aironet 2600 in standalone mode

Unanswered Question
Feb 19th, 2013

hi,

I have to set up the AP in a standalone mode to support voice and data traffic through the wireless network.

for this, i was trying to look for the config guide so i know how to go about it, but all the doc was refering to controller based setup.

i followed this link

http://http://www.cisco.com/en/US/partner/docs/wireless/access_point/2600/quick/guide/ap2600getstart.html

I have never worked on wireless in a standalone mode, so this is the first time i will be doing it. If you have any suggestions along with the links where i can read more about it that would very helpful. thanks!

regards,

mohit

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Scott Fella Tue, 02/19/2013 - 20:23

Might want to look at this

https://supportforums.cisco.com/docs/DOC-14496

Sent from Cisco Technical Support iPhone App

Scott Fella Tue, 02/19/2013 - 20:24

Here is another link

http://timrousset.blogspot.com/2011/05/autonomous-ap-voice-qos.html?m=1

Sent from Cisco Technical Support iPhone App

chauhan_mohit Wed, 02/20/2013 - 23:32

Thanks Scott. I read through the links you advised and also came across the comprehensive guide from cisco at

http://www.cisco.com/en/US/docs/wireless/access_point/12.4.25d.JA/Configuration/guide/cg_12_4_25d_JA.html, thought i should share with all.

So finally I have been able to draft a simple template for my config, but just wanted to clarify it:

my setup is fairly simple, just one SSID to use, so this is how i think i shuold be doing:

dot11 ssid test

vlan 100

authentication open

authentication key-management wpa version 2

wpa-psk ascii

int dot11radio0

encryption mode ciphers aes-ccm

mbssid

speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

station-role root

no shut

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

int dot11radio1

encrption mode ciphers aes-ccm

mbssid

no dfs band block

beamform ofdm

speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel width 40-above

channel dfs

station-role root

no shut

int dot11radio1.100

encap dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

int go

no ip address

no ip route-cache

duplex auto

speed auto

no shut

int g0.200

encap dot1Q 200 native

bridge-group 200

no cdp enable

int g0.100

encap dot1Q 100

bridge-group 100

no cdp enable

interface BVI1

description ***** AP Management Network *****

ip address 192.168.200.10 255.255.255.0

no shut

ip default-gateway 192.168.200.1

The switch port on the other side would be trunk with native VLAN 200 and allowed 100 and 200.

My concern above is also the BVI1, do I need to change the number 1 (default) to 200 which is my native vlan or that should be fine.

Thanks in advance!

Regards,

Mohit

kcnajaf@25070 Wed, 02/20/2013 - 23:54

Hi Mohit,

You will have to use the bridge-group 1 under the interfaces to map the BVI 1 interface with radio and physical interfaces. So you can modify your configurations as below.

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

interface Dot11Radio0.200

encapsulation dot1Q 200 native

no ip route-cache

no cdp enable

bridge-group 1

!

int g0.200

encap dot1Q 200 native

bridge-group 1

no cdp enable

!

int g0.100

encap dot1Q 100

bridge-group 100

no cdp enable

!

bridge 1 route ip

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!

chauhan_mohit Thu, 02/21/2013 - 00:03

Hi Najaf,

thanks for the above.

Could i also do the other way, like

int bvi1

no ip address

shut

int bvi200

ip address 192.168.200.10 255.255.255.0

no shut

and leave the int  g0.200 config as it is.

Also wanted to confirm why would i need to use int "dot11radio0.200" here? I dont intend to use vlan 200 on the wireless. is it still required?

Regards,

Mohit

kcnajaf@25070 Thu, 02/21/2013 - 00:18

Hi Mohit,

You could give a try :-) But i'm sure that you will not be able to remove the BVI1 interface.

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!

chauhan_mohit Thu, 02/21/2013 - 00:25

Alright no worries i will try that out and let you know. The only thing is that it will take some time cos i just got to know that my client havent received the hardware yet, so i will need to wait until that happens.

shall keep you posted.

PS: just realised that i did not see your comments regarding my second Q which was:

Also wanted to confirm why would i need to use int "dot11radio0.200" here? I dont intend to use vlan 200 on the wireless. is it still required?

thanks Najaf!

kcnajaf@25070 Thu, 02/21/2013 - 00:46

Hi Mohit,

Access Points does bridging, which means takes the traffic on the BVI interface (since ip address is assigned to this interface this interface is used for routing) and bridges this traffic to both radio and physical interface and vice versa.

So the BVI interface which you are planning to use has to be mapped to one radio and physical interface. So inorder to achive this mapping we are creating the dot0.200 interface.

Hope that helps.

Regards

Najaf

chauhan_mohit Thu, 02/21/2013 - 00:56

alright but by doign this we are not propagating that as an SSID unless we create one explicitly?

kcnajaf@25070 Thu, 02/21/2013 - 02:03

Hi,

That is right. This is notthing to do with the SSID. SSID propagation should have specific configurations and just creating an subinterface will not propagate an SSID.

Hope that helps.

Regards

Najaf

chauhan_mohit Tue, 03/12/2013 - 01:04

Hi Najaf,

Finally i have got the APs to start working on it.

Quick Q, i was geting the AP ready with the discussed configuration but somehow realized that the laptop couldnt see the SSID i had programmed on the AP until i removed the "mbssid" from the radio config, i could start seeing the SSID.

interface Dot11Radio0

no ip address

no ip route-cache

encryption vlan 100 mode ciphers aes-ccm

ssid ABC

mbssid

...

...

Having this turned off should not cause any issue?

Also, I was trying to run

"encryption mode ciphers aes-ccm

ssid ABC"

This was giving error that

"Mar 12 07:09:28.143: %DOT11-4-NO_SSID_OR_NO_VLAN: No SSID configured. Dot11Radio0 not started."

And thats the reason I switched to "encryption vlan 100 mode ciphers aes-ccm"

maldehne Tue, 03/12/2013 - 01:37

If you have single ssid yo be broadcasted all you need to do

is to add guest-mode command under the ssid configuration mode

to have the ssid broadcasted in the AP beacon frames.

If you want to have more than one ssid to be broadcasted in beacon frames

you have to add mbssid guest-mode command under the ssid configuration mode

and then add mbssid command under the radio interface cofiguration mode.

For the error message , if you have your ssid mapped to certain vlan

you should add

encryption vlan mode .....

-----------------------------------------------------------------------------------------------------

Please make sure to rate correct answers

chauhan_mohit Tue, 03/12/2013 - 21:07

Thanks for the info there. I am going to the site tomorrow to test this with the wireless phones. shall update how i go?

Quick Q, these wireless phones will roam easily from one AP to the other? there wasn't anything that I remember like RF domain on the APs to be programmed so I am not sure how the wireless client would roam from one AP to the other?

The single SSID is set the same way on both APs and both connecting to the same switch via the trunk ports.

kcnajaf@25070 Tue, 03/12/2013 - 21:21

Hi Mohit,

Sure...

Any wireless device are programmed in such a way that they will try connecting to the SSID if both device and AP have the same SSID. In your case both your AP's are configured with the same SSID and wireless phones are also configured with same SSID. So by default wireless phone would connect to any one of the AP (there are various parameter a client will consider before connecting to an AP). One of the factor which all most all client consider the received signal strength from AP. If wireless phone get signals from both AP it would most likely conenct to the AP which offer highest signal strength. So while phone is moving it would be able to seamlessly roam between the AP as long as it is able to pick up signal from each AP.

One thing you have to understand is that the AP does not have any role in roaming. It is the clients which decided when to roam and which AP it has to roam.

Hope that helps.

Regards

Najaf

chauhan_mohit Tue, 03/12/2013 - 21:25

Hi Najaf,

thanks for the quick reply.

While I was waiting for someone to reply, i was reading through the cisco website and came across the term WDS which it says is needed for quick roaming, especially for delay sensitive traffic such as voice. So you reckon I should go on that path and see how i can program it on the AP?

Regards,

Mohit

kcnajaf@25070 Tue, 03/12/2013 - 22:07

Hi Mohit,

How many AP's you have on your network? If is this 1 or 2 there is nothing much WDS can offer you. Also another factor is what authetication you are planning to use. If this is some sort of EAP flavour WDS will benefit while if you are planning to use pre-shared keys then i dont think WDS will help you.

Hope that helps.

Regards

Najaf

chauhan_mohit Tue, 03/12/2013 - 22:32

Hi Najaf

yes we just have 3 APs in all. And we are only using PSK for authentication.

So if that is the case you reckon the below config should be good enough....likewise rest of the APs are configured except of the BVI ip address.

hostname AP1
enable secret 5 $1$Ffyw$jgy4scPLYfBlprgAP1KFL/
!
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
no ip routing
ip domain name XYZ.com
!
!
dot11 syslog
!
dot11 ssid XXX
   vlan 100
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 1331470B5B18241D0B
!
dot11 arp-cache
dot11 phone dot11e
ip ssh version 2
bridge irb
!
interface Dot11Radio0
encryption vlan 100 mode ciphers aes-ccm
ssid XXX
antenna gain 0
stbc
speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
packet speed  5.5 11.0 6.0 12.0 24.0 priority 6
station-role root
rts threshold 2312
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio0.200
encapsulation dot1Q 200 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
encryption vlan 100 mode ciphers aes-ccm
ssid XXX
antenna gain 0
no dfs band block
stbc
speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
packet speed  6.0 12.0 24.0 priority 6
channel width 40-above
channel dfs
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio1.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio1.200
encapsulation dot1Q 200 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
!
interface GigabitEthernet0.200
encapsulation dot1Q 200 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description ***** AP Management Network *****
ip address a.b.c.10 255.255.255.0
no ip route-cache
!
ip default-gateway a.b.c.1
no ip http server
ip http secure-server
access-list 111 permit tcp any any neq telnet
!
bridge 1 route ip
!
!
line con 0
access-class 111 in
logging synchronous
line vty 0 4
access-class 111 in
transport input ssh
line vty 5 15
access-class 111 in
transport input ssh
!
end


maldehne Tue, 03/12/2013 - 23:37

connectivity wise you should be ok.

If you need some tuning on voice , can you let me know what is the phone model that you have ?

-----------------------------------------------------------------

Please make sure to rate correct answers

kcnajaf@25070 Tue, 03/12/2013 - 23:47

Hi Mohit,

It would be ideal for you to reconfigure the channel since you are using three AP's. After applying the above configuration you can mannually configure non-overlapping channels (1, 6 & 11) on each AP as below.

AP1

-----

conf terminal

int dot11radio0

channel 1

AP2

-----

conf terminal

int dot11radio0

channel 6

AP3

-----

conf terminal

int dot11radio0

channel 11

Regards

Najaf

chauhan_mohit Wed, 03/13/2013 - 00:29

Thanks Najaf, I'll do that and let you know. But how about the 5GHz speed, shall i leave it as it is?

kcnajaf@25070 Wed, 03/13/2013 - 00:48

Hi Mohit,

You can leave 5GHZ as is. You will not be able to change it :-)

Regards

Najaf

Actions

Login or Register to take actions

This Discussion

Posted February 19, 2013 at 8:20 PM
Stats:
Replies:22 Avg. Rating:
Views:6430 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard