05-20-2024 07:07 AM
Working on an older environment that I need to make some changes to temporarily until they can transition to some newer equipment later in the year. At present APs are on vlan 1 but looking to migrate them to another vlan and then leave the client traffic on the original vlan 1 (new management vlan will be native on the switch interface w/ guest and vlan 1 tagged). I just wanted to confirm the following configuration should work if anyone might know. Also, at present they're using WEP for older scanners that are being replaced. I'll need to keep that in place for now while also adding a 2nd SSID that is WPA v2. The transition to newer scanners will be happening w/ the AP replacement later in the year:
dot11 ssid maincorp
vlan 1
mbssid guest-mode
dot11 ssid guestnetwork
vlan 102
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 W3lcome123
mbssid guest-mode
exit
interface gigabitEthernet 0.102
encapsulation dot1Q 102
bridge-group 102
exit
interface gigabitEthernet 0.1
encapsulation dot1Q 1
bridge-group 1
exit
int dot11Radio 0.1
encapsulation dot1Q 1
bridge-group 1
exit
int dot11Radio 1.1
encapsulation dot1Q 1
bridge-group 1
exit
int dot11Radio 0.102
encapsulation dot1Q 102
bridge-group 102
exit
int dot11Radio 1.102
encapsulation dot1Q 102
bridge-group 102
exit
interface dot11Radio 0
mbssid
encryption vlan 1 key 1 size 128bit 7 A63593F09330129A077A43693251 transmit-key
encryption vlan 102 mode ciphers aes-ccm
ssid guestnetwork
no shut
interface dot11Radio 1
mbssid
encryption vlan 1 key 1 size 128bit 7 A63593F09330129A077A43693251 transmit-key
encryption vlan 102 mode ciphers aes-ccm
ssid guestnetwork
no shut
05-20-2024 09:58 AM
- Difficult to evaluate with viewing it only , basic testing should be considered mandatory , if something is not working then check the AP (client) logs ,
M.
05-21-2024 06:43 AM
Thanks. That's fair. I'll grab a spare AP and see if I can test it out this week.
05-22-2024 08:11 PM - edited 05-22-2024 08:12 PM
So I was able to test this on an 1140 and while I can connect to both SSIDs w/o issue, connecting to the WEP SSID that should be "tagged" vlan 1, I'm dropped on the native vlan of the interface that is being used for management. I noticed that if I review the configuration for Gi 0.1 the native keyword is added after i specify the vlan id.
05-23-2024 09:04 PM
Did some testing and was able to get this working while I had console access to a 1140. I'll test if the same can be done over ssh, which I suspect should work. I'll post back if it fails.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide