cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

AP7532 use in Mash Root and Leaf

AP7532 use in Mash Root and Leaf

Andi_2KII
New Contributor

Hello,

I'm trying to configure my AP7532 to use them in a mash configuration.
One root and 2-3 leafs(ony wirless / as repeater).

The config is down below. The leaf makes a connection to the root but the leaf dose't get an ip and it's not possible to connect to the leaf with a phone or a PC. The root connection works fine and the internet connection works as well. 

 

ROOT
 
 
ap7532-XXXXXR(config)#show run
!
! Configuration of AP7532 version 7.7.1.5-003R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan Internetz
 ssid Internetz
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type sae-psk
 protected-mgmt-frames mandatory
 wpa-wpa2 psk 0 123456789
!
meshpoint Netz
 meshid MESH_NETZ
 beacon-format mesh-point
 control-vlan 1
 security-mode psk
 wpa2 psk 0 MESHPasswordxxx
 root
!
!
management-policy default
 telnet
 no http server
 https server
 rest-server
 ssh
 ssh enable-weak-mac-algo 1
 user admin password 1 dusdhfhsdfje345df34 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 default-ap7532
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 country-code at
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
 use nsight-policy default
!
ap7532 84-24-8D-82-C2-D8
 use profile default-ap7532
 use rf-domain default
 hostname ap7532-XXXXXR
 interface radio1
  wlan Internetz bss 1 primary
 interface radio2
  channel 36
  wlan Internetz bss 2 primary
  meshpoint Netz bss 1
  no dynamic-chain-selection
 interface ge1
  switchport mode access
  switchport access vlan 1
 interface vlan1
  ip address dhcp
  no shutdown
 no adoption-mode
!
!

 

 

LEAF
 
 
ap7532-XXXXXL(config)#show running-config
!
! Configuration of AP7532 version 7.7.1.5-003R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan Internetz
 ssid Internetz
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type sae-psk
 protected-mgmt-frames mandatory
 wpa-wpa2 psk 0 123456789
!
meshpoint Netz
 meshid MESH_NETZ
 beacon-format mesh-point
 control-vlan 1
 security-mode psk
 wpa2 psk 0 MESHPasswordxxx
 no root
!
!
management-policy default
 telnet
 no http server
 https server
 rest-server
 ssh
 ssh enable-weak-mac-algo 1
 user admin password 1 dusdhfhsdfje345df34 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 default-ap7532
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 country-code at
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
 use nsight-policy default
!
ap7532 84-24-8D-82-C5-74
 use profile default-ap7532
 use rf-domain default
 hostname ap7532-XXXXXL
 interface radio1
  wlan Internetz bss 1 primary
 interface radio2
  channel 36
  wlan Internetz bss 2 primary
  meshpoint Netz bss 1
  no dynamic-chain-selection
 interface vlan1
  ip address dhcp
 no adoption-mode
!
!
1 ACCEPTED SOLUTION

Angelo_Cargnel
New Contributor III

Hi Andi,

in your meshpint policy is the allowed-vlans parameter missing.
I guess in your case it should be:  allowed-vlans 1


Cheers,
Angelo

View solution in original post

3 REPLIES 3

Andi_2KII
New Contributor

Hi Angelo,

that was it!

Thank you.

 

Daren_E
Extreme Employee

As pointed out By Angelo,

Your Meshpoint policy is missing the allowed vlans.
Once added your Mesh client should get an IP address.
For further Mesh configuration reference please see guide below.
MCX_IN_VIRTUAL_CONTROLLER_ENVIRONMENTS_HTG_REV1.0_EN.pdf

Angelo_Cargnel
New Contributor III

Hi Andi,

in your meshpint policy is the allowed-vlans parameter missing.
I guess in your case it should be:  allowed-vlans 1


Cheers,
Angelo

GTM-P2G8KFN