Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1524
Views
0
Helpful
5
Replies

Single SSID on Autonomous AP

Go to solution
Adnan Ahmad
Level 1
Level 1

‎06-15-2016 11:25 PM - edited ‎07-05-2021 05:14 AM

Hi,

My question is if I have a single SSID on an autonomous AP so do i have to use the native vlan too. I mean what is the best practice in this case if the wireless vlan is say 10. 

Also do i have to use the bvi-1 or i have to creat another bvi for that vlan?

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-15-2016 11:31 PM

As per my experience...its not a must to use native vlan.

No you have to use only one BVI interface.

Just like this:

Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 20 cipher aes
!
ind d0.10
encapsulation dot1q 10
!
ind d1.10
encapsulation dot1q 10
!
ind gig0.10
encapsulation dot1q 10
!
int bvi1
ip address <ip><mask>

Regards

Dont forget to rate helpful posts

View solution in original post

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-15-2016 11:56 PM

And if you want to use a mgmt vlan and other vlan is for client then your config must look like this:

Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 10 cipher aes
!
!
ind d0.1
encapsulation dot1q 1
bridge-group 1
!
ind d1.1
encapsulation dot1q 1
bridge-group 1
!
ind gig0.1
encapsulation dot1q 1
bridge-group 1
!
ind d0.10
encapsulation dot1q 10
bridge-group 10
!
ind d1.10
encapsulation dot1q 10
bridge-group 10
!
ind gig0.10
encapsulation dot1q 10
bridge-group 10
!
int bvi1
ip address <ip><mask>

Configuration from the Switch Side

 conf t
 int Gig 1/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1,2

Regards

Dont forget to rate helpful posts

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-15-2016 11:31 PM

As per my experience...its not a must to use native vlan.

No you have to use only one BVI interface.

Just like this:

Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 20 cipher aes
!
ind d0.10
encapsulation dot1q 10
!
ind d1.10
encapsulation dot1q 10
!
ind gig0.10
encapsulation dot1q 10
!
int bvi1
ip address <ip><mask>

Regards

Dont forget to rate helpful posts

0 Helpful

Go to solution
Adnan Ahmad
Level 1
Level 1
In response to Sandeep Choudhary

‎06-15-2016 11:50 PM

Ok fine thanks alot bro.

0 Helpful

Go to solution
s-bhavsar
Level 1
Level 1
In response to Sandeep Choudhary

‎03-28-2019 04:16 AM

Hi

 

Is Dot1Q a must even though the AP is in autonomous mode using a single ssid and the switchport is configured as access port only.

Thanks

Ashish

 

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-15-2016 11:56 PM

And if you want to use a mgmt vlan and other vlan is for client then your config must look like this:

Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 10 cipher aes
!
!
ind d0.1
encapsulation dot1q 1
bridge-group 1
!
ind d1.1
encapsulation dot1q 1
bridge-group 1
!
ind gig0.1
encapsulation dot1q 1
bridge-group 1
!
ind d0.10
encapsulation dot1q 10
bridge-group 10
!
ind d1.10
encapsulation dot1q 10
bridge-group 10
!
ind gig0.10
encapsulation dot1q 10
bridge-group 10
!
int bvi1
ip address <ip><mask>

Configuration from the Switch Side

 conf t
 int Gig 1/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1,2

Regards

Dont forget to rate helpful posts

0 Helpful

Go to solution
m.rana.ku
Level 1
Level 1

‎12-29-2020 11:15 PM

Hi,

In the following video step by step process has been shown How to Configure Cisco AIRONET 3602i Autonomous/Standalone Access Point using CLI with WPAv2 Authentication Key.

 

https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1

 

https://www.youtube.com/watch?v=JkUfTXuwj2U

 

============ For 2.4 GHz Radio Interface ============

Step 1: Access Cisco AP|Reset AP| Assign static IP for BVI1 Interface |Default-gateway IP
ap>enable
Password: Cisco [Cisco AP default Password]
## Reset the Access Point with pressing and holding mode button ##
ap#configure terminal
ap(config)#interface bvI 1
ap(config-if)#ip address 192.168.2.4 255.255.255.0 [According to my network setup]
ap(config-if)#exit
ap(config)#ip default-gateway 192.168.2.1 [According to my network setup]

Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication

ap(config)#dot11 ssid Cisco_WLAN [ Create SSID named Cisco_WLAN]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit

Step 3: Enable Encryption to 4.2GHz Radio interface | Apply SSID to interface| Enable Radio Interface

ap(config)#interface dot11Radio 0 [Selecting 4.2 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN [Applying SSID to Radio interface]
ap(config-if)#channel least-congested [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 4.2 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
================ For 5 GHz Radio Interface =======================

Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication

ap(config)#dot11 ssid Cisco_WLAN 5GHz [ Create SSID named Cisco_WLAN 5GHz ]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit

Step 3: Enable Encryption to 5 GHz Radio interface | Apply SSID to interface| Enable Radio Interface

ap(config)#interface dot11Radio 1 [Selecting 5 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN 5GHz [Applying SSID to Radio interface]
ap(config-if)# channel 36 [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 5 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card