Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
1
Helpful
4
Replies

Older Autonomous AP - tagged vlan 1 and WEP/WPA on same radio

mumbles202
Level 5
Level 5

‎05-20-2024 07:07 AM

Working on an older environment that I need to make some changes to temporarily until they can transition to some newer equipment later in the year.  At present APs are on vlan 1 but looking to migrate them to another vlan and then leave the client traffic on the original vlan 1 (new management vlan will be native on the switch interface w/ guest and vlan 1 tagged).  I just wanted to confirm the following configuration should work if anyone might know.  Also, at present they're using WEP for older scanners that are being replaced.  I'll need to keep that in place for now while also adding a 2nd SSID that is WPA v2.  The transition to newer scanners will be happening w/ the AP replacement later in the year:

 

dot11 ssid maincorp
 vlan 1
 mbssid guest-mode

dot11 ssid guestnetwork
vlan 102
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 W3lcome123
mbssid guest-mode
exit


interface gigabitEthernet 0.102
encapsulation dot1Q 102
bridge-group 102
exit

interface gigabitEthernet 0.1
encapsulation dot1Q 1 
bridge-group 1
exit


int dot11Radio 0.1
encapsulation dot1Q 1 
bridge-group 1
exit

int dot11Radio 1.1
encapsulation dot1Q 1 
bridge-group 1
exit


int dot11Radio 0.102
encapsulation dot1Q 102
bridge-group 102
exit
int dot11Radio 1.102
encapsulation dot1Q 102
bridge-group 102
exit


interface dot11Radio 0
mbssid
encryption vlan 1 key 1 size 128bit 7 A63593F09330129A077A43693251 transmit-key
encryption vlan 102 mode ciphers aes-ccm
ssid guestnetwork
no shut

interface dot11Radio 1
mbssid
encryption vlan 1 key 1 size 128bit 7 A63593F09330129A077A43693251 transmit-key
encryption vlan 102 mode ciphers aes-ccm
ssid guestnetwork
no shut

 

0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎05-20-2024 09:58 AM

 

 - Difficult to evaluate with viewing it only , basic testing should be considered mandatory , if something is not working then check the AP (client) logs

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

mumbles202
Level 5
Level 5
In response to marce1000

‎05-21-2024 06:43 AM

Thanks.  That's fair.  I'll grab a spare AP and see if I can test it out this week. 

0 Helpful

mumbles202
Level 5
Level 5

‎05-22-2024 08:11 PM - edited ‎05-22-2024 08:12 PM

So I was able to test this on an 1140 and while I can connect to both SSIDs w/o issue, connecting to the WEP SSID that should be "tagged" vlan 1, I'm dropped on the native vlan of the interface that is being used for management. I noticed that if I review the configuration for Gi 0.1 the native keyword is added after i specify the vlan id.  

0 Helpful

mumbles202
Level 5
Level 5

‎05-23-2024 09:04 PM

Did some testing and was able to get this working while I had console access to a 1140.  I'll test if the same can be done over ssh, which I suspect should work.  I'll post back if it fails. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card