11-23-2007 02:52 PM - edited 07-03-2021 02:59 PM
When I configure multiple ssids they seem to work fine until I add any sort of security.
When a add a simple WEP key my data vlan works fine, I can get to all the interfaces and networks, but my voice vlan does not it does get an IP from the dhcp server but I cannot ping any networks inside the router or from the router to the Voice Vlan.
I think that I'm following the rules correctly
Can any one provide any advice on how to fix my problem?
Attached is my basic config and the only changes I make are the following:
encryption vlan 20 key 1 size 128bit xxx transmit-key
encryption vlan 20 mode wep mandatory
encryption vlan 100 mode wep mandatory
11-25-2007 03:38 PM
I've never used a HWIC AP before, but I think you might have the wrong end of the stick on a couple of things.
Take a look at the following config and see what you think. This uses VLAN50 for the AP Management Address and VLANs 100 & 200 for client traffic.
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 200 key 1 size 40bit 7 <
encryption vlan 200 mode wep mandatory
!
encryption vlan 100 key 1 size 40bit 7 <
encryption vlan 100 mode wep mandatory
!
ssid BMS_network
vlan 200
authentication open
!
ssid data_network
vlan 100
authentication open
!
short-slot-time
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 200 key 1 size 40bit 7 <
encryption vlan 200 mode wep mandatory
!
encryption vlan 100 key 2 size 40bit 7 <
encryption vlan 100 mode wep mandatory
!
ssid BMS_network
vlan 200
authentication open
!
ssid data_network
vlan 100
authentication open
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio1.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface BVI1
ip address 192.168.50.9 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.50.254
bridge 1 route ip
12-28-2007 05:53 PM
I have not got the chance to review and implement your suggestion because I for some reason utilized WPA instead of WEP and every thing seems to work fine with WPA. That was the only thing I changed in my config. When i get the chance I'll to try WEP becuase it should of worked as well.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: