passwords, etc.) Also, what model AP is it?
(I don't know that I have the same problem... cell phones so rarely try to talk to other cell phones )
It's a Model 1130AG...I posted my config in another reply. |
|
| My posts keep disappearing that I'm posting with my config, so I'll try attaching and see if that works. |
|
| reply to cramer
Thanks!
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ifg-ap
!
ip subnet-zero
!
no aaa new-model
dot11 arp-cache optional
power inline negotiation prestandard source
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 XXXXXXXXXXX transmit-key
encryption mode wep mandatory
!
encryption vlan 10 key 1 size 40bit 7 XXXXXXXXXXXX transmit-key
encryption vlan 10 mode wep mandatory
!
encryption vlan 30 key 1 size 40bit 7 XXXXXXXXXXXX transmit-key
encryption vlan 30 mode wep mandatory
!
ssid InfinitiShowroom
vlan 10
authentication open
guest-mode
!
ssid infg_service
vlan 30
authentication open
!
ssid infinitiwifi
vlan 1
!
short-slot-time
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption mode wep mandatory
!
encryption vlan 10 key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption vlan 10 mode wep mandatory
!
encryption vlan 30 key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption vlan 30 mode wep mandatory
!
ssid InfinitiShowroom
vlan 10
authentication open
guest-mode
!
ssid infg_service
vlan 30
authentication open
!
ssid infinitiwifi
vlan 1
!
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.3.41 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.3.1
ip http server
no ip http secure-server
ip http help-path »www.cisco.com/warp/public/779/sm···help/eag
ip radius source-interface BVI1
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
! |
|
1 edit | reply to danielk81
Oops, posted config too many times, didn't realize post was waiting for approval and can't find how to delete. Sorry guys. |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | reply to danielk81
Do you really want vlan's 1, 10, and 30 all in the same bridge group? |
|
