cisco 1200 ap vlan

Unanswered Question

I'm trying to make sure the configuration of the ap's works with our network cisco 3550 switches.


This is the configuration for one of our APs.

!

version 12.3

no service pad


hostname Admin_6

!

!

clock timezone GMT -5

clock summer-time R recurring

ip subnet-zero

ip name-server 172.31.13.13

!

!

aaa new-model

!

!

aaa group server radius rad_eap

server 172.31.13.13 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

server 172.31.13.13 auth-port 1645 acct-port 1646

!

aaa group server radius rad_acct

server 172.31.13.13 auth-port 1645 acct-port 1646

!

aaa group server radius rad_admin

server 172.31.13.13 auth-port 1645 acct-port 1646

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

dot11 activity-timeout unknown default 600

dot11 activity-timeout client default 600

dot11 vlan-name Native vlan 300

dot11 vlan-name pennstate vlan 301

!

dot11 ssid pennstate

vlan 301

authentication open

guest-mode

!

dot11 arp-cache

dot11 phone

!

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid pennstate

!

countermeasure tkip hold-time 1

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

power local cck 1

power local ofdm 1

no power client local

power client 5

no preamble-short

channel least-congested 2412 2437 2462

station-role root access-point fallback shutdown

!

interface Dot11Radio0.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

!

interface Dot11Radio0.301

encapsulation dot1Q 301

no ip route-cache

bridge-group 254

bridge-group 254 subscriber-loop-control

bridge-group 254 block-unknown-source

no bridge-group 254 source-learning

no bridge-group 254 unicast-flooding

bridge-group 254 spanning-disabled

!

interface FastEthernet0.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface FastEthernet0.301

encapsulation dot1Q 301

no ip route-cache

bridge-group 254

no bridge-group 254 source-learning

bridge-group 254 spanning-disabled

!

interface BVI1

ip address 172.31.13.65 255.255.255.0

no ip route-cache

!

ip default-gateway 172.31.13.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

snmp-server community b0wl1ng RW

snmp-server community BROWSE RO

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps entity

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps cpu threshold

snmp-server enable traps aaa_server

snmp-server host 172.31.13.14 b0wl1ng

radius-server attribute 32 include-in-access-req format %h

radius-server host 172.31.13.13 auth-port 1645 acct-port 1646 key 7 052D273D121F1D3B

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

wlccp ap username WDSuser password

!

line con 0

line vty 0 4

!

end





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dancampb Fri, 07/24/2009 - 05:35
User Badges:
  • Cisco Employee,

This is not a valid configuration. You need to have a bridge-group 1 defined and associated with the native VLAN. Currently you don't have either.

ok, my bigest concern is how to setup the cisco 3550 to make sure it will accept the vlans created on the APs.


APs has two VLANs

301 - wireless clients

300 - Access Point Management Ip address


on the Cisco 3550:


I used also 300 to manage the cisco switch.


So, how to do I configure the switch to allow the APs vlan to go thru the router?

Here is the configuration for the cisco 3550


en

Config t

hostname LV-126B-W-13-3

!

enable secret 5 $1$27ar$DnvrYBhnNW5eyTF2JgHIe.

enable password 7 0307585A5E5A744058

!

username admin password 7 1414115A54517F2732


!

ip domain-name lv.psu.edu

ip ssh version 2

!

int range f0/1 - 24

description Wireless

switchport access vlan 300-301

switchport mode access

no shut

!

interface GigabitEthernet0/1

description Trunk to Cisco6509 router

switchport trunk encapsulation dot1q

switchport trunk native vlan 300

switchport mode trunk

no shut

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

no shut

!

interface Vlan1

no ip address

no shut

!

interface Vlan300

description Academic

ip address 172.31.13.3 255.255.255.0

no ip route-cache

no shut

!

ip default-gateway 172.31.13.1

ip classless

ip http server

ip http secure-server

!

!

!

banner motd #

*****************************************************

*****************************************************

** **

** WARNING: Unauthorized access to this system **

** is forbidden and will be prosecuted by law. **

** By accessing this system, you agree that your **

** actions may be monitored if unauthorized usage **

** is suspected. Only authorized Penn State **

** Lehigh Valley Campus **

*****************************************************

*****************************************************

#

!

line con 0

exec-timeout 0 0

line vty 0 4

password 7 1511085D5C7F7E283E

login local

transport input telnet ssh

line vty 5 15

password 7 094F4D584150421E1D

no login

!

end

wr








Thanks

Actions

This Discussion