01-12-2015 08:36 AM - edited 07-05-2021 02:15 AM
I have Cisco AP Aironet 1100 and I have 5 vlans in my network as the fallowing:
vlan101 with name (APmangm101)
vlan4 with name (Voice4)
vlan6 with name (User6)
vlan8 with name (inter8)
and vlan100 is native vlan
step1
I configured the SSID and Map it to respective VLANs (vlan4,vlan6,vla8)as the fallowing:
Dot11 ssid Voice4
vlan 4
authentication open
authentication key-managment wpa
wpa-psk ascii admin4444
mbssid guest-mode
exit
Dot11 ssid User6
vlan 6
authentication open
authentication key-managment wpa
wpa-psk ascii admin666
mbssid guest-mode
exit
Dot11 ssid inter8
vlan8
authentication open
authentication key-managment wpa
wpa-psk ascii admin888
mbssid guest-mode
exit
Step 2
Assigning the encryption to different SSIDs with repective Vlans.
int dot11Radio 0
mbssid
encryption vlan 4 mode ciphers aes-ccm
encryption vlan 6 mode ciphers aes-ccm
encryption vlan 8 mode ciphers aes-ccm
ssid Voice4
ssid User6
ssid inter8
Step 3
Configuring the sub interface for Dot11 radio 0 and Ethernet
interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 100
exit
interface fastethernet0.100
bridge-group 100
encapsulation dot1Q 100 native
exit
interface Dot11Radio0.101
encapsulation dot1Q 101
bridge-group 101
exit
interface fastethernet0.101
bridge-group 101
encapsulation dot1Q 101
exit
interface Dot11Radio0.4
encapsulation dot1Q 4
bridge-group 4
exit
interface fastethernet0.4
bridge-group 4
encapsulation dot1Q 4
exit
interface Dot11Radio0.6
encapsulation dot1Q 6
bridge-group 6
exit
interface fastethernet0.6
bridge-group 6
encapsulation dot1Q 6
exit
interface Dot11Radio0.8
encapsulation dot1Q 8
bridge-group 8
exit
interface fastethernet0.8
bridge-group 8
encapsulation dot1Q 8
exit
bridge irb
bridge 1 route ip
exit
Step 4
Configuration on the switch
int g1/0/3
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100,101,4,6,8
exit
=======================================================
My question:
1-The AP is work with Multi SSID and I can connect to any SSID and and do ping to any network, but when try to do ping to AP's IP management (172.16.101.20) I can't do it and can't access ass webpage to AP?
2-whene I type this command (At the bottom) the AP is disconnect and I can't ping to it even reload it:
interface fastethernet0.100
bridge-group 100
why it disconnect?
Note:
interface BVI1
ip address 172.16.101.20 255.255.255.0
ip default-gateway 172.16.101.254
01-12-2015 09:08 AM
When you tell the AP that the subinterface .100 is encapsulation dot1q 100 native, it should set the bridge-group to bridge-group 1.
Bridge-group 1, is what is linked to BVI 1 and is the "routed" interface for the AP.
--
Steve
01-12-2015 11:51 AM
Thank you so match Stephen Rodriguez
and according to the configuration if i need to use AP's IP on [vlan101 with name (APmangm101)] and not in same vlan 100 (native vlan) , What is suitable configuration to do it? becuse with my configuration (I told you) I can connect to any SSID and and do ping to any network, but when try to do ping to AP's IP management (172.16.101.20) I can't do it and can't access ass webpage to AP?
01-12-2015 12:03 PM
what you would need to change is
remove the .100 interfaces
then under the .101 interfaces
encapsulation dot1q 101 native
bridge-group 1
this links .101 sub interfaces to the BVI 1, which has the IP address.
then on the switch side you need to change the native VLAN to 101 as well.
--
HTH
Steve
01-12-2015 12:15 PM
Dear Stephen
I need to keep vlan 100 is native vlan , but the management IP of AP in vlan 101.
01-12-2015 12:22 PM
not trying to be difficult...but why?
the AP is a layer 2 bridging device it's going to pass whatever VLAN's you configure with the VLAN tag. To the AP the "native" VLAN is the untagged VLAN, which is where it's IP address lives.
I suppose you could leave VLAN 100 as the native on the switch, call it "native" in the sub interfaces, and change it to be .100 and then change the .101 to be in bridge-group 1, but I could see that causing issues down the road if the AP boots up and parses that native tag on .100 again and resets the configuration.
--
Steve
01-12-2015 12:45 PM
Dear Stephen
I know I am aweary you with me, but plz can you explain to me more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide