Есть задача настроить бридж на cisco aironet 1300 с возможностью проброса различных vlan'ов. С одним vlan'ом все, как ни странно, работает. Добавляю второй ssid(Bridge3) и нечего. Не могу понять почему вторая сеть не транслируется, судя по анализатору.И не понятна следующая ситуация:
почему когда есть только ssid AP-mobile отображается ip 172.22.0.1, а не BVI1, а пингуется именно BVI1
APB2#sh dot11 associations
802.11 Client Stations on Dot11Radio0:
SSID [AP-mobile] :
MAC Address IP address Device Name Parent Stat e
0023.ea02.15b0 172.22.0.1 11g-bridge ap - Asso c
При добавлении Bridge 3 не пингуется ни BVI1(172.22.0.1), ни BVI20(172.22.2.250)
APB2#sh dot11 associations
802.11 Client Stations on Dot11Radio0:
SSID [Bridge 3] :
MAC Address IP address Device Name Parent State
0023.ea02.15b0 172.22.2.250 11g-bridge ap - Assoc
Вот конфиг:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
logging console errors
enable secret 5 $1$564O$qzHuB2EDAspotgEdA02aF/
!
clock timezone MSK 4
ip subnet-zero
ip domain name Holding
!
!
ip ssh version 2
no aaa new-model
!
dot11 ssid AP-mobile
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 040Aj5D1123423455s
!
dot11 ssid Bridge 3
vlan 20
authentication open
authentication key-management wpa
wpa-psk ascii 7 082B42031417421D12
!
dot11 arp-cache optional
!
crypto pki trustpoint TP-self-signed-3767294530
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3767294530
revocation-check none
rsakeypair TP-self-signed-3767294530
!
!
crypto ca certificate chain TP-self-signed-3767294530
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373637 32393435 3330301E 170D3032 30333031 30303030
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37363732
39343533 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B32C 7B9BD78F 2CCCF91C 8156875C 5B3612F0 EA698E0D 013D08C6 9C9E8018
B57F7C41 9575412B A2F97FE1 4C698401 140FBC59 65B02694 686FBB07 F55684B8
A6CF34F5 2D3D7B51 F4570097 E9340F59 49337373 5077BB88 9C1A3662 B620575A
D6EA3734 C02F39A6 53E620A0 4884ECC9 86337F58 46CE8530 5B93E184 8119CF34
0ED10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14ECD6DB C77DE22E D7D0FB98 F42AB393 90172BE4 F9301D06
03551D0E 04160414 ECD6DBC7 7DE22ED7 D0FB98F4 2AB39390 172BE4F9 300D0609
2A864886 F70D0101 04050003 8181007B 482826D0 AF6E0DD9 75A11C95 5BB86886
9B409A1B 02975554 282B7451 E3E16F6A 95EE12AD 3A3DFF2C 878A085C FD57CB7A
58C6F192 B9CFE055 A9AD95AD 8BC1D422 7453B82C 2F103E8D 51AE5A59 BEB50DFC
0CB7B3B3 A2C75FCF 65223F83 DB699E30 8DFF69D2 3ED856C9 E3FF73D9 995E3428
241589F5 851CCF2B 9FFB4F07 150C31
quit
dot1x credentials Bridge
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 30 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid AP-mobile
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
no power client local
station-role workgroup-bridge
antenna receive right
antenna transmit right
infrastructure-client
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
!
interface BVI1
ip address 172.22.2.252 255.255.255.0
no ip route-cache
!
interface BVI20
ip address 172.22.0.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
password 7 0212D272D151805001
login local
line vty 0 4
password 7 7180F2C2821141D1C0
login local
transport input ssh
line vty 5 15
login
transport input ssh
!
sntp server 172.22.2.10
end
На второй аналогично, кроме:
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
encryption vlan 100 mode ciphers tkip
!
encryption vlan 30 mode ciphers tkip
!
ssid AP-mobile
!
traffic-metrics aggregate-report
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no power client local
station-role root bridge
antenna receive right
antenna transmit right
world-mode dot11d country RU both
infrastructure-client
interface BVI1
ip address 172.22.2.250 255.255.255.0
no ip route-cache
interface BVI20
ip address 172.22.0.1 255.255.255.0
no ip route-cache