dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1430
danielk81
join:2012-12-11
Glencoe, IL

danielk81

Member

[HELP] AiroNet Multi Vlan's, but problems on just one

This is probably a simple problem, but any help would be much appreciate as i have spent lots of time on this issue. Here is the problem:

I created multiple VLANs on a bridge AiroNet access point. That was so I could have multiple SSID's and for the most part it has worked out well. HOWEVER, I cannot communicate with devices on the same VLAN. This boggles my mind, that I can ping a device if it's on a separate SSID/VLAN. but the minute both the devices are on the same SSID/VLAN, they can't communicate with each other.

The reason this seems so odd, but has given me so many problems is that I have configured the device succesful enough that I can communicate across multiple VLAN's problem-free, so why on earth can't I communicate/even just ping when on the same VLAN?

If anyone can offer some suggestions, that would be much appreciated.

Paulg
Displaced Yooper
Premium Member
join:2004-03-15
Neenah, WI

Paulg

Premium Member

Sounds like client isolation is enabled.
danielk81
join:2012-12-11
Glencoe, IL

danielk81

Member

said by Paulg:

Sounds like client isolation is enabled.

Thanks, but that's not it, the only bridge-group commands I have on my vlans are:

bridge-group 1
bridge-group 1 spanning-disabled

I don't have the "port-protected" command anywhere on there.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer to danielk81

Premium Member

to danielk81
That's text book client isolation. Post your full config (minus passwords, etc.) Also, what model AP is it?

(I don't know that I have the same problem... cell phones so rarely try to talk to other cell phones )
danielk81
join:2012-12-11
Glencoe, IL

danielk81

Member

said by cramer:

That's text book client isolation. Post your full config (minus passwords, etc.) Also, what model AP is it?

(I don't know that I have the same problem... cell phones so rarely try to talk to other cell phones )

It's a Model 1130AG...I posted my config in another reply.
danielk81

danielk81

Member

config_4_web.txt
3,715 bytes
AP1130AG_Config
My posts keep disappearing that I'm posting with my config, so I'll try attaching and see if that works.
danielk81

danielk81 to cramer

Member

to cramer
Thanks!

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ifg-ap
!
ip subnet-zero
!
no aaa new-model
dot11 arp-cache optional
power inline negotiation prestandard source
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 XXXXXXXXXXX transmit-key
encryption mode wep mandatory
!
encryption vlan 10 key 1 size 40bit 7 XXXXXXXXXXXX transmit-key
encryption vlan 10 mode wep mandatory
!
encryption vlan 30 key 1 size 40bit 7 XXXXXXXXXXXX transmit-key
encryption vlan 30 mode wep mandatory
!
ssid InfinitiShowroom
vlan 10
authentication open
guest-mode
!
ssid infg_service
vlan 30
authentication open
!
ssid infinitiwifi
vlan 1
!
short-slot-time
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption mode wep mandatory
!
encryption vlan 10 key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption vlan 10 mode wep mandatory
!
encryption vlan 30 key 1 size 40bit 7 xxxxxxxxxxxx transmit-key
encryption vlan 30 mode wep mandatory
!
ssid InfinitiShowroom
vlan 10
authentication open
guest-mode
!
ssid infg_service
vlan 30
authentication open
!
ssid infinitiwifi
vlan 1
!
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
station-role root
no cdp enable
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.3.41 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.3.1
ip http server
no ip http secure-server
ip http help-path »www.cisco.com/warp/publi ··· help/eag
ip radius source-interface BVI1
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
!
danielk81

1 edit

danielk81

Member

Oops, posted config too many times, didn't realize post was waiting for approval and can't find how to delete. Sorry guys.
cramer
Premium Member
join:2007-04-10
Raleigh, NC

cramer to danielk81

Premium Member

to danielk81
Do you really want vlan's 1, 10, and 30 all in the same bridge group?