07-16-2013 08:02 AM
Hi everyone, I wonder if you can help me with an issue that I've been tearing my hair out with for a while now. The customer is gettinga little frustrated as am I.
I have a site which already had 13 iAP 105's deployed. 11 of these are in the main building and 2 of which are in a remote building. They currently have a very antiquated and unsecure basic Netgear bridge kit but this is being saturated on the 2.4Ghz range.
I have purchased and installed 2 iAP 134's with external aerials to overcome this issue.
All of the 13 iAP 105 models worked fine and saw one another as one cluster with no issues. All VLAN traffic was appropriately tagged and passed back and forth between the two buildings.
I brought the 2 remote iAP 105's back into the main building as well as the iAP 134's and ensured that they were all upgraded to the same firmware revision.
I then created a secondary wired profile for MESH use and assigned this to port E1
To test I then disconnected all the iAP105's , connected the main site iAP134 using port E0 to become the MESH Portal and connected the far site iAP134 using E1 so it became the MESH Point.
These are both connected on 802.1Q Trunk ports on Cisco switching equipment.
We have the following VLANS:
Vlan1 - default
Vlan10 - Management VLAN for Switching Equipment and Aruba AP's
Vlan 15 - Production VLAN for client use
Vlan 100 - VoIP Phone VLAN
I have configured the cisco trunk ports as Native Vlan 10 but I get the following errors:
• Wired port settings for both E1 and E0 interfaces set to native VLAN10 This resulted in the following errors on the switches:
o 45w2d: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet0/8 VLAN10.
o 45w2d: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/8 on VLAN0001. Inconsistent peer vlan.
o 45w2d: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/8 on VLAN0010. Inconsistent local vlan.
o 45w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed state to down
o 45w2d: %LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed state to down
o 45w2d: %LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed state to up
o 45w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed state to up
• Using a spanning-tree inconsistentports command displays the following:
o Name Interface Inconsistency o -------------------- ------------------------ ------------------
o VLAN0001 GigabitEthernet0/8 Port VLAN ID Mismatch
o VLAN0010 GigabitEthernet0/8 Port VLAN ID Mismatch
o Number of inconsistent ports (segments) in the system : 2
However when these vlans are in an inconsistent state VLAN15 (Production network) works perfectly.
Once the switches display the following:
45w2d: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/8 on VLAN0010. Port consistency restored.
45w2d: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/8 on VLAN0001. Port consistency restored.
The production VLAN15 stops responding.
• I also attempted removing the native vlan 10 from the switches but this resulted in the same errors.
• If I then put the native vlan 10 statement back on the switchport on the main building switch then this resulted in a NATIVE VLAN MISMATCH ERROR which would then be subsequently followed by the inconsistent vlan errors as above.
• I tried setting native vlan on the iAP’s to VLAN1 and leaving native vlan as 10 on the switches but this resulted in the same errors
• Last but not least I tried setting native vlan 10 on the E1 port on the iAP’s only and leaving E0 as VLAN1 but this resulted in more of the same
The switches keep displaying the inconsistent errors and then after a period will restore the consistency. This goes round and round and results in the production network dropping off and re-establishing.
What is strange is that from the main building side I can see both the main building iAP and remote iAP in the WebGui and can ping both of the static addresses but I cannot ping the remote switches that are on the same subnet from the main building.
More worringly I cannot even ping the remote iAP’s address from the remote switch which would make me think that this is the point where the VLAN gets mismatched??
Sorry for the lengthy post but as you can probably tell I've been at this for a while now which on the face of it should have a simple solution?
Do I for instance need to set the Management VLAN address on the Uplink Settings page to 10 on all or some of the remote iAP's???
I have attached a simplistic overview of how the network is connected.
Thanks in advance,
07-16-2013 08:21 AM
Did we tried enabling BPDU filter on Gi 0/8 to see if that helps ? . Find below link states more info for similar issue.
07-17-2013 02:39 AM
Thanks for the swift reply. I've not attempted that yet to be honest. My difficulty is that this particular site is a school and they are currently closed for the holidays so I have to arrange access every time I want to attempt something.
Other than enabling BPDU Filtering on the remote side switchport do you have any other methods you can think of so that I am armed with as many things to try as possible when I do arrange to go on site?
Thanks once again,
07-17-2013 03:09 AM
Also when all of the iAP 105's are enabled the main building cluster does not detect the remote side iAP 105's even though these are functioning correctly.
Will I have to configure the Management Vlan on each individual iAP in order for them all to be seen as part of one cluster?
07-17-2013 08:06 AM
May I know the code version running on the IAP ? You dont need to configure management VLAN on each individual IAP to part of one cluster as the VC master should be accessible by VC IP address configured.
07-18-2013 05:48 AM
I am running 18.104.22.168-22.214.171.124_36559 on both the iAP105's and 134's although obvisouly the different variants for the different models.
It may well be that I can't see all of the iAP's as one cluster as the management IP adddreses for the iAP's are on VLAN10 which is one of the vlans that is being mismatched?
07-18-2013 01:48 PM
Your current target requirement of below set up is not supported as of now and to achieve this; we may need to purchase MST 200.
AP1 (Portal) --- mesh link --- AP2 (point) --- wired ---- AP3
Kindly get in touch with your Aruba Sales and account to discuss the topology and its limitations.