02-11-2014 07:44 AM - edited 07-05-2021 12:09 AM
dears.
I am configuring 11 1602 sap ap in one of our customer site...he wants three ssid one of them for wireless ip phones.
the problem I am facing is when I configure the port of the ap as trunk to allow 4 vlans on it,vlan for ap and the rest three vlans for ssids.I can reach the ap and the ssids not broadcasting...I already configured my core switches with dhcp for the vlans but it is not working....
the core switches running in vrrp active passive scenario...
please guide me in fixing this since I am not very familiar with wireless solutions.
what is the best practice for this..how to do it.
Sent from Cisco Technical Support Android App
Solved! Go to Solution.
02-11-2014 08:10 AM
Hi Mohammed,
Have you added "mbssid" in the config.
Refer : https://supportforums.cisco.com/docs/DOC-16087
Also attach the running config.
Thanks
Victor
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-11-2014 08:10 AM
Hi Mohammed,
Have you added "mbssid" in the config.
Refer : https://supportforums.cisco.com/docs/DOC-16087
Also attach the running config.
Thanks
Victor
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-11-2014 08:30 AM
hi vector.
thx for your reply.
I did it ..I will attach the configuration tomorrow morning.
what about the things I have done so far..did I do it correctly...
Sent from Cisco Technical Support Android App
02-11-2014 11:55 PM
HI Mohammed,
Use this command: "MBSSID GUEST-MODE".
Dont forget to to add the global command dot11 mbssid and then over the radio interface(s) mbssid.
Regards
Dont forget to rate helpful posts
02-14-2014 04:55 AM
check the following link for the implementation and refence
http://mrncciew.com/2012/10/24/multiple-ssid-config-on-autonomous-ap/
02-16-2014 02:24 AM
Dears,
For now, i have fixed the issue of the SSID's but unfortunatily , i am not bale to give the wireless clients IP from the DHCP pool configured on the core switches.
The customer has two core switches running in VRRP and the DHCP pool for each SSID is configured with its excluded IPs, any advise on this will be highly appreciated.
02-16-2014 02:26 AM
core switch configuration and also attaching the AP configuration
ip dhcp excluded-address 10.205.81.250 10.205.81.254
ip dhcp excluded-address 10.205.82.250 10.205.82.254
ip dhcp excluded-address 10.205.81.1 10.205.81.9
ip dhcp excluded-address 10.205.82.1 10.205.82.9
ip dhcp excluded-address 10.205.80.250 10.205.80.254
ip dhcp excluded-address 10.205.80.1 10.205.80.9
!
ip dhcp pool vlan81
network 10.205.81.0 255.255.255.0
default-router 10.205.81.250
dns-server 8.8.8.8
!
ip dhcp pool vlan82
network 10.205.82.0 255.255.255.0
default-router 10.205.82.250
dns-server 8.8.8.8
!
ip dhcp pool vlan80
network 10.205.80.0 255.255.255.0
default-router 10.205.80.250
dns-server 8.8.8.8
02-16-2014 02:50 AM
found this logs about dhcp on core switch:
*Feb 16 02:30:12.498: DHCPD: Sending notification of DISCOVER:
*Feb 16 02:30:12.498: DHCPD: htype 1 chaddr 8c70.5abf.4834
*Feb 16 02:30:12.498: DHCPD: interface = Vlan1
*Feb 16 02:30:12.498: DHCPD: class id 4d53465420352e30
*Feb 16 02:30:12.498: DHCPD: Sending notification of DISCOVER:
*Feb 16 02:30:12.498: DHCPD: htype 1 chaddr 8c70.5abf.4834
*Feb 16 02:30:12.498: DHCPD: interface = Vlan1
*Feb 16 02:30:12.498: DHCPD: class id 4d53465420352e30
*Feb 16 02:30:12.498: DHCPD: there is no address pool for 10.205.60.250.
why it is trying to put it in vlan 1??? any ideas guys???
02-16-2014 10:36 AM
Hi
Post the "show run interface x/x" output of your AP connected switchport.
It should be something similar to this
interface gx/x
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 82
Regarding AP config, I would suggest WPA2 & AES encription instead of TKIP. Also configure the same subinterfaces on Radio1 interface (to give better experience for 5GHz capable client devices). Also add a default gateway pointing to BVI IP subnet gateway address.
dot11 ssid AlYemni
vlan 82
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 014A5151085A545B77141E
!
dot11 ssid AlYemni-Guests
vlan 84
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
!
dot11 ssid AlYemni-VOICE
vlan 83
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 144E455E5F55727D707A63
!
interface Dot11Radio0
encryption vlan 82 mode ciphers aes-ccm
encryption vlan 83 mode ciphers aes-ccm
encryption vlan 84 mode ciphers aes-ccm
!
interface Dot11Radio1
encryption vlan 82 mode ciphers aes-ccm
encryption vlan 83 mode ciphers aes-ccm
encryption vlan 84 mode ciphers aes-ccm
ssid AlYemni
ssid AlYemni-Guests
ssid AlYemni-VOICE
mbssid
station-role root
no shutdown
!
interface Dot11Radio1.82
encapsulation dot1Q 82 native
bridge-group 1
!
interface Dot11Radio1.83
encapsulation dot1Q 83
bridge-group 2
!
interface Dot11Radio1.84
encapsulation dot1Q 84
bridge-group 3
!
ip default-gateway 10.205.82.250
HTH
Rasika
**** Pls rate all useful responses ****
02-16-2014 11:42 PM
the output of show interface is as the following:
interface GigabitEthernet1/0/38
switchport trunk native vlan 80
switchport mode trunk
What about the BVI interface, should the ip of the interface be from the same native VLAn or what???
Currently, i am giving it from the same subnet of the native vlan, is it wrong???
02-17-2014 12:02 AM
Hi Mohammed,
Interface BVI should be on native vlan. So in your case your switchport connected to AP should be a trunkport with native vlan 82 (if your AP configuration is correct). In this case AP management & AlYemni SSID users will be on same vlan.
If vlan 80 is your native vlan for the rest of your network, then you need to create a seperate AP management interface on your AP and leave the current switchport config as it is. In that case here is the config you need to modify on your AP.
interface Dot11Radio0.80
encapsulation dot1Q 80 native
bridge-group 1
!
interface Dot11Radio0.82
encapsulation dot1Q 82 native
encapsulation dot1Q 82
bridge-group 4
!
interface GigabitEthernet0.80
encapsulation dot1Q 80 native
bridge-group 1
!
interface GigabitEthernet0.82
encapsulation dot1Q 82 native
encapsulation dot1Q 82
bridge-group 4
!
!
interface BVI1
ip address 10.205.82.1 255.255.255.0
ip address 10.205.80.1 255.255.255.0 <-Assuming this IP is free to assign for AP mgmt
!
ip default-gateway 10.205.80.250 <- Assuming this is the Gateway for vlan 80
HTH
Rasika
**** Pls rate all useful responses *****
02-17-2014 12:07 AM
hi Rasika
I did exactly as you mentioned, but still on the core switch, i can see the request from my MAC address of my laptop and the core decides to put me in VLAn 1 which is the native vlan on the switches, please advise???
Should i do something regarding the uplinks between the core switches and the edge switches???
really i am lost with this
02-17-2014 12:19 AM
Hi Mohammed,
Native vlan should be same across the board. If native vlan is 1 on your core, then that should be the native vlan on the AP connected trunk port. In that case AP BVI interface should be on vlan 1 subnet IP.
Make sure you can ping AP management IP from your core. That will verify basic reachability
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide