WhiteMafiosi
asked on
How to setup Cisco Wireless Lan Controller 2106
Hello!
Just bought the following equipment and need a little help pointing me in the right direction for correct setup.
1 x AIR-WLC2106-K9 WIRELESS LAN CONTROLLER 2106
2 x WS-C3560-8PC-S CATALYST 3560 8 10/100 POE + 1 T/SFP STANDARD IMAGE EN
4 x AIR-LAP1131AG-E-K9 Cisco AP1100 802.11a/b/g w/Antennas
I need to create 2 separate wireless networks, with SSID: Internal and another SSID: GUEST
Both networks must be completly separated
SSID: Internal should use ip range: 192.168.4.XXX
SSID: GUEST should use ip range: 210.210.2.XXX
Can someone point me in the right directions for setup this? :)
Just bought the following equipment and need a little help pointing me in the right direction for correct setup.
1 x AIR-WLC2106-K9 WIRELESS LAN CONTROLLER 2106
2 x WS-C3560-8PC-S CATALYST 3560 8 10/100 POE + 1 T/SFP STANDARD IMAGE EN
4 x AIR-LAP1131AG-E-K9 Cisco AP1100 802.11a/b/g w/Antennas
I need to create 2 separate wireless networks, with SSID: Internal and another SSID: GUEST
Both networks must be completly separated
SSID: Internal should use ip range: 192.168.4.XXX
SSID: GUEST should use ip range: 210.210.2.XXX
Can someone point me in the right directions for setup this? :)
Remote into each wireless device and configure your security, SSID, and DHCP server. How are you planning on segmenting your private and public networks? What will be directly connected to the switch? Do you need switch ports that are for the private and public networks?
I set something like this up using VLANs, one called internal and one called internet (guest). Have a look and see if you can figure it out like this:
dot11 vlan-name internal-net vlan 20
dot11 vlan-name internet vlan 6
!
dot11 ssid internet
vlan 6
authentication open
authentication key-management wpa version 1
guest-mode
wpa-psk ascii xxxxxxxxxxxxxxxxxx
!
dot11 ssid intra
vlan 20
authentication open eap eap_methods_tassintra
authentication network-eap eap_methods_tassintra
authentication key-management wpa version 1
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 6 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid internet
!
ssid intra
!
station-role root access-point
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.6
encapsulation dot1Q 6
ip address 192.168.51.252 255.255.255.0
ip helper-address 192.168.51.254
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.252 255.255.255.0
ip helper-address 192.168.1.254
no ip route-cache
!
interface BVI6
no ip address
no ip route-cache
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 7 smf,sdf,sbs
radius-server vsa send accounting
bridge 1 route ip
This way you can set up the switchport for the wireless like this:
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport trunk allowed vlan 6,20
switchport mode trunk
Without any hassle.
dot11 vlan-name internal-net vlan 20
dot11 vlan-name internet vlan 6
!
dot11 ssid internet
vlan 6
authentication open
authentication key-management wpa version 1
guest-mode
wpa-psk ascii xxxxxxxxxxxxxxxxxx
!
dot11 ssid intra
vlan 20
authentication open eap eap_methods_tassintra
authentication network-eap eap_methods_tassintra
authentication key-management wpa version 1
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 6 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid internet
!
ssid intra
!
station-role root access-point
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.6
encapsulation dot1Q 6
ip address 192.168.51.252 255.255.255.0
ip helper-address 192.168.51.254
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.252 255.255.255.0
ip helper-address 192.168.1.254
no ip route-cache
!
interface BVI6
no ip address
no ip route-cache
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 7 smf,sdf,sbs
radius-server vsa send accounting
bridge 1 route ip
This way you can set up the switchport for the wireless like this:
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport trunk allowed vlan 6,20
switchport mode trunk
Without any hassle.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it is very simple.
1. Create apporpriate vlans on switch i.e. vlan10 and vlan20
2. Connect ur WLC with your switch using a trunk port.
3.Configure DHCP on WLC.
Following link will explain all tihs in detail.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
Good Luck
1. Create apporpriate vlans on switch i.e. vlan10 and vlan20
2. Connect ur WLC with your switch using a trunk port.
3.Configure DHCP on WLC.
Following link will explain all tihs in detail.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
Good Luck
ASKER
Thanks lrmoore! Really helped me getting started. Now eveerything works fine :)