Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
2
Replies

Replicating a Wireless Setup across heterogeneous APs...

ckoeber101
Level 1
Level 1

‎10-18-2012 01:01 PM - edited ‎07-03-2021 10:52 PM

Hello,

Thanks for all of the help provided in previous threads. I am trying now to deploy the setup that works on some APs and doesn't work on others.

For example, on an AIR-AP1231G-A-K9, the following setup works:

                   

!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP-6
!
enable secret 5 $1$TWtQ$NZ9YG6.PSLEfXZK2uoQo91
enable password 7 020C1150020A5A6C1C
!
username Cisco password 7 072C285F4D06
username admin password 7 0705344747054C4847
ip subnet-zero
ip domain name wesleysem.edu
!
no aaa new-model
!
dot11 ssid (Secure) Staff/Faculty
   vlan 70
   authentication open 
!
dot11 ssid Public
   vlan 60
   authentication open 
   guest-mode
!
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 ssid (Secure) Staff/Faculty
 !
 ssid Public
 !
 short-slot-time
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
 rts threshold 2312
 power local cck 100
 power local ofdm 30
 channel 2462
 station-role root
 no cdp enable
!
interface Dot11Radio0.60
 encapsulation dot1Q 60 native
 no ip route-cache
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.70
 encapsulation dot1Q 70
 no ip route-cache
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.60.255.6 255.255.0.0
 no ip route-cache
!
ip default-gateway 10.60.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
snmp-server community WesleySNMP RO
snmp-server enable traps tty
bridge 1 route ip
!
!
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 login local
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 login
 transport preferred all
 transport input all
 transport output all
!
end


But on a AIR-AP1220-IOS-UPGRD (Basically an AP Aironet 1220 with an IOS upgrade), the following setup does not work - neither network connects, even though I tried to make them as similar as possible:

Building configuration...
Current configuration : 2215 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP-7
!
enable secret 5 $1$S7mv$JLVVGhRBEYTR5D7UXaj3M/
enable password 7 11030C0E1E1E5E4154
!
ip subnet-zero
ip domain name wesleysem.edu
!
!
no aaa new-model
!
dot11 ssid (Secure) Staff/Faculty
   vlan 70
   authentication open
   mbssid guest-mode
!
dot11 ssid Public
   vlan 60
   authentication open
   mbssid guest-mode
!
dot11 network-map
!
!
username Cisco password 7 0501130428401B4449
username admin password 7 020C1150020A5A6C1C
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 ssid (Secure) Staff/Faculty
 !
 ssid Public
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
 station-role root
!
interface Dot11Radio0.60
 encapsulation dot1Q 60 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.70
 encapsulation dot1Q 70
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.60
 encapsulation dot1Q 60 native
 ip address 10.60.255.7 255.255.0.0
 ip helper-address 10.60.0.1
 no ip route-cache
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 10.60.255.7 255.255.0.0
 ip helper-address 10.60.0.1
 no ip route-cache
!
ip default-gateway 10.60.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
 transport preferred all
 transport output all
line vty 0 4
 login local
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 login
 transport preferred all
 transport input all
 transport output all
!
end


I have both ports connecting to identical port configurations as follows:

interface GigabitEthernet 0/47
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 60
 switchport mode trunk
!


What changes do I need to make to 12.2 IOS and older APs to recognize and use multiple networks?

Thanks.

Labels:
0 Helpful
2 Replies 2

wjenkins
Level 1
Level 1

‎10-18-2012 02:01 PM

You need to assign a different bridge group id to each VLAN on both the radio and ethernet interfaces. You assigned the same IP address to the Fast Ethernet0.60 Interface and the BVI1 interface. You also assigned an IP Helper to the FastEthernmet0.60 Interface and the BVI Interface. Only the BVI1 interface needs an IP address for mangement of the AP. The IP helper should be assigned to the L3 interface on your router or switch to forward the DHCP requests. I would also recommend not using a VLAN for management of the AP that is assigned an SSID especially on the Public/Guest WiFI. It also looks like the 1200 AP is on 12.3 from the listing.

Here is a partial configuration example below for multiple VLANS.

!

dot11 ssid (Secure) Staff/Faculty

   vlan 70

   authentication open

   mbssid guest-mode

!

dot11 ssid Public

   vlan 65

   authentication open

   mbssid guest-mode

!

!

interface Dot11Radio0.65

encapsulation dot1Q 65

no ip route-cache

bridge-group 65

bridge-group 65 subscriber-loop-control

bridge-group 65 block-unknown-source

no bridge-group 65 source-learning

no bridge-group 65 unicast-flooding

bridge-group 65 spanning-disabled

!

interface Dot11Radio0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 subscriber-loop-control

bridge-group 70 block-unknown-source

no bridge-group 70 source-learning

no bridge-group 70 unicast-flooding

bridge-group 70 spanning-disabled

!

...

!

interface FastEthernet0.60

encapsulation dot1Q 60 native

no ip route-cache

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.65

encapsulation dot1Q 65

no ip route-cache

bridge-group 65

bridge-group 65 block-unknown-source

no bridge-group 65 source-learning

bridge-group 65 spanning-disabled

!

interface FastEthernet0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 block-unknown-source

no bridge-group 70 source-learning

bridge-group 70 spanning-disabled

!

!

interface BVI1

ip address 10.60.255.7 255.255.0.0

!

ip default-gateway 10.60.0.1

!

0 Helpful

Srin_G
Level 3
Level 3

‎10-18-2012 08:50 PM

Chris,

Just like the previous thread, you are trunking to your switchport. I believe there is a L3 switch somewhere to do the routing for vlan 60 and 70.The IP helper can be assigned in the L3 switch for those vlans.

Remove the IP address from BVI1 and shutdown it. Assign the ip address in Fas0.60 in both the AP's. Choose the lease congested channel and it should work fine. We got this setup for all our autonomous system AP's and works without any issues.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card