02-21-2011 06:46 AM - edited 07-03-2021 07:51 PM
How can i best setup the following:
Switch: 2960-24PC-S
AP: AIR-AP1141N
I have no Wireless Lan Controller.
I want to setup 2 Vlan's on the 2960, 1vlan for wired pc's, and 1 vlan for the AP's. I will do dhcp on both vlans.
I want to know how the best method is to create a GUEST ssid and WPA security on those 3 ap's. Can it be done on 1 ap, who delivers it to the other 2, or do i need to configure all three of them?
02-21-2011 06:50 AM
Hi,
If you do not have the WLC and if the APs are in Autonomous Mode then there is no go rather to configure all the 3...
Regards
Surendra
02-21-2011 06:54 AM
Hi,
from the descriptions i can see that you are planning to configure 2 VLANs, please let me know if you need to communicate between the Wired and Wireless or not??
Regards
Surendra
02-21-2011 07:05 AM
The thing i want to do is:
vlan1: private (2 computers)
vlan2: wlan, guests, 3ap's
At first i didn't want a connection between these two. I was going to see if i could do the routing on the 2960s, or if i'd need an external router.
But if i wanted to write an script (with Auto-IT) to automate generation of WPA security on the three AP's, i'd need to contact the ap's on vlan2 from a computer on vlan1 to change the security. My boss wants to change the WPA-passwords every month. But he didn't want the Wireless Lan Controller
I have one IP externall ip-address.
02-21-2011 07:39 AM
Hi,
No problem!!
Changing the WPA PSK key just takes less that a minute
Here is the config that you can use..
On the switch..
===========
en
conf t
int fa 0/6
switchport trunk encap dot1Q
switchport mode trunk
switchport trunk native vlan 1
no shut
end
On the AP
=========
en
conf t
dot1 ssid
guest-mode
auth open
auth key-management wpa version 2
wpa-psk ascii
vlan 2
end
int dot11 0
ssid
encryption vlan 2 mode ciphers aes-ccm
no shut
end
int dot11 0.1
encap dot1Q 1 native
bridge-group 1
end
int gig 0.1
encap dot1Q 1 native
bridge-group 1
end
int dot11 0.2
encap dot1Q 2
bridge-group 2
end
int gig 0.2
encap dot1Q 2
bridge-group 2
end
en
conf t
bridge irb
bridge 1 protocol ieee
bridge i route ip
end
en
conf t
int bvi 1
description ### io address in the VLAN 1 subnet##
ip address
no shut
end
The config will help you in getting the comunication up and running between the Ap and the switch and the communication between the VLAN will also be possible..
Lemme know if this answered your question!!
Regards
Surendra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide