cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
364
Views
0
Helpful
0
Comments
siskum
Spotlight
Spotlight

Access VLANs and Internet through multiple wireless SSIDs, using Autonomous AP AIR-CAP3702

Challenge: 

Access internet through autonomous Access Point (Air-Cap3702i-e-k9) which populated multiple SSIDs that connected to the VLANs at Remote Office. 

Diagnoses: 

With having difficulties establishing a link (connection) between Lightweight Access Point (Air-CAP3702-E-K9) and Wireless Controller (WLC4402) to access WLANs. 

Solution: 

  1. Update and install IOS and convert Lightweight AP (Air-CAP3702i-E-K9) to Autonomous AP. (There are lot of resources available on the internet on how to convert Lightweight AP to Autonomous AP). 
  2. Configuring L3SW-CW3560 Cisco switch, L2SW-CW2960 Cisco switch, Cisco Router-1812 and Autonomous AP AIR-CAP3702i-E-K9 to access multiple SSID.
  3. Through multiple SSID access VLANs and Internet at Micro-office.

Special Note:

Here mentioned ip addresses and passwords are imaginary once those are not use in real but only for educational purpose use them in here.

The CLI commands created here only for few VLANs and SSIDs for easy understanding as an example VLAN 10 and VLAN 20. Below attached files contain complete list of VLANs and SSIDs which configuerd each device, those CLI commands can use for study purposes and references. SSIDs names and VLANs names are same which use for easiness but can be used different friendly name for each SSIDs even though have to remember to assign correct VLAN number for each SSID. 

Topology:

Multiple VLANs access through SSIDs using Air-CAP3702I LWAPMultiple VLANs access through SSIDs using Air-CAP3702I LWAP

 

Configurations

L2SW-CISCO 2960  Configuration

Create VLANs 50, 60, 70 and 100
Assigned VLANs to Switchports
L2SW-48P#conf t
L2SW-48P(config)#vlan 50
L2SW-48P(config-vlan)#name AP-VLAN50
L2SW-48P(config)#vlan 60
L2SW-48P(config-vlan)#name AP-VLAN60
L2SW-48P(config)#int range f0/1-6
L2SW-48P(config-if-range)#Switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 50
L2SW-48P(config-if-range)#spanning-tree portfast
L2SW-48P(config-if-range)#no shutdown
L2SW-48P(config)#int range f0/7-12
L2SW-48P(config-if-range)#switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 60
L2SW-48P(config-if-range)#
:
Configure interface G0/2 (GigabiteEthernet 0/2) to trunkport
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to L3SW-Cisco3560 <-- trunk link -->
L2SW-48P(config-if)#switchport mode trunk
L2SW-48P(config-if)#no shut
Interface G0/1 (GigabiteEthernet 0/1) connection to ISP Router Local port
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to ISP-1 Router Local port <--

L3SW-CISCO 3560  Configuration

Create VLANs 10, 20, 50, 60, 70 and 100
L3SW-24P#conf t
L3SW-24P(config)#vlan 10
L3SW-24P(config-vlan)#name AP-VLAN10
L3SW-24P(config)#vlan 20
L3SW-24P(config-vlan)#name AP-VLAN20
Assigned VLANs to Switchports
L3SW-24P(config)#int range f0/1-4
L3SW-24P(config-if-range)#Switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 10
L3SW-24P(config-if-range)#spanning-tree portfast
L3SW-24P(config-if-range)#no shutdown
L3SW-24P(config)#int range f0/5-8
L3SW-24P(config-if-range)#switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 20
L3SW-24P(config-if-range)#
:
Configure interfaces G0/2, F0/23 and F0/24 switchports
Configure interface G0/2 (GigabiteEthernet 0/2) no switchport
L3SW-24P(config)#int G0/2
L3SW-24P(config-if)#description --> connection to Router-1802 <--
L3SW-24P(config-if)#no switchport
L3SW-24P(config-if)#ip address 172.168.100.2 255.255.255.0
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/23
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/24
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport trunk allowed vlan 10-200  //Vlan1 not allowed
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Creating interfaces for each VLAN and assigned IP address.
L3SW-24P(config)#int VLAN 1
L3SW-24P(config-if)#ip address 192.168.1.5 255.255.255.128
L3SW-24P(config)#int VLAN 10
L3SW-24P(config-if)#ip address 172.168.10.5 255.255.255.0
L3SW-24P(config)#int VLAN 20
L3SW-24P(config-if)#ip address 172.168.20.5 255.255.255.0
:
Routing
L3SW-24P(config)#ip routing
L3SW-24P(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
L3SW-24P(config)#ip default-gateway 192.168.1.5
L3SW-24P(config)#router eigrp 10
L3SW-24P(config-router)#network 10.0.0.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.10.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.20.0 0.255.255.255
:
Creating DHCP pool
L3SW-24P(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.10.1 172.168.10.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.20.1 172.168.20.5
:
L3SW-24P(config)#ip dhcp pool Local-VLAN1

L3SW-24P(dhcp-config)#network 192.168.1.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 192.168.1.5
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN10
L3SW-24P(dhcp-config)#network 172.168.10.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.10.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN20
L3SW-24P(dhcp-config)#network 172.168.20.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.20.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3

Autonomous AP – AIR-CAP3702i Configuration

Creating multiple SSIDs and assigned VLANs
ap(config)#dot11 ssid AP-VLAN10
ap(config-ssid)#vlan 10
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password987
ap(config-ssid)#mbssid guest-mode
ap(config)# dot11 ssid AP-VLAN20
ap(config-ssid)#vlan 20
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password123
ap(config-ssid)#mbssid guest-mode
ap(config-ssid)#
:
Populate SSIDs on 2.4GHz Wireless LAN
ap(config)#int dot11radio 0
ap(config-if)#no ip address
ap(config-if)#encryption vlan 10 mode ciphers aes-ccm
ap(config-if)#encryption vlan 20 mode ciphers aes-ccm
ap(config-if)#
ap(config-if)#ssid AP-VLAN10
ap(config-if)#ssid AP-VLAN20
ap(config-if)#
ap(config-if)#mbssid
ap(config-if)#station-role root access-point
ap(config-if)#exit
Creates sub-interfaces
ap(config)#int dot11radio 0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
ap(config)#int dot11radio 0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int dot11radio 0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Populate SSIDs on 5.0GHz Wireless LAN (It is same as 2.4GHz)
ap(config)#int dot11radio 1.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
:
AP-Air-CAP3702, GigabitEthernet 0 connect to Fastethernet 0/23 at L3SW-Cisco3560 using UTP cable.
AP Interface GigabitEthernet 0 configuration
ap(config)#int g0
ap(config-if)#ip address dhcp !(One of ip address get from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config)#int g0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config)#int g0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int g0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Interface BVI 1 configuration
ap(config)#int bvi 1
ap(config-if)#ip add 192.168.1.37 255.255.255.128 !(One of static ip address from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config-if)#exit
Routing
ap(config)#ip routing
ap(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
ap(config)#ip default-gateway 192.168.1.5 !(L3SW-Cisco3560 VLAN 1 interface IP address, otherwise it could not get correct IP address for each different VLAN and not possible to get internet access)

Router – Cisco 1812 configuration

Configure Interfaces FastEthernet 0 and FastEthernet 1

RT-1812W(config)#interface FastEthernet0
RT-1812W(config)#description --> Connection to L3SW-3560 Nat INSIDE <--
RT-1812W(config-if)#ip address 172.168.100.1 255.255.255.0
RT-1812W(config-if)# ip nat inside
RT-1812W(config-if)#exit
RT-1812W(config)#interface FastEthernet1
RT-1812W(config-if)# description --> Connection to ISP Router's port Nat OUTSIDE <--
RT-1812W(config-if)# ip address 192.168.0.144 255.255.255.0 !(set static IP address from Local Vlan pool)
RT-1812W(config-if)# ip nat outside
RT-1812W(config-if)#exit
Routing
RT-1812W(config)#ip routing
RT-1812W(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 !(ISP local router LAN ip address)
RT-1812W(config)#ip route 10.0.0.0 255.0.0.0 172.168.100.2 !(L3SW- Cisco3560 interface G0/2)
RT-1812W(config)#ip route 172.168.10.0 255.255.255.0 172.168.100.2
RT-1812W(config)#ip route 172.168.20.0 255.255.255.0 172.168.100.2
RT-1812W(config)#router eigrp 10
RT-1812W(config-router)#network 10.0.0.0 0.255.255.255
RT-1812W(config-router)#network 172.168.10.0 0.0.0.255
RT-1812W(config-router)#network 172.168.20.0 0.0.0.255
RT-1812W(config-router)#exit
RT-1812W(config)#ip default-gateway 192.168.0.144 !(FastEthernet 1)
RT-1812W(config)#ip name-server 83.255.255.3 192.168.0.1 192.168.1.1 8.8.8.8
Access-list
RT-1812W(config)#ip access-list standard AP-VLAN-Group1
RT-1812W(config-std-nacl)#permit 10.0.0.0 0.255.255.255
RT-1812W(config-std-nacl)#permit 172.168.10.0 0.0.0.255
RT-1812W(config-std-nacl)#permit 172.168.20.0 0.0.0.255
RT-1812W(config-std-nacl)#exit
RT-1812W(config)#ip nat inside source list AP-VLAN-Group1 interface FastEthernet1 overload
RT-1812W(config)#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking for a $25 gift card