VLAN Help 1240AG

Unanswered Question
Mar 27th, 2008

Need a secure and unsecure SSID

I create my SSID's, assign vlans

The only way it works is if the SSID is on the native VLAn

I have my switchport trunking the vlan's

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mirek.tichy_2 Fri, 03/28/2008 - 01:51

Hello,

try something like below. VLAN 11 is secure with 802.1x EAP security, VLAN 22 is insecure, VLAN 33 is only for management of the AP. On the switch is set up as native but it isn't propagate by the radio. Hope this help.

MiTi

aaa new-model

!

!

aaa group server radius acs_praha

server 10.10.10.10 auth-port 1645 acct-port 1646

!

aaa authentication login default group acs_praha local

aaa authentication login method_client group acs_praha

aaa authentication login method_local local

aaa authorization exec default group acs_praha if-authenticated

aaa authorization exec method_local local

aaa session-id common

!

dot11 ssid wifi1

vlan 11

authentication open eap method_client

authentication network-eap method_client

authentication key-management wpa

!

dot11 ssid wifi2

vlan 22

authentication open

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 11 mode ciphers tkip

!

ssid wifi1

!

ssid wifi2

!

bridge-group 1

!

interface Dot11Radio0.11

encapsulation dot1Q 11

bridge-group 11

!

interface Dot11Radio0.22

encapsulation dot1Q 22

bridge-group 22

!

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.11

encapsulation dot1Q 11

bridge-group 11

!

interface FastEthernet0.22

encapsulation dot1Q 22

bridge-group 22

!

interface FastEthernet0.33

encapsulation dot1Q 33 native

bridge-group 1

!

interface BVI1

ip address 10.0.0.10 255.255.255.0

no ip route-cache

!

ip default-gateway 10.0.0.1

radius-server host 10.0.0.11 auth-port 1645 acct-port 1646 key mysecret

!

bridge 1 route ip

!

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode