The Cisco Document Team has posted an article. This document describes how to configure Enhanced Open with Transition Mode on Catalyst 9800 Wireless LAN Controller (9800 WLC) Know of something that needs documenting? Share a ne...
The Cisco Document Team has posted an article. This document describes how to configure Enhanced Open with Transition Mode on Catalyst 9800 Wireless LAN Controller (9800 WLC) Know of something that needs documenting? Share a ne...
IntroductionBackup an IOS image using TFTP Backup an IOS image using FTP Backup an IOS image using RCP Preparing to Download or Upload an Image File by Using TFTPReference IntroductionYou can backup the IOS image on the access point using TFTP, FTP, ...
IntroductionJoining Process of an Cisco Access PointObjectiveLAP needs to join to the WLCSteps(Every device on a network needs to have an ip address, and a LAP is no exception)1. AP needs ip address in the said order(1. it has on its own already 2....
Table of Contents Table of ContentsOverviewConnecting a Catalyst 9800 WLC to Cisco DNA Center ManuallyConnecting an AireOS WLC to Cisco DNA Center ManuallyCisco DNA Center Assurance Deployment Guide References Overview The purpose of this document...
The Cisco Document Team has posted an article. This document describes how to implement SDA for wireless technology related to fabric enabled WLC and access LAP on DNAC. Know of something that needs documenting? Share a new doc...
The Cisco Document Team has posted an article. This document describes how to configure Local Web Authentication with External Authentication on a 9800 WLC and ISE. Know of something that needs documenting? Share a new document...
We have found that 1832I series APs of -Z domain is not able to get power level of 17 dBm on UNI-1 channel on code 8.5.x.x or lower.: But at the latest codes, say 8.10.183.0, AP supports power level upto 17 dbm: Total Supported Power Levels:7Allowe...
IntroductionCisco has come up with bunch of features those were developed to help Service Provider in deploying large network in public area and named it as SP Wi-fi but it does not mean that it is limited to Service Providers. Anybody can use SP Wi...
We have found that 1832I series APs of -Z domain is not able to get power level of 17 dBm on UNI-1 channel on code 8.5.x.x or lower.: But at the latest codes, say 8.10.183.0, AP supports power level upto 17 dbm: Total Supported Power Levels:7Allow...
IntroductionSolution Introduction Multicast and the Wireless LAN Controller (WLC) Solution Lots of people seem to be confused by multicast, in general, and specifically how the WLC comes into the mix. This document is meant to be an overview of wh...
IntroductionThe data rate display format employed for 802.11ac is, Format: aX.YcZX = mcs (modulation coding scheme) 0-9 Y = No of spatial streams, 1-3. Z = Bandwidth 2, 4, 8 (2 = 20Mhz, 4=40Mhz, 8=80Mhz) c = b for Beamform, s for STBC, - none s = G...
The Cisco Document Team has posted an article. This document describes how to configure FlexConnect with central or local authentication on Catalyst 9800 Wireles LAN controller. Know of something that needs documenting? Share a...
The Cisco Document Team has posted an article. This document describes the implementation of the Bonjour protocol on the wireless controller and provides guidelines to help troubleshoot issues. Know of something that needs docu...
The Cisco Document Team has posted an article. This document describes steps to collect important debugs or show commands from Catalyst 9800 Wireless LAN Controllers (WLC). Know of something that needs documenting? Share a new ...
The Cisco Document Team has posted an article. This article will explain how to configure SNMP monitoring on Cisco 3504 Wireless LAN Controller (WLC). Know of something that needs documenting? Share a new document request to do...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
Access VLANs and Internet through multiple wireless SSIDs, using Autonomous AP AIR-CAP3702
Challenge:
Access internet through autonomous Access Point (Air-Cap3702i-e-k9) which populated multiple SSIDs that connected to the VLANs at Remote Office.
Diagnoses:
With having difficulties establishing a link (connection) between Lightweight Access Point (Air-CAP3702-E-K9) and Wireless Controller (WLC4402) to access WLANs.
Solution:
Special Note:
Here mentioned ip addresses and passwords are imaginary once those are not use in real but only for educational purpose use them in here.
The CLI commands created here only for few VLANs and SSIDs for easy understanding as an example VLAN 10 and VLAN 20. Below attached files contain complete list of VLANs and SSIDs which configuerd each device, those CLI commands can use for study purposes and references. SSIDs names and VLANs names are same which use for easiness but can be used different friendly name for each SSIDs even though have to remember to assign correct VLAN number for each SSID.
Topology:
Configurations
L2SW-CISCO 2960 Configuration
Create VLANs 50, 60, 70 and 100
Assigned VLANs to Switchports
L2SW-48P#conf t
L2SW-48P(config)#vlan 50
L2SW-48P(config-vlan)#name AP-VLAN50
L2SW-48P(config)#vlan 60
L2SW-48P(config-vlan)#name AP-VLAN60
L2SW-48P(config)#int range f0/1-6
L2SW-48P(config-if-range)#Switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 50
L2SW-48P(config-if-range)#spanning-tree portfast
L2SW-48P(config-if-range)#no shutdown
L2SW-48P(config)#int range f0/7-12
L2SW-48P(config-if-range)#switchport mode access
L2SW-48P(config-if-range)#switchport access vlan 60
L2SW-48P(config-if-range)#
:
Configure interface G0/2 (GigabiteEthernet 0/2) to trunkport
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to L3SW-Cisco3560 <-- trunk link -->
L2SW-48P(config-if)#switchport mode trunk
L2SW-48P(config-if)#no shut
Interface G0/1 (GigabiteEthernet 0/1) connection to ISP Router Local port
L2SW-48P(config)#int g0/2
L2SW-48P(config-if)#description --> connection to ISP-1 Router Local port <--
L3SW-CISCO 3560 Configuration
Create VLANs 10, 20, 50, 60, 70 and 100
L3SW-24P#conf t
L3SW-24P(config)#vlan 10
L3SW-24P(config-vlan)#name AP-VLAN10
L3SW-24P(config)#vlan 20
L3SW-24P(config-vlan)#name AP-VLAN20
Assigned VLANs to Switchports
L3SW-24P(config)#int range f0/1-4
L3SW-24P(config-if-range)#Switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 10
L3SW-24P(config-if-range)#spanning-tree portfast
L3SW-24P(config-if-range)#no shutdown
L3SW-24P(config)#int range f0/5-8
L3SW-24P(config-if-range)#switchport mode access
L3SW-24P(config-if-range)#switchport access vlan 20
L3SW-24P(config-if-range)#
:
Configure interfaces G0/2, F0/23 and F0/24 switchports
Configure interface G0/2 (GigabiteEthernet 0/2) no switchport
L3SW-24P(config)#int G0/2
L3SW-24P(config-if)#description --> connection to Router-1802 <--
L3SW-24P(config-if)#no switchport
L3SW-24P(config-if)#ip address 172.168.100.2 255.255.255.0
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/23
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Configure FastEthernet 0/23 as Trunk
L3SW-24P(config)#int F0/24
L3SW-24P(config-if)#description --> connection to Air-CAP3702I AutonomousAP <--
L3SW-24P(config-if)#switchport trunk encapsulation dot1q
L3SW-24P(config-if)#switchport trunk allowed vlan 10-200 //Vlan1 not allowed
L3SW-24P(config-if)#switchport mode trunk
L3SW-24P(config-if)#spanning-tree portfast
L3SW-24P(config-if)#no shut
Interface G0/1 (GigabiteEthernet 0/1) connection to ISP Router Local port
L3SW-24P(config)#int G0/1
L3SW-24P(config-if)#description --> connection to ISP-2 Router Local port <--
Creating interfaces for each VLAN and assigned IP address.
L3SW-24P(config)#int VLAN 1
L3SW-24P(config-if)#ip address 192.168.1.5 255.255.255.128
L3SW-24P(config)#int VLAN 10
L3SW-24P(config-if)#ip address 172.168.10.5 255.255.255.0
L3SW-24P(config)#int VLAN 20
L3SW-24P(config-if)#ip address 172.168.20.5 255.255.255.0
:
Routing
L3SW-24P(config)#ip routing
L3SW-24P(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
L3SW-24P(config)#ip default-gateway 192.168.1.5
L3SW-24P(config)#router eigrp 10
L3SW-24P(config-router)#network 10.0.0.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.10.0 0.255.255.255
L3SW-24P(config-router)#network 172.168.20.0 0.255.255.255
:
Creating DHCP pool
L3SW-24P(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.10.1 172.168.10.5
L3SW-24P(config)#ip dhcp excluded-address 172.168.20.1 172.168.20.5
:
L3SW-24P(config)#ip dhcp pool Local-VLAN1
L3SW-24P(dhcp-config)#default-router 192.168.1.5
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN10
L3SW-24P(dhcp-config)#network 172.168.10.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.10.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
L3SW-24P(config)#ip dhcp pool AP-VLAN20
L3SW-24P(dhcp-config)#network 172.168.20.0 255.255.255.0
L3SW-24P(dhcp-config)#default-router 172.168.20.1
L3SW-24P(dhcp-config)#dns-server 83.255.255.3
Autonomous AP – AIR-CAP3702i Configuration
Creating multiple SSIDs and assigned VLANs
ap(config)#dot11 ssid AP-VLAN10
ap(config-ssid)#vlan 10
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password987
ap(config-ssid)#mbssid guest-mode
ap(config)# dot11 ssid AP-VLAN20
ap(config-ssid)#vlan 20
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#wpa-psk ascii Password123
ap(config-ssid)#mbssid guest-mode
ap(config-ssid)#
:
Populate SSIDs on 2.4GHz Wireless LAN
ap(config)#int dot11radio 0
ap(config-if)#no ip address
ap(config-if)#encryption vlan 10 mode ciphers aes-ccm
ap(config-if)#encryption vlan 20 mode ciphers aes-ccm
ap(config-if)#
ap(config-if)#ssid AP-VLAN10
ap(config-if)#ssid AP-VLAN20
ap(config-if)#
ap(config-if)#mbssid
ap(config-if)#station-role root access-point
ap(config-if)#exit
Creates sub-interfaces
ap(config)#int dot11radio 0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
ap(config)#int dot11radio 0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int dot11radio 0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Populate SSIDs on 5.0GHz Wireless LAN (It is same as 2.4GHz)
ap(config)#int dot11radio 1.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
:
AP-Air-CAP3702, GigabitEthernet 0 connect to Fastethernet 0/23 at L3SW-Cisco3560 using UTP cable.
AP Interface GigabitEthernet 0 configuration
ap(config)#int g0
ap(config-if)#ip address dhcp !(One of ip address get from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config)#int g0.1
ap(config-subif)#encapsulation dot1q 1 native
ap(config-subif)#bridge-group 1
ap(config)#int g0.10
ap(config-subif)#encapsulation dot1q 10
ap(config-subif)#bridge-group 10
ap(config)#int g0.20
ap(config-subif)#encapsulation dot1q 20
ap(config-subif)#bridge-group 20
ap(config-subif)#exit
Interface BVI 1 configuration
ap(config)#int bvi 1
ap(config-if)#ip add 192.168.1.37 255.255.255.128 !(One of static ip address from local vlan1 dhcp pool)
ap(config-if)#no shut
ap(config-if)#exit
Routing
ap(config)#ip routing
ap(config)#ip route 0.0.0.0 0.0.0.0 172.168.100.1
ap(config)#ip default-gateway 192.168.1.5 !(L3SW-Cisco3560 VLAN 1 interface IP address, otherwise it could not get correct IP address for each different VLAN and not possible to get internet access)
Router – Cisco 1812 configuration
Configure Interfaces FastEthernet 0 and FastEthernet 1
RT-1812W(config)#interface FastEthernet0
RT-1812W(config)#description --> Connection to L3SW-3560 Nat INSIDE <--
RT-1812W(config-if)#ip address 172.168.100.1 255.255.255.0
RT-1812W(config-if)# ip nat inside
RT-1812W(config-if)#exit
RT-1812W(config)#interface FastEthernet1
RT-1812W(config-if)# description --> Connection to ISP Router's port Nat OUTSIDE <--
RT-1812W(config-if)# ip address 192.168.0.144 255.255.255.0 !(set static IP address from Local Vlan pool)
RT-1812W(config-if)# ip nat outside
RT-1812W(config-if)#exit
Routing
RT-1812W(config)#ip routing
RT-1812W(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1 !(ISP local router LAN ip address)
RT-1812W(config)#ip route 10.0.0.0 255.0.0.0 172.168.100.2 !(L3SW- Cisco3560 interface G0/2)
RT-1812W(config)#ip route 172.168.10.0 255.255.255.0 172.168.100.2
RT-1812W(config)#ip route 172.168.20.0 255.255.255.0 172.168.100.2
RT-1812W(config)#router eigrp 10
RT-1812W(config-router)#network 10.0.0.0 0.255.255.255
RT-1812W(config-router)#network 172.168.10.0 0.0.0.255
RT-1812W(config-router)#network 172.168.20.0 0.0.0.255
RT-1812W(config-router)#exit
RT-1812W(config)#ip default-gateway 192.168.0.144 !(FastEthernet 1)
RT-1812W(config)#ip name-server 83.255.255.3 192.168.0.1 192.168.1.1 8.8.8.8
Access-list
RT-1812W(config)#ip access-list standard AP-VLAN-Group1
RT-1812W(config-std-nacl)#permit 10.0.0.0 0.255.255.255
RT-1812W(config-std-nacl)#permit 172.168.10.0 0.0.0.255
RT-1812W(config-std-nacl)#permit 172.168.20.0 0.0.0.255
RT-1812W(config-std-nacl)#exit
RT-1812W(config)#ip nat inside source list AP-VLAN-Group1 interface FastEthernet1 overload
RT-1812W(config)#