Solved

Extending network to 2 new buildings using Aironet 1532Is

Posted on 2014-03-21
10
1,607 Views
Last Modified: 2014-03-24
I'm looking for some guidance on configuring 3 autonomous Cisco
Aironet 1532Is. We have 2 new buildings at the corporate campus and we are trying to extend the corporate network to those 2 buildings with Wi-Fi (just want to use Wi-Fi as a layer 2 bridge to the new buildings). I should add that the 2 buildings have wired infrastructure we are just trying to span the distance from the main building with Wi-Fi and then the APs that are located in those buildings are going to be plugged into a Catalyst switch.
What's the best way to go about setting this up ?

thanks
0
Comment
Question by:aackar
  • 6
  • 4
10 Comments
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
This is simple in theory, but could be awkward depending on what you have at each side.

With a single VLAN this is easy.  You just configure a SSID on the 5GHz radio and set one AP to Root Bridge and the other AP to Non-Root Bridge mode.

However, with more than one VLAN you have to create each VLAN on the APs as well as on the switches.  They won't automatically be trunked across the link if the AP doesn't know about them.  This is obviously important if you have a lot of VLANs and it's an absolute nightmare to do in the CLI if you have more than a handful.

Have you already bought the 1532 APs?
0
 

Author Comment

by:aackar
Comment Utility
I have already purchased 3 autonomous 1532 APs. I have 3 VLANs in total. I want to configure a point to multi-point Ethernet bridge. Any links you know off to any useful documents that could help me save some time on this?
0
 

Author Comment

by:aackar
Comment Utility
I'm obviously reading a bunch of Cisco docs but any links to anything that goes step by step for configuring a point to multi-point Ethernet bridge on these APs?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
Try this, substituting the <SSID> and <PRESHAREDKEY> with your own values...

Root Bridge

conf t
dot11 ssid <SSID>
 vlan 10
 authentication open
 authentication key-management wpa version 2
 wpa-psk ascii <PRESHAREDKEY>
!
interface Dot11Radio1
 encryption vlan 10 mode ciphers aes-ccm
 ssid <SSID>
 station-role root bridge
 no shutdown
!
interface Dot11Radio1.10
 encapsulation dot1q native 10
 bridge-group 1
!
interface Dot1Radio1.20
 encapsulation dot1q 20
 bridge-group 2
!
interface Dot11Radio1.30
 encapsulation dot1q 30
 bridge-group 3
!
interface GigabitEthernet0.10
 encapsulation dot1q 10 native
 bridge-group 1
!
interface GigabitEthernet0.20
 encapsulation dot1q 10
 bridge-group 2
!
interface GigabitEthernet0.30
 encapsulation dot1q 30
 bridge-group 3
!
interface BVI1
 ip address 10.0.0.1 255.255.255.0
 no shutdown
!
end

Open in new window


Non-Root Bridge

conf t
dot11 ssid <SSID>
 vlan 10
 authentication open
 authentication key-management wpa version 2
 wpa-psk ascii <PRESHAREDKEY>
!
interface Dot11Radio1
 encryption vlan 10 mode ciphers aes-ccm
 ssid <SSID>
 station-role non-root bridge
 no shutdown
!
interface Dot11Radio1.10
 encapsulation dot1q native 10
 bridge-group 1
!
interface Dot1Radio1.20
 encapsulation dot1q 20
 bridge-group 2
!
interface Dot11Radio1.30
 encapsulation dot1q 30
 bridge-group 3
!
interface GigabitEthernet0.10
 encapsulation dot1q 10 native
 bridge-group 1
!
interface GigabitEthernet0.20
 encapsulation dot1q 10
 bridge-group 2
!
interface GigabitEthernet0.30
 encapsulation dot1q 30
 bridge-group 3
!
interface BVI1
 ip address 10.0.0.2 255.255.255.0
 no shutdown
!
end

Open in new window

0
 

Author Comment

by:aackar
Comment Utility
great. Let me ask you this, the root bridge in this scenario is going to be at the main building here at the corporate campus and will be directly attached to the wired Ethernet network where there are 3 VLANs. The other 2 APs in this point to multi-point configuration are going to be attached to wired networks as well but will only contain endpoints like laptops, desktops etc. so those 2 wired networks will all be in just one VLAN. Should I just configure one VLAN on 2 those 2 APs or should I still have all 3? It's layer 2 so  you would think it wouldn't matter as far as routing but I"m not sure.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:aackar
Comment Utility
I followed your suggestion and got 2 APs to associate with each other and one can ping the other but the remote one can't ping the default gateway which should be possible since this is a on layer 2. So from the remote AP I can ping the BVI1 interface on the one that's plugged into the corporate network but I can't ping anything else on the corporate network.
Any ideas?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
What configuration do you have on the switch at the root end?  Is the switchport where the root connects configured as a trunk?
0
 

Author Comment

by:aackar
Comment Utility
it does connect to a trunk port. Other than that other ports have a data and voice vlan and are then there is a trunk port to the next switch.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Can you post the config you've put on the root, and the switchport config?
0
 

Author Comment

by:aackar
Comment Utility
ok, I have reloaded the AP and it works now.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now