Re: Problems with VLAN "trunk" between Procurve 2824 and Cisco Aironet 1231

DeltaManagement · ‎07-01-2013

Hi.

I am helping a customer with setting up multiple SSIDs on their wireless APs. I have created two SSIDs which use different VLANs. There is also a third VLAN for management. Everything works fine when connected to a trunk port on a Cisco switch. The customer, however, has HP switches, and I am not getting the trunk port to work there. Do you know if I need to configure anything different on the AP when using an HP switch?

The AP is connected to port 4 on the switch. And ports 1-3 are connected to the different networks (untagged).

AP conf:

Spoiler

hostname wpa-test
!
enable secret xxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
server x.x.x.x auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
!
aaa session-id common
!
!
!
dot11 ssid Personal
vlan 4
authentication open eap eap_methods
authentication key-management wpa
guest-mode
mbssid guest-mode dtim-period 75
!
dot11 ssid Public
vlan 3
authentication open
mbssid guest-mode dtim-period 75
!
dot11 aaa csid ietf
!
!
username Cisco password xxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
no shutdown
no ip address
no ip route-cache
!
encryption vlan 4 mode ciphers tkip
!
encryption mode ciphers tkip
!
ssid Personal
!
ssid Public
!
mbssid
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 12 in
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
!
ip default-gateway x.x.x.x
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxxxxxxxxx
radius-server key xxxxxxxxxxxx
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp wds aaa csid ietf
!
line con 0
line vty 0 4
!
end

hostname wpa-test!enable secret xxxxxx!aaa new-model!!aaa group server radius rad_eapserver x.x.x.x auth-port 1645 acct-port 1646!aaa authentication login eap_methods group rad_eapaaa authorization exec default local!aaa session-id common!!!dot11 ssid Personalvlan 4authentication open eap eap_methodsauthentication key-management wpaguest-modembssid guest-mode dtim-period 75!dot11 ssid Publicvlan 3authentication openmbssid guest-mode dtim-period 75!dot11 aaa csid ietf!!username Cisco password xxxxxxxx!bridge irb!!interface Dot11Radio0no shutdownno ip addressno ip route-cache!encryption vlan 4 mode ciphers tkip!encryption mode ciphers tkip!ssid Personal!ssid Public!mbssidstation-role rootbridge-group 1bridge-group 1 block-unknown-sourceno bridge-group 1 source-learningno bridge-group 1 unicast-floodingbridge-group 1 spanning-disabled!interface Dot11Radio0.4encapsulation dot1Q 4no ip route-cachebridge-group 4bridge-group 4 subscriber-loop-controlbridge-group 4 block-unknown-sourceno bridge-group 4 source-learningno bridge-group 4 unicast-floodingbridge-group 4 spanning-disabled!interface Dot11Radio0.3encapsulation dot1Q 3no ip route-cachebridge-group 3bridge-group 3 subscriber-loop-controlbridge-group 3 block-unknown-sourceno bridge-group 3 source-learningno bridge-group 3 unicast-floodingbridge-group 3 spanning-disabled!interface FastEthernet0no ip addressno ip route-cacheduplex autospeed autobridge-group 1no bridge-group 1 source-learningbridge-group 1 spanning-disabledhold-queue 12 in!interface FastEthernet0.2encapsulation dot1Q 2no ip route-cachebridge-group 1no bridge-group 1 source-learningbridge-group 1 spanning-disabled!interface FastEthernet0.4encapsulation dot1Q 4no ip route-cachebridge-group 4no bridge-group 4 source-learningbridge-group 4 spanning-disabled!interface FastEthernet0.3encapsulation dot1Q 3no ip route-cachebridge-group 3no bridge-group 3 source-learningbridge-group 3 spanning-disabled!interface BVI1ip address x.x.x.x 255.255.255.0no ip route-cache!ip default-gateway x.x.x.xip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagip radius source-interface BVI1radius-server attribute 32 include-in-access-req format %hradius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxxxxxxxxxradius-server key xxxxxxxxxxxxradius-server vsa send accountingbridge 1 route ip!!wlccp wds aaa csid ietf!line con 0line vty 0 4!end

HP switch conf

Spoiler

1# show running-config

Running configuration:

; J4903A Configuration Editor; Created on release #I.10.101

hostname "1"
time timezone 60
time daylight-time-rule Western-Europe

exit
ip default-gateway x.x.x.x
sntp server x.x.x.x
timesync sntp
sntp unicast
snmp-server community "nonono" Unrestricted
snmp-server community "public" Operator Unrestricted
vlan 1
name "DEFAULT_VLAN"
no ip address
no untagged 1-24
exit
vlan 2
name "HK"
untagged 1,5-24
ip address x.x.x.x 255.255.255.0
tagged 4
exit
vlan 3
name "Public"
untagged 2
tagged 4
exit
vlan 4
name "Personal"
untagged 3
tagged 4
exit
spanning-tree
password manager

1# show running-configRunning configuration:; J4903A Configuration Editor; Created on release #I.10.101hostname "1"time timezone 60time daylight-time-rule Western-Europeexitip default-gateway x.x.x.xsntp server x.x.x.xtimesync sntpsntp unicastsnmp-server community "nonono" Unrestrictedsnmp-server community "public" Operator Unrestrictedvlan 1name "DEFAULT_VLAN"no ip addressno untagged 1-24exitvlan 2name "HK"untagged 1,5-24ip address x.x.x.x 255.255.255.0tagged 4exitvlan 3name "Public"untagged 2tagged 4exitvlan 4name "Personal"untagged 3tagged 4exitspanning-treepassword manager

DeltaManagement · ‎07-01-2013

It seems to work after I changed the management VLAN from tagged to untagged.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Problems with VLAN "trunk" between Procurve 2824 and Cisco Aironet 1231

Problems with VLAN "trunk" between Procurve 2824 and Cisco Aironet 1231

Re: Problems with VLAN "trunk" between Procurve 2824 and Cisco Aironet 1231