06-15-2016 11:25 PM - edited 07-05-2021 05:14 AM
Hi,
My question is if I have a single SSID on an autonomous AP so do i have to use the native vlan too. I mean what is the best practice in this case if the wireless vlan is say 10.
Also do i have to use the bvi-1 or i have to creat another bvi for that vlan?
Thanks
Solved! Go to Solution.
06-15-2016 11:31 PM
As per my experience...its not a must to use native vlan.
No you have to use only one BVI interface.
Just like this:
Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 20 cipher aes
!
ind d0.10
encapsulation dot1q 10
!
ind d1.10
encapsulation dot1q 10
!
ind gig0.10
encapsulation dot1q 10
!
int bvi1
ip address <ip><mask>
Regards
Dont forget to rate helpful posts
06-15-2016 11:56 PM
And if you want to use a mgmt vlan and other vlan is for client then your config must look like this:
Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 10 cipher aes
!
!
ind d0.1
encapsulation dot1q 1
bridge-group 1
!
ind d1.1
encapsulation dot1q 1
bridge-group 1
!
ind gig0.1
encapsulation dot1q 1
bridge-group 1
!
ind d0.10
encapsulation dot1q 10
bridge-group 10
!
ind d1.10
encapsulation dot1q 10
bridge-group 10
!
ind gig0.10
encapsulation dot1q 10
bridge-group 10
!
int bvi1
ip address <ip><mask>
Configuration from the Switch Side
conf t
int Gig 1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,2
Regards
Dont forget to rate helpful posts
06-15-2016 11:31 PM
As per my experience...its not a must to use native vlan.
No you have to use only one BVI interface.
Just like this:
Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 20 cipher aes
!
ind d0.10
encapsulation dot1q 10
!
ind d1.10
encapsulation dot1q 10
!
ind gig0.10
encapsulation dot1q 10
!
int bvi1
ip address <ip><mask>
Regards
Dont forget to rate helpful posts
06-15-2016 11:50 PM
Ok fine thanks alot bro.
03-28-2019 04:16 AM
Hi
Is Dot1Q a must even though the AP is in autonomous mode using a single ssid and the switchport is configured as access port only.
Thanks
Ashish
06-15-2016 11:56 PM
And if you want to use a mgmt vlan and other vlan is for client then your config must look like this:
Conf ter
!
Dot11 ssid ABC
Vlan 10
Authentication open
Authentication key-management wpa version2
wpa-psk ascii cisco123
Guest-mode
!
ind d0
ssid ABC
encryption vlan 10 cipher aes
!
ind d1
ssid ABC
encryption vlan 10 cipher aes
!
!
ind d0.1
encapsulation dot1q 1
bridge-group 1
!
ind d1.1
encapsulation dot1q 1
bridge-group 1
!
ind gig0.1
encapsulation dot1q 1
bridge-group 1
!
ind d0.10
encapsulation dot1q 10
bridge-group 10
!
ind d1.10
encapsulation dot1q 10
bridge-group 10
!
ind gig0.10
encapsulation dot1q 10
bridge-group 10
!
int bvi1
ip address <ip><mask>
Configuration from the Switch Side
conf t
int Gig 1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,2
Regards
Dont forget to rate helpful posts
12-29-2020 11:15 PM
Hi,
In the following video step by step process has been shown How to Configure Cisco AIRONET 3602i Autonomous/Standalone Access Point using CLI with WPAv2 Authentication Key.
https://www.youtube.com/channel/UCmZZ2BNGXQH1HPS3uIVnr7A?sub_confirmation=1
https://www.youtube.com/watch?v=JkUfTXuwj2U
============ For 2.4 GHz Radio Interface ============
Step 1: Access Cisco AP|Reset AP| Assign static IP for BVI1 Interface |Default-gateway IP
ap>enable
Password: Cisco [Cisco AP default Password]
## Reset the Access Point with pressing and holding mode button ##
ap#configure terminal
ap(config)#interface bvI 1
ap(config-if)#ip address 192.168.2.4 255.255.255.0 [According to my network setup]
ap(config-if)#exit
ap(config)#ip default-gateway 192.168.2.1 [According to my network setup]
Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication
ap(config)#dot11 ssid Cisco_WLAN [ Create SSID named Cisco_WLAN]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit
Step 3: Enable Encryption to 4.2GHz Radio interface | Apply SSID to interface| Enable Radio Interface
ap(config)#interface dot11Radio 0 [Selecting 4.2 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN [Applying SSID to Radio interface]
ap(config-if)#channel least-congested [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 4.2 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
================ For 5 GHz Radio Interface =======================
Step 2: Creating SSID | Authentication | Applying WPAv2 Authentication
ap(config)#dot11 ssid Cisco_WLAN 5GHz [ Create SSID named Cisco_WLAN 5GHz ]
ap(config-ssid)#guest-mode [Broadcast SSID]
ap(config-ssid)#authentication open [allows any device to authenticate]
ap(config-ssid)#authentication key-management wpa version 2 [Applying WPAv2 Authentication]
ap(config-ssid)#wpa-psk ascii Cisco123 [Applying WPA Shared Key ]
ap(config-ssid)#exit
Step 3: Enable Encryption to 5 GHz Radio interface | Apply SSID to interface| Enable Radio Interface
ap(config)#interface dot11Radio 1 [Selecting 5 GHz Radio interface]
ap(config-if)#encryption mode ciphers aes-ccm [Enabling CIPHER AES-CCM Encryption to interface]
ap(config-if)#ssid Cisco_WLAN 5GHz [Applying SSID to Radio interface]
ap(config-if)# channel 36 [Selecting Channel type]
ap(config-if)#no shutdown [Finally Enabling the 5 GHz Radio Interface]
ap(config-if)#exit
ap(config)#exit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide