Cisco 1602E interfejsy reset

[pavkoo]

Witam, zakupilismy AP 1602E z 3 antenami z rocznym wsparciem i rocznym smartnetem.

NIgdy nie konfigurowalem ap-ka cisco, poczytalem troszke na grupie i mniej wiecej stworzylem konfig, na podstawie paru postów z sekcji wireless. AP zasilany jest z jakiegos Gigabit Injector Model PSE-1000D. Nie wiem czy to nie jest problemem ale interfejsy sa w stanie reset - caly czas.

Kod: Zaznacz cały

apek#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       192.168.250.254 YES NVRAM  up                    up      
Dot11Radio0                unassigned      YES NVRAM  reset                 down    
Dot11Radio0.7              unassigned      YES unset  reset                 down    
Dot11Radio0.40             unassigned      YES unset  reset                 down    
Dot11Radio0.50             unassigned      YES unset  reset                 down    
Dot11Radio0.60             unassigned      YES unset  reset                 down    
Dot11Radio1                unassigned      YES NVRAM  reset                 down    
Dot11Radio1.7              unassigned      YES unset  reset                 down    
GigabitEthernet0           unassigned      YES NVRAM  up                    up      
GigabitEthernet0.7         unassigned      YES unset  up                    up      
GigabitEthernet0.40        unassigned      YES unset  up                    up      
GigabitEthernet0.50        unassigned      YES unset  up                    up      
GigabitEthernet0.60        unassigned      YES unset  up                    up      
apek#
apek#
apek#sh run
Building configuration...

Current configuration : 9344 bytes
!
! Last configuration change at 10:26:29 Warsaw Wed Mar 3 1993 by pavkoo
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname apek
!
!
logging rate-limit console 9
enable secret 5 XXX
!
aaa new-model
!
!
aaa authentication login default local group tacacs+
aaa authorization exec default local group tacacs+ 
aaa authorization network default local group tacacs+ 
!
!         
!
!
!
aaa session-id common
clock timezone Warsaw 1 0
clock summer-time Warsaw recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip routing
no ip cef
ip domain name edu.pl
ip name-server 194.204.152.34
ip name-server 8.8.8.8
ip name-server 77.223.243.28
ip name-server 194.204.159.1
ip name-server 4.2.2.2
!
!
!
dot11 syslog
dot11 vlan-name admin vlan 100
dot11 vlan-name dyrekcja vlan 40
dot11 vlan-name nauczyciele vlan 50
dot11 vlan-name pedagodzy vlan 60
!         
dot11 ssid belfry
   vlan 50
   authentication open 
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   infrastructure-ssid optional
   wpa-psk ascii 7 XXX
!
dot11 ssid dyrekcja
   vlan 40
   authentication open 
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   infrastructure-ssid optional
   wpa-psk ascii 7 XXX
!
dot11 ssid mastah
   vlan 100
   authentication client username pavko password 7 XXX
   mbssid guest-mode
!
dot11 ssid pedagodzy
   vlan 60
   authentication open 
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   infrastructure-ssid optional
   wpa-psk ascii 7 XXX
!
!
dot11 ids mfp distributor
dot11 ids mfp detector
dot11 ids mfp generator
power inline negotiation injector 0015.62e8.208c
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3009887632
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3009887632
 revocation-check none
 rsakeypair TP-self-signed-3009887632
!         
!
crypto pki certificate chain TP-self-signed-3009887632
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33303039 38383736 3332301E 170D3933 30333031 30303034 
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30303938 
  38373633 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100AC5E 3E202E0F 895E0150 1DE640CE E3A8430A 75D3A79A 03461444 D3F6DA26 
  B445AB38 D93E782B 0D39FBCE 0B719C41 731D4898 D9D4C5F6 5CE5BF7F 165D9D8D 
  F8EDF1DF 570F8DCA 65BF8D22 5EFB47A8 64FA56DA DB27173C 8107B057 C511CB42 
  E81BE148 6DB69219 2957D582 5BE9E8EA F4170204 14578C3D 3407CDB1 24BA1354 
  7D750203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 148C008F 9E700D0F AD5255CA 9D89D9C8 6B577372 0B301D06 
  03551D0E 04160414 8C008F9E 700D0FAD 5255CA9D 89D9C86B 5773720B 300D0609 
  2A864886 F70D0101 05050003 8181005C 7BB9D41B 2637DBA4 63C8AB4B E1C42C98 
  7F5E8A5C 2AA3A82E 9BDBF707 64277FB3 A7836327 12473B49 EF8C5595 B2F77B05 
  929961BC CCB1F503 22A675AC 49806CDF B726234C 71B3212A 44C6F873 2F1DF98F 
  B29C8F0F DBD36433 239E9FC2 2D1D6310 BB2C90CB CB3855DA E0489C27 5422F1FB 
  E0D1F7EF 16FC2418 57BFA1AD 12035D
  	quit
username Cisco password 7 XXX
username pavkoo privilege 15 secret 5 XXX
!
!
ip ftp username ciskacz
ip ftp password 7 XXX
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8642 rotary 1
ip ssh logging events
ip ssh version 2
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 antenna gain 0
 mbssid
 station-role root
!         
interface Dot11Radio0.7
 encapsulation dot1Q 7 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.40
 encapsulation dot1Q 40
 no ip route-cache
 bridge-group 40
 bridge-group 40 subscriber-loop-control
 bridge-group 40 spanning-disabled
 bridge-group 40 block-unknown-source
 no bridge-group 40 source-learning
 no bridge-group 40 unicast-flooding
!
interface Dot11Radio0.50
 encapsulation dot1Q 50
 no ip route-cache
 bridge-group 50
 bridge-group 50 subscriber-loop-control
 bridge-group 50 spanning-disabled
 bridge-group 50 block-unknown-source
 no bridge-group 50 source-learning
 no bridge-group 50 unicast-flooding
!
interface Dot11Radio0.60
 encapsulation dot1Q 60
 no ip route-cache
 bridge-group 60
 bridge-group 60 subscriber-loop-control
 bridge-group 60 spanning-disabled
 bridge-group 60 block-unknown-source
 no bridge-group 60 source-learning
 no bridge-group 60 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 100 mode ciphers aes-ccm 
 !        
 encryption mode ciphers aes-ccm 
 !
 ssid mastah
 !
 antenna gain 0
 no dfs band block
 mbssid
 channel dfs
 station-role root
!
interface Dot11Radio1.7
 encapsulation dot1Q 7 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.7
 encapsulation dot1Q 7 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.40
 encapsulation dot1Q 40
 no ip route-cache
 bridge-group 40
 bridge-group 40 spanning-disabled
 no bridge-group 40 source-learning
!
interface GigabitEthernet0.50
 encapsulation dot1Q 50
 no ip route-cache
 bridge-group 50
 bridge-group 50 spanning-disabled
 no bridge-group 50 source-learning
!
interface GigabitEthernet0.60
 encapsulation dot1Q 60
 no ip route-cache
 bridge-group 60
 bridge-group 60 spanning-disabled
 no bridge-group 60 source-learning
!
interface BVI1
 ip address 192.168.250.254 255.255.255.0   **(ip zarzadzajace dla vlan 250 nie wiem czy nie powinno byc dla int gi0.250)**
 no ip route-cache
!
ip default-gateway 192.168.250.1
ip forward-protocol nd
ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
logging trap debugging
logging facility local6
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.2.6.2 public 
tacacs-server host 10.2.6.2
tacacs-server key 7 XX
!
bridge 1 route ip
!
!
banner login ^C
--=========================================================--
bzzz
--=========================================================--
^C
banner motd ^C

--=========================================================--
bzzz
--=========================================================--

^C
!
line con 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 privilege level 15
 logging synchronous
 transport input ssh
 transport output all
 flowcontrol software out
!
end

LOGI

Kod: Zaznacz cały

*Mar  1 00:00:19.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:20.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:00:20.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:00:36.827: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_CURRENT_PORT inline power source
*Mar  1 00:00:37.827: %DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio0 not started.
*Mar  1 00:00:38.827: %DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio1 not started.

Http mnie przerazilo i nie chce konfigurowac tego via www.

Kod: Zaznacz cały

apek#sh inv
NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
PID: AIR-SAP1602E-E-K9 , VID: V01, SN: FGL1801X3E0

[maroszka]

Kod: Zaznacz cały

*Mar  1 00:00:37.827: %DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio0 not started.
*Mar  1 00:00:38.827: %DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio1 not started.

Zdefiniowałeś SSID ale ich nie przybiłeś do interface'ów radiowych, jedynie "mastah" który z kolei nie ma odpowiadającego mu subinterface'u (typ uwierzytelniania też pod znakiem zapytania) i na moje oko, dlatego się nie podnoszą.

[Seba]

Dokładnie jak kolega maroszka napisał, są pewne luki w konfiguracji.
Wzornik jak powiązać SSID z interfejsami, etc TUTAJ

[pavkoo]

wyskakuje mi cos takiego jak probuje dodac do dot11radio 0

Kod: Zaznacz cały

ssid belfry
Dot11Radio0: SSID belfry must be configured as native-vlan before enabling infrastructure-ssid

[maroszka]

Kod: Zaznacz cały

Dot11Radio0: SSID belfry must be configured as native-vlan before enabling infrastructure-ssid

Zdaje się prawidłowo, skoro u Ciebie natywnym jest VLAN 7. Poza tym czy infrastructure-ssid to na pewno funkcjonalność, którą chcesz uruchomić?

[pavkoo]

Kod: Zaznacz cały

Dot11Radio0: SSID belfry must be configured as native-vlan before enabling infrastructure-ssid

Zdaje się prawidłowo, skoro u Ciebie natywnym jest VLAN 7. Poza tym czy infrastructure-ssid to na pewno funkcjonalność, którą chcesz uruchomić?

Nie wiem nie znam sie na tym chcialem skonfiguowac ap-ka dopasowujac do struktury. A robilem to po raz pierwszy. Z tym ze taki punkt a vlan z adresacja *.250.X jest zarzadzajacy , tez nie wiem czy moze byc wpisany w BVI1 czy w gi0.250.
Zalozenie takie ze rozne ssid mam inny vlan, a 5GHz dla mnie, bo malo kto bedzie mial karte pod 802.11n w pasmie 5GHz.

[pavkoo]

Ok juz działa, dziekowac