Multiple VLANs on the Aironet 1100 series

Unanswered Question
Sep 6th, 2010

Ok, I have fried my brain trying to work this one out, we have 14 AIR-AP1121G, currently we are running a corporate WiFi on one un VLANed network. For security and because we are running out of IPs, I am trying to move to a Multi Vlan environment.

Basically i want to get al the access points running with 2/3 wirless vlans, with the BVI on a further one (for network managment.)

I am Testing the Wirlees with one access point I have in the office, with the config below, and its just not playing ball.

I have read all the articles and config guides I can find and as far as I can glean, The Config included should work.

What is happening however is the laptops connect to one of the access pints on the standard network and when i turn oon the radio interface of the one in the office, it drops out and won't connect.

The same thing happens to all wirless stations that would associate to my access point.

from the debugs on the access point it doesn't even look like the stations are trying to associate.

Can the Set-up I have proposed be implemented?

If not what solution is there?

Please Help



Access point config.txt (running-config from the access point I am testing)

ItoI.jpg (interface to Interface of the Relevant network conections I am trying to achieve)

Message was edited by: Peter Marquis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tkrnetcorp Sat, 09/18/2010 - 01:18

Hello Peter,

First let me suggest removing the node hostname and password from uploads. Even if changed, it is not needed and may pose a security risk at some point.

To solve your issue, you need a new ip addressing solution. This would be super-netting. If I understand the problem correctly, you are running out of IP addresses on the 192.168.x subnets.

You can get all the ip addresses you need by moving your vlans to a class B subnet configuration or by supernetting the class C subnets.

There are free calculators you can download that will do this for you if you are not familiar with it. As long as the default route statements are correct then routing won't be an issue.

Hopefully this helps you out, if not please provide me some more information about the specific problem you are encountering.


Peter Marquis Mon, 09/20/2010 - 05:23

Hi Ben,

         Thanks for the input, Supernetting would be a good idea, if it was Just the IP addresses running out, but the other part of the plan is for data protection, we have certain areas that need access to confidential information, and others that really shouldn't.

     Basically I want to have three wireless networks, one that has access to the internet for the public, a corporate one, and then one that has access to the corporate and the confidential information.

     Looking at it from my point of view, VLANing is the solution that should work, but it looks as though the wireless stations are not associating, even with the ssid with no authentication.

Kind Regards,


tkrnetcorp Mon, 09/20/2010 - 07:31

Hello Mr. Marquis,

If the access point is not associating with no authentication I would look at the signal strength or use a spectrum analyzer to determine if the antennas are reaching or receiving interference after making them associate on your desk.

Do you have a smartnet on the devices?

If you have a smartnet then you can open a case with cisco support for free and get installation assistance to guide you through the entire process. This might be quicker then posting here(if you get someone in the USA), but I will help any way I can.

VLan's would be the best practice for seperating networks for security, and this is what I do for schools, etc. ie; public wifi access is vlan'ed off straight to the internet so no chance of local network transversing can occur. More vlans can be added for more complex solutions. The only thing that needs to be correct for them to get a base connection is the default route.

Addressing the association issue could be multiple problems. You might need different antennas and signal boosters depending on the area of coverage. I am more experienced with the 1200waps so I don't know off hand all the 1100 capabilities for antennas. If you can associate your laptop to one AP, walk around and see if it drops off before you get to the next coverage zone. If this gives your troubles, borrow or rent a spectrum analzer for testing. I have called Fluke before and the local rep has dropped off a unit for testing, and this might work for you. Of course you might need to act like you have intentions of buying the unit if your not familiar with your local fluke rep.

First thing to try is to put the AP's on your desk, and get them associated there first, with no vlans, before remounting them. At least this would tell you if the signal strength is the issue. If you can't get the AP's associated on your desk I would open a smartnet support case.

After you get them associated then remount them and see if they hold solid(using the walkround laptop method I described). If they drop association to your laptop before you reach the next ap or the laptop doesn't hop to the closer AP let me know and I can recommend an antenna replacement that should work if yoour not dealing with interference.

If you have inteference related issues and don't have access to spectrum analyzers, try setting them to different channels to see if they work better. This will tell you at least what channel is getting the interference.

Once you have them associated and working solid, then configure vlan's and test.

Does this help?


Ben Kennington, President

TeamKennington Acumen Engineering


This Discussion

Related Content