This configuration example has 2 vlans, vlan 1 and vlan 2 , each mapped to a different SSID with WPA-PSK security
sh run Building configuration...
Current configuration : 2452 bytes ! ! Last configuration change at 23:53:27 UTC Wed Mar 27 2002 ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$.lNK$ellDG1B2CZJnj82Wqn8iL0 ! no aaa new-model ! ! dot11 syslog ! dot11 ssid GUESTRITS vlan 2 <<<vlan 2 mapped to GUESTRITS SSID...Use the vlan as per the network configuration
authentication open authentication key-management wpa wpa-psk ascii 0 cisco123 ! ip source-route ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.254 ! ip dhcp pool GUESTRITS <<<<We have a DHCP pool for GUESTRITS SSID...wireless users connecting to this SSID will get IP from this pool
network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 ! ip cef ! cwmp agent management server username 00000C-CISCO871W%2dG%2dA%2dK9V05-FHK12502AJ2 ! bridge irb ! ! interface FastEthernet0 switchport trunk allowed vlan 1,2,1002-1005<<<We are allowing only the vlans meant for wireless access...Modify this as per the needs
switchport mode trunk ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 no ip address shutdown duplex auto speed auto ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers tkip<<<tkip is the cipher ! encryption vlan 2 mode ciphers tkip ! ssid GUESTRITS ! ssid INTERNAL ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native<<<vlan 1 is native
bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.2 encapsulation dot1Q 2 bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding ! interface Vlan1 no ip address bridge-group 1
interface Vlan2 no ip address bridge-group 2 ! interface BVI1 ip address 10.0.0.2 255.255.255.0 ! interface BVI2 ip address 192.168.1.1 255.255.255.0 ! ip forward-protocol nd no ip http server no ip http secure-server ! ! control-plane ! bridge 1 protocol ieee <<<Bridge group 1 is always used for bridging native vlan traffic to the radio interface... <<< bridge group 2 for bridging vlan 2 with radio interface here... bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 password cisco login ! exception data-corruption buffer truncate scheduler max-task-time 5000 end
I happen to own a WAP150 access point legally imported to Israel, although by some reason it reports country code DE in Wi-Fi network announcements. Wrong country code causes a lot of compatibility issues with 802.11AC-standard devices. For example, ...
Hi All,We have 100 APs at site on AIreos WLC. We want only 10 APs to be migrated on 9800-CL WLC.What should be approach?When we migrate one AP as test by defining 9800-CL WLC IP in HA of Access Point as primary controller, it gives below error%CAPWAPAC_SM...
Morning/Evening everyone, Stupid question but is the Cisco 2504 Wireless Controller able to connect and manage a Catalyst 9100 AP? If not what's the highest gen model of AP's we can go with before running into compatibility issues? Right now we're lo...