06-05-2017 08:56 AM - edited 07-05-2021 07:09 AM
hello i would like to put my wireless AP on a separate subnet but these APs are not managed by any controller. what would be the steps?
We have 3 AP.s
06-06-2017 05:49 PM
Hi,
You need to create sub-interfaces on the APs and match them to bridge group 1 with native VLAN. For example, lets say you have created a subnet attached to VLAN 10:
conf t
interface GigabitEthernet0.10 <-- creates a sub interface
encapsulation dot1Q 10 native <-- maps VLAN 10 as the native VLAN
bridge-group 1 <-- Links to bridge-group 1 which is the default/native bridge group
Any SSID you do create will automatically link to this bridge-group:
interface Dot11Radio0
ssid TEST
packet retries 64 drop-packet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
This can be altered with more sub-interfaces/groups to change SSID-> VLAN mappings but that wasn't your question so I won't go into it :P.
Note: I am assuming your associated switchport config is Trunk with matching Native VLAN of 10 in this scenario.
Ric
06-06-2017 06:07 PM
thx Ric, great detail.
what about DHCP ? Do i set DHCP on the APs or do i need a DHcp server for example with windows server
06-06-2017 06:24 PM
You can do DHCP on the AP but personally I'd recommend using an external server if you can. However, that would need to be connected to the same VLAN or an IP-Helper setup so running it on the AP might be more convenient.
It's a matter of personal choice for that one :).
Ric
06-06-2017 06:33 PM
i was originally going to set the switchport as an access port for the wireless vlan would this also work ? what is the advantage of doing it with the sub vlan interface? i suppose it allows me to keep my mgmt on the existing subnet?
06-06-2017 06:52 PM
If you set it to access then you can only use that single VLAN meaning your MGMT and SSIDs will be on the same network.
If you want your MGMT to be on a separate VLAN as wireless you will need to keep the native vlan as mgmt and then create radio sub-interfaces for the SSID. For example, using VLAN 10 as mgmt like before but then mapping an SSID to VLAN 50:
interface GigabitEthernet0.10
encapsulation dot1Q 10 native
bridge-group 1
interface GigabitEthernet0.50
encapsulation dot1Q 50
bridge-group 50
interface dot11radio0.50
encapsulation dot1Q 50
bridge-group 50
interface dot11radio1.50
encapsulation dot1Q 50
bridge-group 50
dot11 ssid TEST
vlan 50
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid TEST
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid TEST
06-06-2017 08:03 PM
You have to log onto each AP and change BVI interface IP, default gateway to match new subnet details.
interface BVI1
ip address 192.168.100.10 255.255.255.0
!
ip default-gateway 192.168.100.1
Also you need to ensure new vlan is the native vlan (if you configured multiple SSIDs that map to different vlan) on the trunk link between AP & switchport it is connected.
HTH
Rasika
*** Pls rate all useful responses ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide