Thank you :)

I have attached the show run of the WAP - we have 4 with identical configs.

Yes - DHCP server is separate - one of our servers in the network.

I don't know what SVI defined means?

Hi Steven,

Current AP configuration does not include sub-interface configs for multiple SSID/vlans. You need to let me know what are X,Y,Z

SSID-1 : Vlan X :  Subnet info

SSID-2 : Vlan Y : Subnet info

AP Mgmt : Vlan Z : 192.168.0.0/24

I don't know what SVI defined means?

SVI-Switch Virtual Interface (in simple terms L3 interface used as gateway for vlan X,Y,Z ). Where are these defined ? on your 3850 or separate distribution/core switch ? (it should be the same place where 192.168.0.2 as per your AP config)

Let me know those info

HTH

Rasika

**** Pls rate all useful responses ****

Here is what we want:

SSID-1 = A4HS - VLAN10, password protected

SSID-2= A4HS-Guest - Vlan20, password protected

192.168.0.2 is the default gateway - the switches

Anything?

Hi Steve,

Here is the configs, try this & see. modify <> content as you want. I have shown one AP config. You can assign different IP/hostname to the 2nd AP. Make sure you erase AP current config & apply below.

conf t
!
hostname <AP-01>
!
dot11 ssid A4HS
   vlan 10
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii <A4HS_PASSWORD>
!
dot11 ssid A4HS-Guest
   vlan 20
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii <A4HS-Guest_PASSWORD>
!
interface Dot11Radio0
 encryption vlan 10 mode ciphers aes-ccm
 encryption vlan 20 mode ciphers aes-ccm
 mbssid
 ssid A4HS
 ssid A4HS-Guest
 no shut
!
interface Dot11Radio1
 channel width 40-above
 encryption vlan 10 mode ciphers aes-ccm
 encryption vlan 20 mode ciphers aes-ccm
 mbssid
 ssid A4HS
 ssid A4HS-Guest
 no shut
!
interface Dot11Radio0.10
 encapsulation dot1Q 10
 bridge-group 10
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 bridge-group 20
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
interface Dot11Radio1.10
 encapsulation dot1Q 10
 bridge-group 10
!
interface Dot11Radio1.20
 encapsulation dot1Q 20
 bridge-group 20
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
interface GigabitEthernet0.10
 encapsulation dot1Q 10
 bridge-group 10
!
interface GigabitEthernet0.20
 encapsulation dot1Q 20
 bridge-group 20
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
!
interface BVI1
 ip address 192.168.0.31 255.255.255.0
ip default-gateway 192.168.0.2
!
end
write memory
!

Here is the switch configs. I hope you have defined DHCP pools for vlan 10/20 on your DHCP server (192.168.0.101).
 

interface GigabitEthernet1/0/41
 Description AP-01
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
 spanning-tree portfast trunk
! 
interface GigabitEthernet1/0/42
 Description AP-02
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
 spanning-tree portfast trunk
!
interface Vlan10
 ip address <x.x.x.x> 255.255.255.0
 ip helper-address 192.168.0.101
!
interface Vlan20
 ip address <x.x.x.x> 255.255.255.0
 ip helper-address 192.168.0.101
!

**** Pls do not forget to rate our responses if you find them useful ****

HTH

Rasika

First of all - thank you very much for all of your work - I am studying these configs and think I understand most of them.... except for this:

I hope you have defined DHCP pools for vlan 10/20 on your DHCP server (192.168.0.101)

I have not done this - our current DHCP pool is 192.168.0.100-190 for clients...

What you are saying is that I have to create two separate pools available for lease - one for VLAN10 and one for VLAN20? 

Could I do this:

Edit:

So I have to create two new scopes on my DHCP sever (192.168.1.101):

Could VLAN10 be 192.168.10.0   and   VLAN20 be 192.168.20.10 ?

Thank you again - I really appreciate this opportunity to learn

No, you cannot use same subnet with multiple vlans.

What you are saying is that I have to create two separate pools available for lease - one for VLAN10 and one for VLAN20? 

Yes, you have to do that, below is a sample config if you are doing this on a  Cisco switch

ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50

!
ip dhcp pool VLAN10
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1 
!
ip dhcp pool VLAN20
 network 192.168.20.0 255.255.255.0
 default-router 192.168.20.1 
!
int vlan 10
ip address 192.169.10.1 255.255.255.0

!
int vlan 20
ip address 192.168.20.1 255.255.255.0

Pls rate all useful responses (use the Star rating system )

HTH

Rasika

So as I edited above,

Can I do this on the current DHCP server (192.168.0.101) instead of the switches?

And have 2 scopes such as:

192.168.10.0 for VLAN10   and 192.168.20.0 for VLAN20?

And then in the switch configs:

interface Vlan10
ip address <x.x.x.x> 255.255.255.0
ip helper-address 192.168.0.101
!
interface Vlan20
ip address <x.x.x.x> 255.255.255.0
ip helper-address 192.168.0.101

would <x.x.x.x> be 192.168.10.0 and 192.168.20.0 respectively?
 

...checking in to see if the forums are back up and running.....