HW INFO:
-RAP-3WNP
-Cisco Switch 3750
STEPS TAKEN:
1. create 2 SSIDs (EMPLOYEE and GUEST)
PROBLEMS:
1. RAP can't ping anywhere
3750 can't ping RAP
but PC connected to EMPLOYEE SSID can go anywhere
because pc can't ping RAP. I can't manage it
?
1. why "show running-config" didn't show its ip but show ip only in "sh ip int"
2. is this problem caused by config in 3750 native vlan?
NOTE:
-if I set 3750 port f2/0/35 native vlan to 40 (RAP ip is 10.0.40.129). I can ping RAP but pc can't get DHCP
-if I set 3750 port f2/0/35 native vlan to 1 (RAP ip is 10.0.40.129). I can't ping RAP but pc can get DHCP
tq
RAP-3WNP:
# sh ip int
Interface IP Address / IP Netmask Admin Protocol
br0 10.0.40.129 / 255.255.255.0 up up
# show run
version 6.4.4.0-4.2.4
virtual-controller-country US
virtual-controller-key f787bd610138808ad3f09ba2cf057551ec1731946730cb98a1
name instant-82:74:1D
terminal-access
clock timezone none 00 00
rf-band all
allow-new-aps
allowed-ap 00:0b:86:82:74:1d
arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode default-access
client-aware
scanning
ip dhcp pool
domain-name ngtrain.com
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
extended-ssid
user guest1 3b1ddfd86a472fa134882c86677673daa13927dd41f29377 portal
mgmt-user admin 14142b96cf0988b96b46526cf0afda2a
wlan access-rule GUEST
index 0
rule any any match any any any permit
wlan access-rule default_wired_port_profile
index 1
rule any any match any any any permit
wlan access-rule wired-instant
index 2
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan access-rule EMPLOYEE
index 3
rule any any match any any any permit
wlan ssid-profile GUEST
enable
index 0
type guest
essid GUEST
opmode opensystem
max-authentication-failures 0
vlan 60
auth-server InternalServer
rf-band all
captive-portal internal
dtim-period 1
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile EMPLOYEE
enable
index 1
type employee
essid EMPLOYEE
wpa-passphrase db13aa3033cfeb4540b145966b7f6a9bc2aed79d1fa409ee
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 40
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan captive-portal
background-color 13421772
banner-color 16750848
banner-text "Welcome to Guest Network"
terms-of-use "This network is not secure, and use is at your own risk"
use-policy "Please read terms and conditions before using Guest Network"
authenticated
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https
blacklist-time 3600
auth-failure-blacklist-time 3600
ids
wireless-containment none
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint
3750:
version 12.2
system mtu routing 1500
vtp domain ngtrain
vtp mode transparent
ip routing
ip name-server 9.9.9.9
ip dhcp excluded-address 10.0.40.1 10.0.40.100
ip dhcp excluded-address 10.0.50.1 10.0.50.100
ip dhcp excluded-address 10.0.60.1 10.0.60.100
ip dhcp excluded-address 10.0.40.201 10.0.40.254
ip dhcp excluded-address 10.0.50.201 10.0.50.254
ip dhcp excluded-address 10.0.60.201 10.0.60.254
!
ip dhcp pool DHCPVLAN50
network 10.0.50.0 255.255.255.0
dns-server 10.0.30.11
default-router 10.0.50.1
!
ip dhcp pool DHCPVLAN60
network 10.0.60.0 255.255.255.0
default-router 10.0.60.1
dns-server 10.0.30.11
!
ip dhcp pool DHCPVLAN40
network 10.0.40.0 255.255.255.0
dns-server 10.0.30.11
default-router 10.0.40.1
archive
path flash:/CONFIG
spanning-tree mode pvst
vlan 10
name WAN
vlan 20
name DMZ
vlan 30
name SERVER
vlan 40
name USER
vlan 50
name VOICE
vlan 60
name GUEST
vlan 100
name MGMT
ip ssh version 2
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50,60,100
switchport mode trunk
switchport nonegotiate
interface Port-channel2
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 1,40,50,60,100
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet2/0/35
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 40,50,60
switchport mode trunk
interface FastEthernet2/0/36
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 40,50,60
switchport mode trunk
interface FastEthernet2/0/37
description 3400
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,50,60,100
switchport mode trunk
switchport nonegotiate
channel-protocol lacp
channel-group 2 mode active
interface FastEthernet2/0/38
description 3400
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,50,60,100
switchport mode trunk
switchport nonegotiate
channel-protocol lacp
channel-group 2 mode active
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
interface Vlan10
description WAN
ip address 10.0.10.211 255.255.255.0
interface Vlan20
description DMZ
ip address 10.0.20.1 255.255.255.0
interface Vlan30
description SERVER
ip address 10.0.30.1 255.255.255.0
interface Vlan40
description USER
ip address 10.0.40.1 255.255.255.0
interface Vlan50
description VOICE
ip address 10.0.50.1 255.255.255.0
interface Vlan60
description GUEST
ip address 10.0.60.1 255.255.255.0
interface Vlan100
description MGMT
ip address 10.0.100.1 255.255.255.0