我从昨晚到早上都在为这个问题绞尽脑汁......幸运的是,它还没有进入生产环境。
我进行过多次搜索,并得到了有关 Cisco AP 和多个 SSID 的相同答复,我想我已经尝试了所有可能的方法,但显然我没有。
在这个环境中,有一个Cisco 3550作为核心路由器。
有问题的 AP 是 AIR-LAP1142N-A-K9,已配置为自主模式(此设施没有 wifi 管理器),并且位于 Cisco 2960 POE 交换机上。
**2950 POE Switchport config for applicable ports**:
interface GigabitEthernet1/0/12
description WiFi
switchport access vlan 101
switchport trunk native vlan 11
switchport trunk allowed vlan 11,102,228,700
switchport mode trunk
end
interface GigabitEthernet1/0/28
description LINK TO CORE
switchport trunk allowed vlan 10,11,101-106,228,700,1002-1005
switchport mode trunk
end
**Cisco 3550 Switchport config for applicable port:**
interface GigabitEthernet0/9
description Link to 2960-MB-POE
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,11,101-106,228,700,1002-1005
switchport mode trunk
end
所有其他 VLAN 均按设计/预期运行。VLAN 700 是访客 wifi,它从 3550 获取 DHCP。所有其他 VLAN(除相关 VLAN 外)都从 MS Server 2008 获取 DHCP
从 AP,我可以在 VLAN 上 ping 核心路由器 IP (192.168.228.1),因此中继正在运行。我还可以一直 ping 到 MS 2008 DHCP 服务器,因此中继一直到服务器都运行正常
我可以与 AP 关联(运行“sho dot11 associations”命令时可以在 AP 中看到我的 MAC 地址),如果我将 IP 地址设置为静态 IP 地址,sho dot11 associations 命令将显示我的 IP 地址
我可以与 AP 关联并获取 VLAN 102 的 IP 地址
我无法获取 VLAN 228 的 IP 地址
我已尝试将转发器设置为与所有其他 VLAN 相同(从服务器获取 DHCP),但这也不起作用,因此我将其保留为核心的 DHCP。
cisco 3550 上的 VLAN 设置如下
interface Vlan102
description VLAN102
ip address 192.168.102.1 255.255.255.0
ip helper-address 192.168.9.98
ip helper-address 192.168.9.103
ip helper-address 192.168.9.85
no ip redirects
no ip unreachables
no ip proxy-arp
interface Vlan228
desciption VLAN228
ip address 192.168.228.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
For testing, DHCP is set up as this (on core 3550)
ip dhcp pool vlan228
network 192.168.228.0 255.255.255.0
default-router 192.168.228.1
dns-server 8.8.8.8 8.8.4.4
lease 0 8
根据以上所有内容,对我来说,这意味着我的 AP 配置有问题。我最好的猜测是它与子接口或桥接组有关。如果不是这样,那么可能是 3550 上的路由,但根据我的经验,这是我第一次必须告诉核心路由器在其上创建的 vlan。任何帮助都将不胜感激。
--------BEGIN AP CONFIGURATION----------
Current configuration : 4949 bytes
!
! Last configuration change at 09:58:29 GMT-0 Wed Jul 23 2014
! NVRAM config last updated at 09:56:11 GMT-0 Wed Jul 23 2014
! NVRAM config last updated at 09:56:11 GMT-0 Wed Jul 23 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP12345
!
!
logging rate-limit console 9
no logging console
enable secret 5 passwordhasbeenremoved
!
no aaa new-model
clock timezone GMT -0 0
clock summer-time GMT-0 recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip cef
ip domain name myorganization.com
ip name-server 192.168.x.x
ip name-server 192.168.x.x
!
!
!
!
dot11 mbssid
dot11 syslog
dot11 vlan-name VLANNAME1 vlan 102
dot11 vlan-name VLANNAME2 vlan 228
dot11 vlan-name MANAGEMENT vlan 11
!
dot11 ssid SSID1
vlan 102
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 passwordhasbeenremoved
!
dot11 ssid SSID2
vlan 228
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 passwordhasbeenremoved
!
!
dot11 guest
!
!
!
username user1 privilege 15 secret 5 passwordremoved
username user2 privilege 15 secret 5 passwordremoved
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 102 mode ciphers aes-ccm
!
encryption vlan 228 mode ciphers aes-ccm
!
ssid SSID1
!
ssid SSID2
!
antenna gain 0
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 8
channel 2412
station-role root
infrastructure-client
!
interface Dot11Radio0.11
encapsulation dot1Q 11 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.102
encapsulation dot1Q 102
no ip route-cache
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 spanning-disabled
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
!
interface Dot11Radio0.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 102 mode ciphers aes-ccm
!
encryption vlan 228 mode ciphers aes-ccm
!
ssid SSID1
!
ssid SSID2
!
antenna gain 0
peakdetect
no dfs band block
channel 5745
station-role root
!
interface Dot11Radio1.11
encapsulation dot1Q 11 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.102
encapsulation dot1Q 102
no ip route-cache
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 spanning-disabled
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
!
interface Dot11Radio1.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 11
bridge-group 11 spanning-disabled
no bridge-group 11 source-learning
!
interface GigabitEthernet0.102
encapsulation dot1Q 102
no ip route-cache
no cdp enable
bridge-group 102
bridge-group 102 spanning-disabled
no bridge-group 102 source-learning
!
interface GigabitEthernet0.228
encapsulation dot1Q 228
no ip route-cache
no cdp enable
bridge-group 228
bridge-group 228 spanning-disabled
no bridge-group 228 source-learning
!
interface BVI1
ip address 192.168.9.133 255.255.255.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip default-gateway 192.168.9.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
privilege level 15
line vty 0 4
login local
transport input ssh
line vty 5 15
login
transport input ssh
!
sntp server 165.193.126.229
sntp server 216.171.112.36
sntp server 206.246.122.250
end
------------------END AP CONFIGURATION---------------
答案1
我忘记在 POE 交换机上设置正确的 vlan...有关详细信息,请参阅上一条评论。这个问题解决了,我觉得自己很愚蠢。