?
Solved

Multiple Vlans on a Wireless Cisco Air 1200 AP

Posted on 2012-08-14
17
Medium Priority
?
968 Views
Last Modified: 2012-10-05
Hello,

I have a Cisco Air 1200 Wireless AP and I would like to run two separate vlans that should match to two wi-fi networks that thte AP is advertising - my problem is that my AP does Not show the two separate wi-fi networks as per config attached and if i set the switch port where the AP is connected to as trunk i loose all access connectivity to the AP as well as clients can not obtain ip address throught dhcp.

At present with the attached settings vlan 42 only is working and clients can only see 1 wi-fi network called WIFI1 - WIFI2 does not show as adertised WIFI2???

Can you please help with the missing links:) Thank you
WIRELESSX2VLANSX2SSIDS.txt
0
Comment
Question by:TrepExe
  • 9
  • 6
  • 2
17 Comments
 
LVL 15

Expert Comment

by:wingatesl
ID: 38291638
On the switch you should have only
interface GigabitEthernet
 description WIRELESS VLANS 42+70
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast

Open in new window

On the access point you need to enable guest-mode on the second ssid.
ssid WIFI2
 guest-mode

Open in new window

0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38294099
wingatesl has it, apart from the AP config...

You can't configure guest-mode on two SSIDs simultaneously.  You need to configure mbssid guest-mode instead, like this...

ssid WIFI1
 mbssid guest-mode
!
ssid WIFI2
 mbssid guest-mode

Open in new window

0
 
LVL 15

Expert Comment

by:wingatesl
ID: 38294402
argh, it was a rough morning... give me some slack ;)
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:TrepExe
ID: 38296815
Thank you guys - will test and provide feedback asap:)
0
 

Author Comment

by:TrepExe
ID: 38319485
Hello,

It does Not give me the option to set mbssid guest-mode as advised above:

AP(config-if-ssid)#?
ssid configuration commands:
  accounting             radius accounting
  authentication       authentication method
  exit                        Exit from ssid sub mode
  guest-mode           guest ssid
  infrastructure-ssid ssid used to associate to other infrastructure devices
  ip                           IP options
  max-associations    set maximum associations for ssid
  no                          Negate a command or set its defaults
  vlan                        bind ssid to vlan
  wpa-psk                  Configure Wi-Fi Protected Access pre-shared key


=========================

Cisco Internetwork Operating System Software
IOS (tm) C1200 Software (C1200-K9W7-M), Version 12.2(11)JA1, EARLY DEPLOYMENT RELEASE SOFTWARE

==========================

Any ideas as to how I can achieve that?
0
 

Author Comment

by:TrepExe
ID: 38320284
Hi, following my last update i mangaged to do ssid mbssid Wifi1 and 2 but it will not let me have both in guest-mode - allows me to set guest-mode only onder a single ssid or ssid mbssied:

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 70 mode ciphers tkip
 !
 encryption mode ciphers tkip
 !
 encryption vlan 42 mode ciphers tkip
 !
 ssid mbssid Wifi1
    vlan 42
    authentication open
    authentication key-management wpa
    wpa-psk ascii 7 1420431F0A5C727A362D
 !
 ssid mbssid Wifi2
    vlan 70
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 03330A1F0057791D5C0C15004247

Thank you for your time!!!
0
 

Author Comment

by:TrepExe
ID: 38320365
Following my last update - on the switch port as per attached config and suggested trunk config:

I can Not ping the AP on Wifi1 vlan 42 unless i add - Spare_Old_Wol2(config-if)#switchport trunk native vlan 42 - under the trunk switchport config???

If i have the switchport config as:

interface GigabitEthernet
 description WIRELESS VLANS 42+70
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 spanning-tree portfast

I can not ping the AP bvi address which is vlan 42??? Any ideas please - really appreciated! Thanks
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38320462
The switchport needs the native VLAN to be whatever VLAN the BVI interface is attached to on the AP.

The switchport config you have at the moment implies that VLAN1 is the native VLAN, and not VLAN42.
0
 

Author Comment

by:TrepExe
ID: 38329710
Please ignore my update: by: TrepExePosted on 2012-08-22 at 13:59:25ID: 38320284:

Unable to setup mbssids in order to advertise two separate ssids connected to two separate vlans going back and forth both ways through the switchport trunk.

As you can see from my previous update before the one above - I do not get the option to setup a mbssid in order to have both ssids in guest mode as suggested above.

Can you please help? Thanks
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38331304
Can you post the SHOW VERSION output from your AP?
0
 

Author Comment

by:TrepExe
ID: 38382604
Hi Craigbeck,

Please find the show version info below:


Cisco Internetwork Operating System Software
IOS (tm) C1200 Software (C1200-K9W7-M), Version 12.2(11)JA1, EARLY DEPLOYMENT RE                                LEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 07-Jul-03 13:48 by ccai
Image text-base: 0x00003000, data-base: 0x004D46F4

ROM: Bootstrap program is C1200 boot loader
BOOTLDR: C1200 Boot Loader (C1200-BOOT-M) Version 12.2(8)JA, EARLY DEPLOYMENT RE                                LEASE SOFTWARE (fc1)

HQSRVROOMWIRELESS uptime is 4 weeks, 6 days, 21 hours, 40 minutes
System returned to ROM by power-on
System restarted at 13:43:45 GMT Mon Aug 6 2012
System image file is "flash:/c1200-k9w7-mx.122-11.JA1/c1200-k9w7-mx.122-11.JA1"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-AP1230B-E-K9     (PowerPC405GP) processor (revision A0) with 14326K/2048K bytes of memory.
Processor board ID FOC07351ARX
PowerPC405GP CPU at 196Mhz, revision number 0x00C4
Last reset from power-on
Bridging software.
1 FastEthernet/IEEE 802.3 interface(s)
1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:BC:48:86:C2
Part Number                          : 73-8704-03
PCA Assembly Number                  : 800-23211-03
PCA Revision Number                  : A0
PCB Serial Number                    : FOC07351ARX
Top Assembly Part Number             : 800-23209-03
Top Assembly Serial Number           : FHK0737J1TK
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1230B-E-K9

Configuration register is 0xF

Thank you
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38382644
Hmmm I would suggest upgrading the IOS on the APs.  There are several features implemented in later versions which would possibly achieve what you're after.
0
 

Author Comment

by:TrepExe
ID: 38383132
Hi,

Can you please confirm the latest ios for this AP and download link if possible - would you point me in the right direction as to the ios upgrade process and main points to bear in mind... can't seem to be able to locate these within the cisco website at present. Thank you
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1500 total points
ID: 38383219
Latest IOS is 12.3(8).JEE

http://www.cisco.com/cisco/software/release.html?mdfid=277026213&softwareid=284180979&release=12.3.8-JEE&relind=AVAILABLE&rellifecycle=ED&reltype=latest

The upgrade process is quite simple - just browse to the AP and go to the System Software menu on the left, then select the Software Upgrade item.  Browse to the new IOS image TAR file and let it upgrade.

Make sure you disable your browser's popup blocker first though!
0
 

Author Comment

by:TrepExe
ID: 38386165
Thank you, Do I have to register with Cisco support in order to be able to download as it is not letting me download the updated ios without a cisco support contract? Is the only way to get these downloads getting a Cisco support contract paid for?

Thank you,

Once I have the updated ios I will install and test functionality and update this post with results in order to complete/ finish it.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38386653
Yes you need a SmartNet contract to download the images from Cisco.

There are unofficial downloads available but obviously I'm not allowed to tell you where to get them!
0
 

Author Comment

by:TrepExe
ID: 38399291
Thank you, will go through the motions and provide feedback on here.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question