11-15-2014 07:09 AM - edited 07-05-2021 01:56 AM
Hi Im new to cisco wireless AP.
I need your advice and best way to configure wireless AP. we have 50-70 users in 2 buildings 3 storey. 2 vlans
I have 2 cisco aironet 2602i and 1 1142 aironet.. it is okey if AP-1142 to be access points? and 2 -2602i will be the bridge? can anyone give me configurations?
Thanks
Solved! Go to Solution.
11-18-2014 11:11 PM
If you ok with that here is what you have to do.
vlan 25 - 172.22.25.0/24
1. Define this L2 vlan on your switch
2. Define SVI for vlan 25 (int vlan 25) & assign 172.22.25.2 /24 (assuming it is the correct gateway IP you want to have)
3. Define DHCP pool for vlan 25 (assume first 20 addresses reserved for APs & SVI). Follow the same configuration options you given for vlan 10,20. So wireless users will get IP in the range of 172.22.25.21 - 172.22.25.254
4. Configure the below configuration on AP-01 & do the same on AP-02 & AP-03 with modified BVI IP & hostname. (I used WLAN password, hostname, SSID given in your config- if you need modify those)
AP-01 : 172.22.25.11/24
AP-02 : 172.22.25.12/24
AP-03 : 172.22.25.13/24
conf t hostname LEDO_AP01 ! dot11 ssid LEDO_WIFI authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 03035704040E2D5C411E1C17 ! interface Dot11Radio0 encryption mode ciphers aes-ccm ssid LEDO_WIFI no shutdown ! interface Dot11Radio1 channel width 40-above encryption mode ciphers aes-ccm ssid LEDO_WIFI no shutdown ! interface BVI1 ip address 172.22.25.11 255.255.255.0 ! ip default-gateway 172.22.25.2 end write memory !
5. Configure 3 switchports for access vlan 25 & plug those 3 AP. Here is a sample config for a switchport.
interface gx/x description Access Point switchport mode access switchport access vlan 25 spanning-tree portfast
6. Test your wireless connectivity
Give us a try & let us know if you have any further queries.
HTH
Rasika
**** Pls rate all useful responses ****
11-19-2014 04:26 PM
Hi
You simply require erase the startup-config & reload without saving.
AP#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete AP#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm]
Once reloaded, you can apply the new configurations
HTH
Rasika
11-16-2014 05:52 AM
Here is my opinion. It is best to have an access point in each floor and more than one if a single access point doesn't provide the coverage you want. Now that being said, you can use a seperate AP as a bridge if you are trying to connect two building together via wireless. The bridge would have antennas on the outside and you would use the proper antenna to provide a stable wireless link between the two. This is how I would implement a solution like what you have to ensure you can provide enough wireless coverage for the end devices and a link between the buildings.
Scott
11-16-2014 04:52 PM
Hi Scott and Leo Thanks for the reply. Great advise!
If i put access point in each floor can i assign one SSID 1 for every floor ? it posible vlan 1 and 2 can connect with the same SSID 1 and 3 access points? what should be the configurations for all the AP?
Thanks,
11-16-2014 05:09 PM
Are these Autonomous APs ? If not you require either WLC or convert those to Autonomous.
If you access CLI via AP console & issue "show version" you can verify this. (Cisco/Cisco will be the credential if these new APs)
Also what type of switch do you have to connect these 3 AP & power them (Hope it is Gigabit switch & PoE)
Let us know, we can help accordingly
HTH
Rasika
**** Pls rate all useful responses ****
11-16-2014 05:24 PM
Hi Manannalage,
Are these Autonomous APs ? YES . We dont have WLC for now. i have Layer 3 switch 3560 g series yes this is Gigabit switch & PoE. this switch is configured 2 vlans only.
Thanks,
11-16-2014 06:06 PM
Hi
Thanks for the confirmation.
Since you are new to Cisco wireless I would go with a very basic configuration.
If you configure all your APs with this basic configuration & plug it to 3 switchport configured for a DHCP vlan (where you want wireless users to take IP from), your wireless should work.
Replace <AP_HOSTNAME>, <SSID_NAME> & <SSID_PASSWORD> as required. Also default username password (Cisco/Cisco) you can change for better security.
conf t
hostname <AP_HOSTNAME>
!
dot11 ssid <SSID_NAME>
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii <SSID_PASSWORD>
!
interface Dot11Radio0
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface Dot11Radio1
channel width 40-above
encryption mode ciphers aes-ccm
ssid <SSID_NAME>
no shutdown
!
interface BVI1
ip address dhcp
!
end
write memory
!
In this case AP will take an IP from the same subent. If you want to create multiple SSIDs & also put AP onto separate mgmt vlan, then we may need to create sub-interfaces & configuration would be little bit complex (but can be done :) ).
Let us know
**** Pls do not forget to rate our responses if that is useful to you ****
HTH
Rasika
11-16-2014 08:33 PM
Hi Manannalage,
Our L3 Switch port 1, port 2 and port 3 is different vlans and subnet
vlan 1 172.22.7.x , vlan 2 172.22.10.x. i want this 2 subnets to see in all 3 AP's.
any advise?
Thanks,
11-16-2014 08:45 PM
which vlan AP management should be ? Do you have any switch management vlan on your network ? What IP should I give to AP1,2 & 3 in this case ?
SSID-1 : vlan 1
SSID-2 : vlan 2
AP-mgt : vlan x ???
Do you have pre-defined DHCP pool for vlan 1 & 2 ?
Let us know to help out the required config
HTH
Rasika
**** Pls rate all useful responses ****
11-16-2014 11:58 PM
Hi rasika,
which vlan AP management should be ?
Do you have any switch management vlan on your network ? Yes
What IP should I give to AP1,2 & 3 in this case ?
for AP 1- 172.22.10.X
AP 2- 172.22.7.X
AP 3- 172.21.10.X- this vlan 3 - 3rd floor sorry i forgot to mention.
SSID-1 : vlan 1
SSID-2 : vlan 2
AP-mgt : vlan 3 ???- sorry dont have idea about this.
Do you have pre-defined DHCP pool for vlan 1 & 2 ? YES we have DHCP server subnet pool=172.22.10.x, 172.22.7.x, 172.21.10.x
Thanks for the reply.
11-17-2014 02:19 AM
Ok, Here we go.
I assumed a switch management vlan 999 & subnet 192.168.99.0/24. In my case switch configured with vlan 999 - 192.168.99.1 & that would be the default gateway configuration for the AP.
I would assign those 3 AP IP like below
AP-01 : 192.168.99.101
AP-01 : 192.168.99.102
AP-01 : 192.168.99.102
In your case modify this vlan/subnet information accordingly.
Here is the AP-01 configuration. AP-02 & AP-03 configuration would be same excep the BVI 1 IP address & hostname.
conf t ! hostname AP-01 ! dot11 ssid SSID-1 vlan 1 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii <SSID_1_PASSWORD> ! dot11 ssid SSID-2 vlan 2 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii <SSID_2_PASSWORD> ! dot11 ssid SSID-3 vlan 3 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii <SSID_3_PASSWORD> ! interface Dot11Radio0 encryption vlan 1 mode ciphers aes-ccm encryption vlan 2 mode ciphers aes-ccm encryption vlan 3 mode ciphers aes-ccm mbssid ssid SSID-1 ssid SSID-2 ssid SSID-3 no shut ! interface Dot11Radio1 channel width 40-above encryption vlan 1 mode ciphers aes-ccm encryption vlan 2 mode ciphers aes-ccm encryption vlan 3 mode ciphers aes-ccm mbssid ssid SSID-1 ssid SSID-2 ssid SSID-3 no shut ! interface Dot11Radio0.1 encapsulation dot1Q 1 bridge-group 10 ! interface Dot11Radio0.2 encapsulation dot1Q 2 bridge-group 20 ! interface Dot11Radio0.3 encapsulation dot1Q 3 bridge-group 30 ! interface Dot11Radio0.999 encapsulation dot1Q 999 native bridge-group 1 ! interface Dot11Radio1.1 encapsulation dot1Q 1 bridge-group 10 ! interface Dot11Radio1.2 encapsulation dot1Q 2 bridge-group 20 ! interface Dot11Radio1.3 encapsulation dot1Q 3 bridge-group 30 ! interface Dot11Radio1.999 encapsulation dot1Q 999 native bridge-group 1 ! interface GigabitEthernet0.1 encapsulation dot1Q 1 bridge-group 10 ! interface GigabitEthernet0.2 encapsulation dot1Q 2 bridge-group 20 ! interface GigabitEthernet0.3 encapsulation dot1Q 3 bridge-group 30 ! interface GigabitEthernet0.999 encapsulation dot1Q 999 native bridge-group 1 ! interface BVI1 ip address 192.168.99.101 255.255.255.0 ip default-gateway 192.168.99.1 ! end write memory
Here is the switch port configuration those AP connects. In your case make sure AP management vlan replaced 999 value.
description AP-01 switchport trunk native vlan 999 switchport trunk allow vlan 1-3, 999 switchport mode trunk
Once you do this all your 3 AP advertise these 3 SSIDs. When user connect to SSID-1 they will be on vlan 1, SSID-2 users will be on vlan 2 & SSID-3 users will be on vlan 3.
Hope this is what your looking for :)
****** Please do not forget to rate our responses if that is useful to you ******
HTH
Rasika
11-17-2014 06:30 AM
Thanks again! i have 3 quick question before i go to the configurations.
1. Can i use same password for all the SSID?
2. Can i use same SSID for all the AP's?
3. Is this necessary to trunk all the ports in L3?
description AP-01 switchport trunk native vlan 999 switchport trunk allow vlan 1-3, 999 switchport mode trunk
11-17-2014 10:16 AM
Hi,
1. Can i use same password for all the SSID?
Yes,
2. Can i use same SSID for all the AP's?
Yes, if you want to all those SSID advertise by all 3 APs. In this way user move from one level to other level, will roam to the other AP without dropping their connection (assuming you have proper wireless coverage)
3. Is this necessary to trunk all the ports in L3?
Yes, If you want to pass multiple vlan to AP, you have to configure switchport connected to AP as a Trunk Port. Trunk port config is L2
**** Pls rate all useful responses ******
HTH
Rasika
11-18-2014 01:26 AM
Hi rasika,
Here is my configurations FOR ALL THE 2 AP's, i did not include AP3. for your comments.
Building configuration...
Current configuration : 3652 bytes
!
! Last configuration change at 22:32:37 UTC Mon Feb 24 2014
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LEDO_AP
!
!
logging rate-limit console 9
enable secret 5 $1$SBYI$730mrJamTyAoJhM1BrXD10
!
no aaa new-model
no ip source-route
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid TODO_AP1
vlan 20
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 03035704040E2D5C411E1C17
!
!
!
!
!
username CISCO password 7 032752180500
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers aes-ccm
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid TODO_AP1
!
antenna gain 0
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
!
interface Dot11Radio0.999
encapsulation dot1Q 999 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 10 mode ciphers aes-ccm
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid TODO_AP1
!
antenna gain 0
peakdetect
dfs band 3 block
mbssid
channel width 40-above
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1
!
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio1.3
encapsulation dot1Q 3
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
!
interface Dot11Radio1.999
encapsulation dot1Q 999 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 20
bridge-group 20 spanning-disabled
no bridge-group 20 source-learning
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
!
interface GigabitEthernet0.999
encapsulation dot1Q 999 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address 7426.ac1a.c49d
ip address 172.22.7.x 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip default-gateway 172.22.7.x
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end
Tommorow i will schedule the testing, im still requesting to trunk the L3.
11-18-2014 02:47 AM
You have used vlan 10 & 20 instead of 1 & 2 as you originally posted.
You can simply copy the config I have given & change the SSID_Name, Password,
Depend on the IP range you have to give for AP management you can change the BVI IP & default gateway. remember that vlan has to be native (or untagged). vlan 999 used as example in my case.
HTH
Rasika
**** Pls rate all useful responses ****
11-18-2014 05:30 AM
HI Raska,
Yes i changed it because that's the vlan configurations in our L3 switch. cause vlan 10 - admin1- vlan 20 admin2
For BVI IP address 172.22.7.34 255.255.255.0
ip default-gateway 172.22.7.2
Please advise!
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide