Question : Cisco 1130AP - any way to make ALL packets tagged?

We have 5 Cisco 1130 series APs for our wireless, and I'm trying to set up VLANs on them.  Generally this is no issue for me, but apparently our switches (Nortel Baystack 350-24T) have a bit of a caveat to them - they only accept connections where NO packets are tagged, or ALL packets are tagged.  With the 1130 series, they seem to require a native VLAN for management purposes.  One of the VLANs I'm trying to configure is for out-of-band management, but that VLAN (like the others) must be tagged.  Can anyone think of a way to achieve this?  Even the TAC guys seem at a loss (currently my case is "being researched").

I'm thinking the best route might be to configure a dummy interface on the native VLAN, and then assign a IP address to one of the VLAN on the fastethernet interface, but I keep getting bridge-group errors and I'm not familiar with those?

I'm open to any ideas, that was just the first thing I thought of.  I posted the config for one of my APs below, but sliced out usernames/passwords for security reasons.  Let me know if you think I cut out too much to be helpful.  Thanks!

Code Snippet:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255:

! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname wifi-crng ! ! aaa new-model ! ! aaa group server radius rad_eap server 10.1.6.2 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius dummy ! aaa group server radius rad_eap1 server 10.1.6.2 auth-port 1645 acct-port 1646 ! aaa group server radius rad_pmip ! aaa group server radius Infrastructure ! aaa group server radius Clients server 10.1.6.2 auth-port 1645 acct-port 1646 ! aaa authentication login default local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login method_Infrastructure group Infrastructure aaa authentication login eap_methods1 group rad_eap1 aaa authentication login method_Clients group Clients aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct ! aaa session-id common ! resource policy ! clock timezone -0600 -6 clock summer-time -0500 recurring ip subnet-zero ip domain name ip name-server ! ! dot11 vlan-name Anonymous_Wireless vlan 46 dot11 vlan-name Maintenance vlan 66 dot11 vlan-name Staff vlan 6 ! dot11 ssid M8gn1f1sh3nt vlan 6 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa version 2 ! dot11 ssid scpl-wifi vlan 46 authentication open guest-mode ! dot11 network-map ! ! username ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! ! encryption vlan 6 mode ciphers aes-ccm ! broadcast-key change 600 ! ! ssid M8gn1f1sh3nt ! ssid scpl-wifi ! speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.6 encapsulation dot1Q 6 no ip route-cache no snmp trap link-status bridge-group 6 bridge-group 6 subscriber-loop-control bridge-group 6 block-unknown-source no bridge-group 6 source-learning no bridge-group 6 unicast-flooding bridge-group 6 spanning-disabled ! interface Dot11Radio0.46 encapsulation dot1Q 46 no ip route-cache no snmp trap link-status bridge-group 46 bridge-group 46 subscriber-loop-control bridge-group 46 block-unknown-source no bridge-group 46 source-learning no bridge-group 46 unicast-flooding bridge-group 46 spanning-disabled ! interface Dot11Radio0.66 encapsulation dot1Q 66 native no ip route-cache no snmp trap link-status bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache ! ! encryption vlan 6 mode ciphers aes-ccm ! broadcast-key change 600 ! ! ssid M8gn1f1sh3nt ! ssid scpl-wifi ! dfs band 3 block speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 channel dfs station-role root bridge-group 1 bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1.6 encapsulation dot1Q 6 no ip route-cache no snmp trap link-status bridge-group 6 bridge-group 6 subscriber-loop-control bridge-group 6 block-unknown-source no bridge-group 6 source-learning no bridge-group 6 unicast-flooding bridge-group 6 spanning-disabled ! interface Dot11Radio1.46 encapsulation dot1Q 46 no ip route-cache no snmp trap link-status bridge-group 46 bridge-group 46 subscriber-loop-control bridge-group 46 block-unknown-source no bridge-group 46 source-learning no bridge-group 46 unicast-flooding bridge-group 46 spanning-disabled ! interface Dot11Radio1.66 encapsulation dot1Q 66 no ip route-cache no snmp trap link-status ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.6 encapsulation dot1Q 6 no ip route-cache no snmp trap link-status bridge-group 6 no bridge-group 6 source-learning bridge-group 6 spanning-disabled ! interface FastEthernet0.46 encapsulation dot1Q 46 no ip route-cache no snmp trap link-status bridge-group 46 no bridge-group 46 source-learning bridge-group 46 spanning-disabled ! interface FastEthernet0.66 encapsulation dot1Q 66 no ip route-cache no snmp trap link-status ! interface BVI1 ip address 10.1.66.234 255.255.255.0 no ip route-cache ! ip default-gateway 10.1.66.1 ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 access-list 111 permit tcp any any neq telnet snmp-server view iso iso included snmp-server view dot11view ieee802dot11 included snmp-server community cisco-rw view iso RW radius-server local no authentication eapfast no authentication mac user 075D746E1E5D385235465355217809757F646C064A554E565470007A070C5C5540 ! radius-server attribute 32 include-in-access-req format %h radius-server host auth-port 1645 acct-port 1646 key radius-server host auth-port 1812 acct-port 1813 key radius-server vsa send accounting bridge 1 route ip ! ! wlccp ap username wlccp ap wds ip address wlccp authentication-server infrastructure method_Infrastructure wlccp authentication-server client eap method_Clients ssid M8gn1f1sh3nt ! line con 0 access-class 111 in terminal-type ansi line vty 0 3 access-class 111 in terminal-type ansi line vty 4 access-class 111 in line vty 5 15 ! sntp server 140.221.9.20 sntp broadcast client end

Open in New Window

Select All

Answer : Cisco 1130AP - any way to make ALL packets tagged?

Well there's your excuse for a new switch ;)