8.0 Mesh ethernet bridging and daisy chaining with the 1532 access point

Introduction

This document lists 2 methods to successfully setup the 1532's with daisy chaining and allow ethernet bridging of a remote switch's traffic to flow through to the core network.

Prerequisites

Controller running 8.0.120.0 and up.

Minimum of 2 1532 outdoor AP's(Access Point). You can use any other model of AP as the wired root, but for daisy chaining you have to use 2 1532's, of course.

Before starting any of this configuration, please make sure that the remote switch is not connected to the Subordinate RAP(Root Access Point) until the configuration on the mesh network is complete and verified to be correct. If you do not do this, there is a high probability that spanning tree will take down the entire mesh network that is connected to the RAP. It will block the root ap switch port and drop all the children connected to it. This can create a whole new set of issues due to the re-convergence of the mesh network. Potentially causing an extended outage and a lot of frustration.

Components Used

• 2504 Wireless LAN Controller
• 2702 as the wired RAP
• 2 1532's to daisy chain
• 2 switches (3750's in my lab), one core, one remote.
• 2 vlans.
• 1107 is native and what the AP's connect to the controller on.
• 12 is remote wired client vlan.

Configuration

Network Diagram

Configuration 1

Easiest method first.

Enable Vlan transparent on the controller. With this enabled it will pass the native and also pass the tagged vlan's from the remote side without having to define them on the Rap/Map gig interfaces. More on this in the next example.

Wired Root AP mesh configuration

Mesh Access Point(MAP) configuration

First Mesh AP of the daisy chain. This is considered the Primary of the chain. It uses its 5Ghz radio to connect to the wired Rap. Note that daisy chaining is enabled on this AP.

Subordinate AP-- Daisy Chain Configuration

Subordinate AP of the daisy chain. Notice that it is configured as a Rap and not a Map. This AP will use its POEin port to connect to the Lan port on the primary Map AP. Note that daisy chain is enabled on this AP. The traffic from this AP's lan port as well as it's 2.4Ghz and 5Ghz radio will be sent to the primary AP via the ethernet cable and then transmitted out the Primary AP's 5Ghz radio to the Rap at the core. you then connect the Lan port on this AP to the remote switch.

Since this AP is configured as a Rap you can also change it's 5Ghz radio to a different channel than the core root AP. This way you can have channel separation to additional downstream Map's from this subordinate AP.

Configuration 2

More complex, but gives a bit more flexibility with allowing or not allowing vlans at the gig interfaces of the mesh ap's.

Vlan transparent is disabled for this configuration.

Please note that for this configuration to work you have to have vlan support enabled on all the ap's that are part of this bridge group or that will be connecting to each other over the mesh.

You also have to define the native vlan as well as the allowed vlan's on all the interfaces of the AP's along the mesh path.

Screen shots to hopefully make this point clear.

Wired Root AP configuration

Primary MAP AP configuration

Subordinate RAP connected to the Primary AP and the remote switch.

Core switch port configuration for the Root AP

interface GigabitEthernet1/0/21
switchport trunk encapsulation dot1q
switchport trunk native vlan 1107
switchport trunk allowed vlan 12,1107
switchport mode trunk

Remote switch port configuration that is connected to the Lan port of the Subordinate Rap.

interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 1107
switchport trunk allowed vlan 12,1107
switchport mode trunk

I defined SVI's on the remote switch for both vlan's so that I could easily do pings to verify connectivity.

Verify

You should be able to ping both directions for the defined vlan's. Clients on the remote switch should get dhcp addresses if configured or static addresses.

On the remote switch you should see the mac addresses of the various nodes being learned on the remote switch port.

Jeff_3750#2#show mac address int gi1/0/5

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

1107    3cce.73d9.52e0    DYNAMIC     Gi1/0/5

1107    78da.6e59.a6be    DYNAMIC     Gi1/0/5

1107    78da.6e59.a6d0    DYNAMIC     Gi1/0/5

1107    aca0.164b.b295    DYNAMIC     Gi1/0/5

1107    aca0.164b.b2c6    DYNAMIC     Gi1/0/5

1107    d0d0.fd2e.2a02    DYNAMIC     Gi1/0/5

1107    f40f.1bad.1820    DYNAMIC     Gi1/0/5

  12    aca0.164b.b2c9    DYNAMIC     Gi1/0/5

Total Mac Addresses for this criterion: 8

Troubleshoot

There are several mesh forwarding debugs that help understand if packets are being forwarded from the Subordinate Rap.

1532subordinaterap#show mesh forwarding interfaces
GigabitEthernet0: GigabitEthernet0(state is OPEN)
Node 78da.6e59.a6be
GigabitEthernet1: GigabitEthernet1(state is OPEN)
Virtual-Dot11Radio0: Virtual-Dot11Radio0(state is AUTHENTICATION)
Node 0024.f7ae.020f