Here is the configuration example using multiple VLANs with multiple SSIDs
Components used:-
· Any MLS switch which runs IOS
· Aironet Access Points
Assumption:-
· I assume that you have configured the DHCP pool on the IOS switch or the Router or on the dedicated DHCP server.
Design:-
· Assuming we have 3 VLANs (1,2 and 3) with native as 1 and mapping to 3 different SSIDs (one , two and three) on any Aironet Access Points.
- SSID ONE uses WEP encryption
- SSID TWO uses WPA-PSK
- SSID THREE uses WPA-2-PSK
- Assuming the AP Ethernet port is connected to fa 2/1 port of the switch.
- Broadcasting all the 3 SSIDs.
Configuration on the AP:-
Step 1>> Configure the SSID and Map it to respective VLANS.
Enable
Conf t
Dot11 ssid one
Vlan 1
Authentication open
Mbssid Guest-mode
End
Enable
Conf t
Dot11 ssid two
Vlan 2
authentication open
authentication key-management wpa
wpa-psk ascii 7
Mbssid Guest-mode
End
Enable
Conf t
Dot11 ssid three
Vlan 3
authentication key-management wpa version 2
wpa-psk ascii 7
Mbssid Guest-mode
End
Step 2 >> Assigning the Encryption to different SSIDs with respective VLANs.
Enable
Int dot11 0
Mbssid
ssid one
ssid two
ssid three
encryption vlan 1 mode wep mandatory
encryption vlan 1 key 1 size 40bit <10bit key>
encryption vlan 2 mode ciphers tkip
encryption vlan 3 mode ciphers aes-ccm
Step 3 >> Configuring the sub interface for Dot11 radio 0 and Ethernet.
AP# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
AP(config)# interface Dot11Radio0.1
AP(config-subif)# encapsulation dot1Q 1 native
AP(config-subif)#bridge group 1
AP(config-subif)# interface FastEthernet0.1
AP(config-subif)#bridge group 1
AP(config-subif)# encapsulation dot1Q 1 native
AP(config-subif)# end
AP# write memory
AP(config)# interface Dot11Radio0.2
AP(config-subif)# encapsulation dot1Q 2
AP(config-subif)#bridge group 2
AP(config-subif)# interface FastEthernet0.2
AP(config-subif)#bridge group 2
AP(config-subif)# encapsulation dot1Q 2
AP(config-subif)# end
AP# write memory
AP(config)# interface Dot11Radio0.3
AP(config-subif)# encapsulation dot1Q 3
AP(config-subif)#bridge group 3
AP(config-subif)# interface FastEthernet0.3
AP(config-subif)#bridge group 3
AP(config-subif)# encapsulation dot1Q 3
AP(config-subif)# end
AP# write memory
AP(config)#bridge irb
Ap(config)# bridge 1 route ip
Ap(config)# end
Ap#wr
Configuration on the Switch:-
en
conf t
int fa 2/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,2,3
end
Step 4>> Verification
On the AP issue the command “show dot11 associations” and you need to see all the 3 SSIDs
ap#show dot11 associations
802.11 Client Stations on Dot11Radio0:
SSID [one] :
SSID [two] :
SSID [three] :
2. Try pinging from the AP to the Switch VLAN interface, you should be able to ping.
MANAGING THE AP WITH MANAGEMENT IP ADDRESS
This is done by assigning the IP address to the BVI interface of the AP, that is.
Enable
Conf t
Int bvi 1
Ip address
No shut
End
Verify:-
Issue the command “show ip int br” on the AP and check if all the interfaces are up and running.
This is it!!
PS :
Here is the Video as well on the same!!
Posts
No comments:
Post a Comment