asked on

How to setup Cisco Wireless Lan Controller 2106

Hello!
Just bought the following equipment and need a little help pointing me in the right direction for correct setup.
1 x AIR-WLC2106-K9 WIRELESS LAN CONTROLLER 2106
2 x WS-C3560-8PC-S CATALYST 3560 8 10/100 POE + 1 T/SFP STANDARD IMAGE EN
4 x AIR-LAP1131AG-E-K9 Cisco AP1100 802.11a/b/g w/Antennas

I need to create 2 separate wireless networks, with SSID: Internal and another SSID: GUEST
Both networks must be completly separated

SSID: Internal should use ip range: 192.168.4.XXX
SSID: GUEST should use ip range: 210.210.2.XXX

Can someone point me in the right directions for setup this? :)

itnetworkn

Remote into each wireless device and configure your security, SSID, and DHCP server. How are you planning on segmenting your private and public networks? What will be directly connected to the switch? Do you need switch ports that are for the private and public networks?

Ernie Beek

I set something like this up using VLANs, one called internal and one called internet (guest). Have a look and see if you can figure it out like this:

dot11 vlan-name internal-net vlan 20
dot11 vlan-name internet vlan 6
!
dot11 ssid internet
vlan 6
authentication open
authentication key-management wpa version 1
guest-mode
wpa-psk ascii xxxxxxxxxxxxxxxxxx
!
dot11 ssid intra
vlan 20
authentication open eap eap_methods_tassintra
authentication network-eap eap_methods_tassintra
authentication key-management wpa version 1

interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 6 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid internet
!
ssid intra
!
station-role root access-point
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.6
encapsulation dot1Q 6
ip address 192.168.51.252 255.255.255.0
ip helper-address 192.168.51.254
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.1.252 255.255.255.0
ip helper-address 192.168.1.254
no ip route-cache
!
interface BVI6
no ip address
no ip route-cache

ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 7 smf,sdf,sbs
radius-server vsa send accounting
bridge 1 route ip

This way you can set up the switchport for the wireless like this:

switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport trunk allowed vlan 6,20
switchport mode trunk

Without any hassle.

ASKER CERTIFIED SOLUTION

Les Moore

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Faisal Khan

it is very simple.
1. Create apporpriate vlans on switch i.e. vlan10 and vlan20
2. Connect ur WLC with your switch using a trunk port.
3.Configure DHCP on WLC.

Following link will explain all tihs in detail.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml

Good Luck

WhiteMafiosi

ASKER

Thanks lrmoore! Really helped me getting started. Now eveerything works fine :)