I found this particularly annoying issue with some new Cisco 1141N Wireless Access Points.
The problem is that you want to use "Bridge-Group 1" for your management of the WAP and you want to assign Bridge-Group 1 to a sub-interface.
The default config looks something like this
interface Dot11Radio0
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0 no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled
No matter what you do, you can not take "bridge-group 1" off of either of these interfaces using the standard "no bridge-group 1 command" as you would expect. I was configuring one Wireless access point and somehow managed to get it off but had made so many changes by the time I'd realised I had resolved it, that I couldn't figure out what I had done to get it off the blasted thing! Always track your changes and observe the results!Eventually I figured it out and found another guy with the same problem.So my Posts from http://packetlife.net/blog/2012/feb/20/aironet-aps-bridge-groups-and-bvi/ :Cameron (guest) commented on Monday, July 16, 2012 at 8:52 p.m. UTCI'm curious as to what hardware this was configured on. I'm trying replicate these steps on my Aironet 1141n but cannot setup the bridge groups the same way. The Dot11Radio0 is in bridge-group 1 by default and cannot be removed. This means when I go to configure Dot11Radio0.10, I cannot add the bridge group 1 like you did in the example. Should I just move to the next bridge group?PACETREE (guest) commented on Monday, October 29, 2012 at 2:05 p.m. UTCI ran into the same problem trying to remove bridge group 1 from my 1141N. You need to add the physical interfaces to another bridge group (i.e. overwrite the bridge group on the physical interfaces) and then you are free to use bridge-group 1 on a subinterface which you will need to do if one of your sub-interfaces is going to be your management interface (and int BVI1 having a IP address in this network)"Next we need to remove initially configured “bridge-group 1” on physical interfaces FastEthernet0 dot11Radio0 and dot11Radio1 because we will use their subinterfaces. We cannot remove “bridge-group 1” directly. It does not allow us to do this. It likes “bridge-group 1” probably because it is necessary to existence of BVI1-interface. But we can assign “bridge-group 2” to interface and then remove it yet. Just look at that: ap-1131.sokol.msk#configure terminal Enter configuration commands, one per line. End with CNTL/Z. ap-1131.sokol.msk(config)#interface FastEthernet0 ap-1131.sokol.msk(config-if)#no bridge-group 1 %command not allowed, cannot remove bridge-group 1 ap-1131.sokol.msk(config-if)#bridge-group 2 ap-1131.sokol.msk(config-if)#no bridge-group 2 Feb 13 19:14:29: %LINK-3-UPDOWN: Interface BVI1, changed state to down Feb 13 19:14:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down ap-1131.sokol.msk(config-if)#do show running-config interface FastEthernet 0 Building configuration...Current configuration : 90 bytes ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto endap-1131.sokol.msk(config-if)#interface dot11Radio0 ap-1131.sokol.msk(config-if)#bridge-group 2 ap-1131.sokol.msk(config-if)#no bridge-group 2 ap-1131.sokol.msk(config-if)#interface dot11Radio1 ap-1131.sokol.msk(config-if)#bridge-group 2 ap-1131.sokol.msk(config-if)#no bridge-group 2 ap-1131.sokol.msk(config-if)#end
For those that have the same issue discussed above but had no luck with the work-around suggested ...I had a similar issue with the newer 2600 series APs, but no matter what I did bridge-group 1 refused to move on to the sub interface. (I could use the work-around on some of our older style APs.) It seems on the newer IOS on the 2600's you need to make sure you configure a native vlan on each of the sub interfaces. When you set a vlan to native it automatically moves bridge-group 1 to that sub-interface. Something along the lines of:
ReplyDelete!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
!
It's the 'native' command that seems to be key to moving the bridge-group...
It's important to understand what the "native" keyword is doing here. It's setting the Native vlan tag for that interface (whether it be physical or sub) so when using VLAN 1 or 1 Native, it would be the same since the native VLAN defaults to VLAN 1 anyway.
ReplyDeleteThere was a piece missing from my work-around -
PACETREE (guest) commented on Wednesday, October 31, 2012 at 8:26 a.m. UTC
I forgot to add that you could not delete bridge-group 2 without having first assigned bridge-group 1 to your sub interface otherwise the 1141N will automatically assign the parent physical interfaces (both Radio and Ethernet) back into bridge-group 1 - Annoying!
So the correct order of events is:
Overwrite bridge-group 1 with another bridge-group number (2 for example) on both the Radio and Ethernet interfaces
Create your sub-interfaces that you wish to use bridge-group 1 on and assign both of these to bridge-group 1
Remove bridge-group 2 (or whatever place holder number you have used) from both parent physical interfaces.
Did you assign bridge-group 1 to your new sub-interface before deleting bridge-group 2 (or similar) ?
This comment has been removed by the author.
ReplyDeleteI don't profess to be an expert in these things (was just sharing in case it pointed others in the right direction), but perhaps I gave a bad example in my attempt to keep things simple. We were actually using a non-native vlan on the sub-interface that we needed in bridge-group 1, so our config was more like:
ReplyDelete!
interface Dot11Radio0.10
encapsulation dot1Q 10 native
bridge-group 1
..
!
On all other cisco APs we've had I've been able to overwrite "bridge-group 1" (on the parent interfaces) with "bridge-group 2", before then configuring "bridge-group 1" on the sub-interface. But when we bought some of the newer 2600 series APs I found it would always throw an error when you tried to overwrite "bridge-group 1" on the parent interface. On these newer routers, if I ran the "encapsulation dot1q 10 native" command on the sub-interface (ie specifying that vlan 10 was the native vlan) it automatically moved "bridge-group 1" to that sub-interface, and off the main interface.
Hi all,
ReplyDeletei configured may AP 1602-E with two vlan 110,400 when i pass to configure subinterfaces interface Dot11Radio0.400, interface GigabitEthernet0.400 : the AP don't take in consédiration bridge-group 400 so it must be between 1- 255 so Please any help
The bridge group number doesn't need to match the VLAN number. The Sub interfaces don't even need to match the VLAN encapsulation number - they are both arbitrary numbers or labels. Use which ever Bridge group number you like and set your encapsulation using "encapsulation dot1Q 400 [native]". It is only the encapsulation number that needs to match your VLAN number. Good Luck!
ReplyDeleteMaking the bridge-group native on the sub-interface works. It moves bridge-group 1 there:
ReplyDeleteinterface GigabitEthernet0
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0.1
encapsulation dot1Q 10 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 20
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface GigabitEthernet0.3
encapsulation dot1Q 30
bridge-group 3
bridge-group 3 spanning-disabled
no bridge-group 3 source-learning
!
interface GigabitEthernet0.4
encapsulation dot1Q 40
bridge-group 4
bridge-group 4 spanning-disabled
no bridge-group 4 source-learning
!
interface GigabitEthernet0.5
encapsulation dot1Q 50
bridge-group 5
bridge-group 5 spanning-disabled
no bridge-group 5 source-learning
!
Cheers,
Matt.