Introduction If you've been asked to design a Cisco Spaces deployment, you've probably realized something quickly: this isn't just another wireless feature you toggle on. Cisco Spaces is a cloud platform that turns your existing Wi-Fi n...
Knowledge Base Articles
The instructions in this article utilize a ThousandEyes Virtual Appliance (TEVA) for demonstration purposes only. TEVAs are locked and permit only a subset of privileged commands to be run. Please use the guidance below for creating a self-signed cer...
Introduction 1. PowerShell Script Creation 2. SCCM Application Creation & Configuration >2.1 Create the Application >2.2 Specify SCCM Application Settings >2.3 Configure the PowerShell Script Execution in SCCM >2.4 Distribution Settings >2.5 Poduct C...
A Practical Guide for IT Professionals & Network EngineersAuthor: Raghavender Reddy PatiDate: March 25, 2026Version: 1.0Disclaimer: This whitepaper reflects the author's personal experience and opinions. It is not affiliated with or endorsed by Cisco...
Join us to explore practical automation solutions for Meraki networks through APIs, workflows, and Infrastructure as Code tools like Ansible and Terraform. This series will guide you in simplifying network configuration and management, enabling faste...
ResolutionYou can analyze network traffic passing through ports by using Switched Port Analyzer (SPAN). This sends a copy of the traffic to another port on the switch that has been connected to a SwitchProbe device, another Remote Monitoring (RMON) p...
Introduction >What are Handlebars and why are they important? Understanding Handlebars for Webhook Alerts >Basic Handlebars Concepts >> 1. Expression ({{variable}}) >> 2. Context >> 3. Nested Data Access >Built-in Block Helpers - if, each, with >Adva...
Q. What is Catalyst Center Global Manager (CCGM)? Q. How does Catalyst Center Global Manager (CCGM) deliver business value to enterprises? Q. Which Catalyst Center features are supported in Catalyst Center Global Manager (CCGM)? Q. How many Catalyst ...
Introduction, Overview & Requirements MCP Workflow Overview Cursor MCP Client Capabilities Requirements Step 1: Configure the ThousandEyes MCP Server Step 2: Enabling or Disabling MCP Tools Step 3: Run your first ThousandEyes Workflow in Cursor Examp...
Introduction Why is this important? Pre-requisites & Assumptions Step 1: Setting up an OAuth Application Registry in ServiceNow Step 2: Integrations 2.0 Configuration on ThousandEyes Step 3: Configure ThousandEyes alerts to notify the Operation in Se...
Introduction Ways to regenerate ThousandEyes API tokens 1. Revoke the existing bearer token. 2. Create a new bearer token. 3. The step also involves passingMulti factor authentication (MFA), where a code would be sent to your email. 4. Then you’d nee...
Q. What is Cisco Catalyst Center AI Assistant Feature? Q. What version of Catalyst Center do I need to be on to get Catalyst Center AI Assistant feature? Q. How do I access the AI Assistant? Q. Is internet connectivity required? Q. What are the pri...
Overview Step One: Validate Data from the Exporter Side > 1. NetFlow Configuration Comparison. > 2. Ensure NetFlow meets the minimum requirements. > 3. Verify NetFlow Transmission. Step Two: Confirm & Analyze Agent Packet Capture > 1. Initiate Captur...
Overview :With PIM Bidirectional, all packets move on the shared tree so RP redundancy is even more important than with PIM Sparse-Mode where RP failover has only an impact on newly active streams...Despite PIM SM, there is no point with PIM Bidir to...
Access VLANs and Internet through multiple wireless SSIDs, using Autonomous AP AIR-CAP3702
Challenge:
Access internet through autonomous Access Point (Air-Cap3702i-e-k9) which populated multiple SSIDs that connected to the VLANs at Remote Office.
Diagnoses:
With having difficulties establishing a link (connection) between Lightweight Access Point (Air-CAP3702-E-K9) and Wireless Controller (WLC4402) to access WLANs.
Solution:
- Update and install IOS and convert Lightweight AP (Air-CAP3702i-E-K9) to Autonomous AP. (There are lot of resources available on the internet on how to convert Lightweight AP to Autonomous AP).
- Configuring L3SW-CW3560 Cisco switch, L2SW-CW2960 Cisco switch, Router-1802 and Autonomous AP AIR-CAP3702i-E-K9 to access multiple SSID.
- Through multiple SSID access VLANs and Internet at Micro-office.
Special Note:
Here mentioned ip addresses and passwords are imaginary once those are not use in real but only for educational purpose use them in here.
The CLI commands created here only for few VLANs and SSIDs for easy understanding as an example VLAN 10 and VLAN 20. Below attached files contain complete list of VLANs and SSIDs which configuerd each device, those CLI commands can use for study purposes and references. SSIDs names and VLANs names are same which use for easiness but can be used different friendly name for each SSIDs even though have to remember to assign correct VLAN number for each SSID.
Topology:
Configurations
L2SW-CISCO 2960 Configuration
Create VLANs 50, 60, 70 and 100
Assigned VLANs to Switchports
L2SW-48P#conf t
L2SW-48P(config)#vlan 50
L2SW-48P(config-vlan)#name AP-VLAN50
L2SW-48P(config)#vlan 60
L2SW-48P(config-vlan)#name AP-VLAN60
L2SW-48P(config)#int range f0/1-6
L2SW-48P(config-if-range)#Switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 50
L2SW-48P(config-if-range)#spanning-tree portfast
L2SW-48P(config-if-range)#no shutdown
L2SW-48P(config)#int range f0/7-12
L2SW-48P(config-if-range)#switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 60
L2SW-48P(config-if-range)#
:
Configure interface G0/2 (GigabiteEthernet 0/2) to trunkport
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to L3SW-Cisco3560 <-- trunk link -->
L2SW-48P(config-if)#switchport mode trunk
L2SW-48P(config-if)#no shut
Interface G0/1 (GigabiteEthernet 0/1) connection to ISP Router Local port
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to ISP-1 Router Local port <--
L3SW-CISCO 3560 Configuration
Create VLANs 10, 20, 50, 60, 70 and 100
L3SW-24P#conf t
L3SW-24P(config)#vlan 10
L3SW-24P(config-vlan)#name AP-VLAN10
L3SW-24P(config)#vlan 20
L3SW-24P(config-vlan)#name AP-VLAN20
Assigned VLANs to Switchports
L3SW-24P(config)#int range f0/1-4
L3SW-24P(config-if-range)#Switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 10
L3SW-24P(config-if-range)#spanning-tree portfast
L3SW-24P(config-if-range)#no shutdown
L3SW-24P(config)#int range f0/5-8
L3SW-24P(config-if-range)#switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 20
L3SW-24P(config-if-range)#
:
Configure interfaces G0/2, F0/23 and F0/24 switchports
Configure interface G0/2 (GigabiteEthernet 0/2) no switchport
L3SW-24P(config)#int G0/2
L3SW-24P(config-if)#description --> connection to Router-1802 <--
L3SW-24P(config-if)#no switchport
L3SW-24P(config-if)#ip address 172.168.100.2 255.255.255.0
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/23
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/24
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport trunk allowed vlan 10-200 //Vlan1 not allowed
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Interface G0/1 (GigabiteEthernet 0/1) connection to ISP Router Local port
L3SW-24P(config)#int G0/1
L3SW-24P(config-if)#description --> connection to ISP-2 Router Local port <--
Creating interfaces for each VLAN and assigned IP address.
L3SW-24P(config)#int VLAN 1
L3SW-24P(config-if)#ip address 192.168.1.5 255.255.255.128
L3SW-24P(config)#int VLAN 10
L3SW-24P(config-if)#ip address 172.168.10.5 255.255.255.0
L3SW-24P(config)#int VLAN 20
L3SW-24P(config-if)#ip address 172.168.20.5 255.255.255.0
:
Routing
L3SW-24P(config)#ip routing
L3SW-24P(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
L3SW-24P(config)#ip default-gateway 192.168.1.5
L3SW-24P(config)#router eigrp 10
L3SW-24P(config-router)#network 10.0.0.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.10.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.20.0 0.255.255.255
:
Creating DHCP pool
L3SW-24P(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.10.1 172.168.10.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.20.1 172.168.20.5
:
L3SW-24P(config)#ip dhcp pool Local-VLAN1
L3SW-24P(dhcp-config)#default-router 192.168.1.5
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN10
L3SW-24P(dhcp-config)#network 172.168.10.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.10.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN20
L3SW-24P(dhcp-config)#network 172.168.20.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.20.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
Autonomous AP – AIR-CAP3702i Configuration
Creating multiple SSIDs and assigned VLANs
ap(config)#dot11 ssid AP-VLAN10
ap(config-ssid)#vlan 10
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password987
ap(config-ssid)#mbssid guest-mode
ap(config)# dot11 ssid AP-VLAN20
ap(config-ssid)#vlan 20
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password123
ap(config-ssid)#mbssid guest-mode
ap(config-ssid)#
:
Populate SSIDs on 2.4GHz Wireless LAN
ap(config)#int dot11radio 0
ap(config-if)#no ip address
ap(config-if)#encryption vlan 10 mode ciphers aes-ccm
ap(config-if)#encryption vlan 20 mode ciphers aes-ccm
ap(config-if)#
ap(config-if)#ssid AP-VLAN10
ap(config-if)#ssid AP-VLAN20
ap(config-if)#
ap(config-if)#mbssid
ap(config-if)#station-role root access-point
ap(config-if)#exit
Creates sub-interfaces
ap(config)#int dot11radio 0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
ap(config)#int dot11radio 0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int dot11radio 0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Populate SSIDs on 5.0GHz Wireless LAN (It is same as 2.4GHz)
ap(config)#int dot11radio 1.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
:
AP-Air-CAP3702, GigabitEthernet 0 connect to Fastethernet 0/23 at L3SW-Cisco3560 using UTP cable.
AP Interface GigabitEthernet 0 configuration
ap(config)#int g0
ap(config-if)#ip address dhcp !(One of ip address get from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config)#int g0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config)#int g0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int g0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Interface BVI 1 configuration
ap(config)#int bvi 1
ap(config-if)#ip add 192.168.1.37 255.255.255.128 !(One of static ip address from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config-if)#exit
Routing
ap(config)#ip routing
ap(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
ap(config)#ip default-gateway 192.168.1.5 !(L3SW-Cisco3560 VLAN 1 interface IP address, otherwise it could not get correct IP address for each different VLAN and not possible to get internet access)
Router – Cisco 1812 configuration
Configure Interfaces FastEthernet 0 and FastEthernet 1
RT-1812W(config)#interface FastEthernet0
RT-1812W(config)#description --> Connection to L3SW-3560 Nat INSIDE <--
RT-1812W(config-if)#ip address 172.168.100.1 255.255.255.0
RT-1812W(config-if)# ip nat inside
RT-1812W(config-if)#exit
RT-1812W(config)#interface FastEthernet1
RT-1812W(config-if)# description --> Connection to ISP Router's port Nat OUTSIDE <--
RT-1812W(config-if)# ip address 192.168.0.144 255.255.255.0 !(set static IP address from Local Vlan pool)
RT-1812W(config-if)# ip nat outside
RT-1812W(config-if)#exit
Routing
RT-1812W(config)#ip routing
RT-1812W(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 !(ISP local router LAN ip address)
RT-1812W(config)#ip route 10.0.0.0 255.0.0.0 172.168.100.2 !(L3SW- Cisco3560 interface G0/2)
RT-1812W(config)#ip route 172.168.10.0 255.255.255.0 172.168.100.2
RT-1812W(config)#ip route 172.168.20.0 255.255.255.0 172.168.100.2
RT-1812W(config)#router eigrp 10
RT-1812W(config-router)#network 10.0.0.0 0.255.255.255
RT-1812W(config-router)#network 172.168.10.0 0.0.0.255
RT-1812W(config-router)#network 172.168.20.0 0.0.0.255
RT-1812W(config-router)#exit
RT-1812W(config)#ip default-gateway 192.168.0.144 !(FastEthernet 1)
RT-1812W(config)#ip name-server 83.255.255.3 192.168.0.1 192.168.1.1 8.8.8.8
Access-list
RT-1812W(config)#ip access-list standard AP-VLAN-Group1
RT-1812W(config-std-nacl)#permit 10.0.0.0 0.255.255.255
RT-1812W(config-std-nacl)#permit 172.168.10.0 0.0.0.255
RT-1812W(config-std-nacl)#permit 172.168.20.0 0.0.0.255
RT-1812W(config-std-nacl)#exit
RT-1812W(config)#ip nat inside source list AP-VLAN-Group1 interface FastEthernet1 overload
RT-1812W(config)#
siskum
Spotlight