Solved

need help with configuring cisco aironet AP's in existing cisco vlan environment.

Posted on 2014-02-03
1
1,021 Views
Last Modified: 2014-02-13
need help with configuring cisco aironet AP's in existing cisco vlan environment.
My switches (core 3750x and 2960) have a
default vlan1 (native)
vlan2 WIFI
vlan3 VOIP

Servers and computers are member from the default vlan1 (native) . I used no command on the switches regarding vlan1 so it is still untagged.
Purpose it to use vlan2 for the WIFI access points, they need to communicate with the computers and servers from vlan1 but i am not familiar with the best setup and configuration.Ip routing is enabled and working on the switches.
All the vlans are also tunneled to a remote site.
I give the bvi1 interface  from the AP and address from the subnet vlan1 and add the rule encapsulation dot1q native.
Do i need to configure another wired interface from the AP (interface GigabitEthernet0.1 or interface GigabitEthernet0.2) also or can i use only the bvi1 for management and data traffic?
The AP's are connected to a trunk port on which only allow vlan1&2 traffic is allowed (switchport trunk allowed vlan add 1,2)
It is obvious to create an ssid and link it to vlan2 and i don't need multiple ssid's.
Are commands as bridge 1 route ip needed?
ip-default gateway is the router interface from vlan1.
With my current config the wifi client have access to the remote site but no internet access,i still need to test  the routing.
Thank you for your help
Last-configurationAP1-XPRTS.doc
0
Comment
Question by:antwerp2007
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 500 total points
Comment Utility
Below I pasted one of my old configuration, I had two SSID, but in your case you will need only one, I assume you dont want to open voice vlan over Wifi.
ANd if you can change your vlan from Vlan 1 to soemthing else as it is not recommended to use default Vlan 1

dot11 syslog
dot11 vlan-name SSIDname1 vlan 2
dot11 vlan-nameSSIDname2vlan 3
!
dot11 ssid WIFI-OPEN
   vlan 2
   authentication open 
   mbssid guest-mode
   information-element ssidl
!
dot11 ssid WIFI-SECURED
  vlan 3
   authentication open 
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx
   information-element ssidl wps
!
dot11 network-map


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!

bridge irb
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !        
 encryptionvlan 3 mode ciphers tkip 
 !
 ssid WIFI-OPEN
 !
 ssid WIFI-SECURED
 !
 mbssid
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel 2412
 station-role root
 l2-filter bridge-group-acl
 no cdp enable
 infrastructure-client
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 encryptionvlan 3 mode ciphers tkip 
 !
 ssid WIFI-OPEN
 !
 ssid WIFI-SECURED
 !
 dfs band 3 block
 mbssid
 speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel dfs
 station-role root
 l2-filter bridge-group-acl
 no cdp enable
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio1.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio1.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.11
 encapsulation dot1Q 110 native
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface FastEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface FastEthernet0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 no bridge-group 11 source-learning
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface BVI1
 ip address 10.10.10.77 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
ip http authentication aaa
ip http secure-server

bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now