• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1102
  • Last Modified:

need help with configuring cisco aironet AP's in existing cisco vlan environment.

need help with configuring cisco aironet AP's in existing cisco vlan environment.
My switches (core 3750x and 2960) have a
default vlan1 (native)
vlan2 WIFI
vlan3 VOIP

Servers and computers are member from the default vlan1 (native) . I used no command on the switches regarding vlan1 so it is still untagged.
Purpose it to use vlan2 for the WIFI access points, they need to communicate with the computers and servers from vlan1 but i am not familiar with the best setup and configuration.Ip routing is enabled and working on the switches.
All the vlans are also tunneled to a remote site.
I give the bvi1 interface  from the AP and address from the subnet vlan1 and add the rule encapsulation dot1q native.
Do i need to configure another wired interface from the AP (interface GigabitEthernet0.1 or interface GigabitEthernet0.2) also or can i use only the bvi1 for management and data traffic?
The AP's are connected to a trunk port on which only allow vlan1&2 traffic is allowed (switchport trunk allowed vlan add 1,2)
It is obvious to create an ssid and link it to vlan2 and i don't need multiple ssid's.
Are commands as bridge 1 route ip needed?
ip-default gateway is the router interface from vlan1.
With my current config the wifi client have access to the remote site but no internet access,i still need to test  the routing.
Thank you for your help
Last-configurationAP1-XPRTS.doc
0
antwerp2007
Asked:
antwerp2007
1 Solution
 
Martin TarlinkNetwork Systems AdministratorCommented:
Below I pasted one of my old configuration, I had two SSID, but in your case you will need only one, I assume you dont want to open voice vlan over Wifi.
ANd if you can change your vlan from Vlan 1 to soemthing else as it is not recommended to use default Vlan 1

dot11 syslog
dot11 vlan-name SSIDname1 vlan 2
dot11 vlan-nameSSIDname2vlan 3
!
dot11 ssid WIFI-OPEN
   vlan 2
   authentication open 
   mbssid guest-mode
   information-element ssidl
!
dot11 ssid WIFI-SECURED
  vlan 3
   authentication open 
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxx xxxxxx xxxxxx xxxxxx xxxxxx
   information-element ssidl wps
!
dot11 network-map


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!

bridge irb
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !        
 encryptionvlan 3 mode ciphers tkip 
 !
 ssid WIFI-OPEN
 !
 ssid WIFI-SECURED
 !
 mbssid
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel 2412
 station-role root
 l2-filter bridge-group-acl
 no cdp enable
 infrastructure-client
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip 
 !
 encryptionvlan 3 mode ciphers tkip 
 !
 ssid WIFI-OPEN
 !
 ssid WIFI-SECURED
 !
 dfs band 3 block
 mbssid
 speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 channel dfs
 station-role root
 l2-filter bridge-group-acl
 no cdp enable
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Dot11Radio1.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio1.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.11
 encapsulation dot1Q 110 native
 no ip route-cache
 bridge-group 11
 bridge-group 11 subscriber-loop-control
 bridge-group 11 block-unknown-source
 no bridge-group 11 source-learning
 no bridge-group 11 unicast-flooding
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface FastEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface FastEthernet0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 11
 no bridge-group 11 source-learning
 bridge-group 11 spanning-disabled
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface BVI1
 ip address 10.10.10.77 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
ip http authentication aaa
ip http secure-server

bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now