Hi everyone, I wonder if you can help me with an issue that I've been tearing my hair out with for a while now. The customer is gettinga little frustrated as am I.
I have a site which already had 13 iAP 105's deployed. 11 of these are in the main building and 2 of which are in a remote building. They currently have a very antiquated and unsecure basic Netgear bridge kit but this is being saturated on the 2.4Ghz range.
I have purchased and installed 2 iAP 134's with external aerials to overcome this issue.
All of the 13 iAP 105 models worked fine and saw one another as one cluster with no issues. All VLAN traffic was appropriately tagged and passed back and forth between the two buildings.
I brought the 2 remote iAP 105's back into the main building as well as the iAP 134's and ensured that they were all upgraded to the same firmware revision.
I then created a secondary wired profile for MESH use and assigned this to port E1
To test I then disconnected all the iAP105's , connected the main site iAP134 using port E0 to become the MESH Portal and connected the far site iAP134 using E1 so it became the MESH Point.
These are both connected on 802.1Q Trunk ports on Cisco switching equipment.
We have the following VLANS:
Vlan1 - default
Vlan10 - Management VLAN for Switching Equipment and Aruba AP's
Vlan 15 - Production VLAN for client use
Vlan 100 - VoIP Phone VLAN
I have configured the cisco trunk ports as Native Vlan 10 but I get the following errors:
• Wired port settings for both E1 and E0 interfaces set to native VLAN10 This resulted in the following errors on the switches:
o 45w2d: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet0/8 VLAN10.
o 45w2d: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/8 on VLAN0001. Inconsistent peer vlan.
o 45w2d: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/8 on VLAN0010. Inconsistent local vlan.
o 45w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed state to down
o 45w2d: %LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed state to down
o 45w2d: %LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed state to up
o 45w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed state to up
• Using a spanning-tree inconsistentports command displays the following:
o Name Interface Inconsistency o -------------------- ------------------------ ------------------
o VLAN0001 GigabitEthernet0/8 Port VLAN ID Mismatch
o VLAN0010 GigabitEthernet0/8 Port VLAN ID Mismatch
o
o Number of inconsistent ports (segments) in the system : 2
However when these vlans are in an inconsistent state VLAN15 (Production network) works perfectly.
Once the switches display the following:
45w2d: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/8 on VLAN0010. Port consistency restored.
45w2d: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/8 on VLAN0001. Port consistency restored.
The production VLAN15 stops responding.
• I also attempted removing the native vlan 10 from the switches but this resulted in the same errors.
• If I then put the native vlan 10 statement back on the switchport on the main building switch then this resulted in a NATIVE VLAN MISMATCH ERROR which would then be subsequently followed by the inconsistent vlan errors as above.
• I tried setting native vlan on the iAP’s to VLAN1 and leaving native vlan as 10 on the switches but this resulted in the same errors
• Last but not least I tried setting native vlan 10 on the E1 port on the iAP’s only and leaving E0 as VLAN1 but this resulted in more of the same
The switches keep displaying the inconsistent errors and then after a period will restore the consistency. This goes round and round and results in the production network dropping off and re-establishing.
What is strange is that from the main building side I can see both the main building iAP and remote iAP in the WebGui and can ping both of the static addresses but I cannot ping the remote switches that are on the same subnet from the main building.
More worringly I cannot even ping the remote iAP’s address from the remote switch which would make me think that this is the point where the VLAN gets mismatched??
Sorry for the lengthy post but as you can probably tell I've been at this for a while now which on the face of it should have a simple solution?
Do I for instance need to set the Management VLAN address on the Uplink Settings page to 10 on all or some of the remote iAP's???
I have attached a simplistic overview of how the network is connected.
Thanks in advance,
Col