Q: Hi all,
After a bit of troubleshooting advice on where to look, remember me? M still a n00b: S so I can ask something crazy!
Equipment Involved:
Aironet 1200
Catalyst 2950
Router 1841
Setup a new SSID on the 1200 with its own VLAN so you can come, and we offer a WPA key parts, so they can network to jump without performing a RADIUS authentication and s what? s already configured on the network.
2 SSIDs on the AP assigned to VLAN 120 (existing wireless network) and 130 (guest network? newly created) total 9,775,033 VLANs on the wired country VLAN 110 (grid), 120 (wireless VLAN client) and 130 (score wireless VLAN)
At existing customers on both VLAN 110 u0026 120, the default gateway (sub-interface cases are made to the ping of 1841) on all VLANs, including VLAN 130. But customers VLAN 130 is not capable of anything including default gateway for VLAN 130 ping. Customers can now connect to and authenticate to the AP, but that success? Is about as far as possible? Ll go.
I believed to be a permission issue on the router, however, I? m Actually replicated the ACLs for the 2 VLANs VLANs operate at 130 and still do I? t ping the gateway.
Is anyone can advise me what to do in terms of resolving this? Stairs and the things I should be cross-checks? If someone is willing to help, I am using configs, Don? Do not want to overload this thread with configs on 3 devices!
Thanks in advance for any tips!
Re:you can't up those on the switch (I'm not sure if Spidey meant that or the AP) becuase the switch only has one active vlan (i.e. managment vlan) because it's all old school layer 2. THe ip is for management only.
change the primary VLAN to VLAN 1 on both, and see if it works then
Re:Funny thing is… When I do a "no shut" on those vlan interfaces (VLAN120) the switch would lock up in the CLI. I can't ping the switch, can't establish another telnet session to it. Can't browse to it's web interface etc… However, network operations still runs fine. Like it's still forwarding frames and network isn't down. Just I can't manage it anymore! Argh, I have to go and power cycle it!
Any ideas I can trouble shoot this problem?
Thanks guy, gawd it's so hard remebering commands for people who don't manage these things day in day out.
Re:sh int trunk will give you all your trunking information.
also, unshut those vlan interfaces. also sh int vlan <vlan number> will tell you if the SVI is up (Ip interface)
Re:Sorry to be a n00b… how do I detect native vlan mismatch? Do a "sh logging"??
IOS versions are:
Switch 12.1
Router 12.3
AP 12.3
Thanks 
Re:also, what code are you running on this?
Re:log into the console and watch for native vlan mismatch problems. I have had MAJOR issues when the native vlan was something other then 1 (tried to do some funky L2 stuff a while back)
I would start by turning off all encryption/authentication on all SSID's, and try and connect/see what happens. Assuming that works, layer security back on, one step at a time. If it doesn't let us know what SSID's work, and which don't.
Re:Originally posted by: guy
sounds like an encryption problem on the AP/Client.
Also make sure the vlan 130 SVI is up and that vlan is allowed on the trunk to the router. Check the spanning-tree for vlan 130 to make sure it is forwarding on the trunk port to the router and AP.
Windows XP indicated a successful authentication with the AP showing network is connected would this still suggest an encryption error?
When I do a "sh run" the VLANs on the swith are all indicated as "shutdown" except for VLAN 110. No idea why they are in "shutdown" mode. The funny thing is VLAN 120 still worked even if it's "shutdown" on the switch. "sh vlan" indicated all VLANs are "active"
I have not configured any permission for allowed VLANs on trunks, I assume all VLANs are allowed by default?
Did a "sh spanning-tree" on the switch and all VLANs are allowed on the 2 trunks to the router & AP.
guy: I've read on Cisco's website that I only need to ensure the native VLAN on the AP and the connected switchport are matching (which they are) and I should be fine. Tho the native VLAN for the Switch itself is VLAN 1 not sure if this is causing the problem 
What would be my next step of troubleshooting process?
Thanks once again guy & guy.
Re:Thanks everyone for the tips. Going to test this out tonight and see how I go!!
Re:It's been a while, but iirc you need to make sure that your native VLAN on your switch is VLAN1, or the AP gets really confused.
Re:sounds like an encryption problem on the AP/Client.
Also make sure the vlan 130 SVI is up and that vlan is allowed on the trunk to the router. Check the spanning-tree for vlan 130 to make sure it is forwarding on the trunk port to the router and AP.
0 Comments.