cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
149242
Views
57
Helpful
6
Comments
Madhuri C
Cisco Employee
Cisco Employee

 

 

Introduction

 

Autonomous AP and Bridge Basic Configuration Template

 

 

 

Configuration Example

 

Configuring an IOS AP

 

1. Creating an SSID

 

AP#

  Configure terminal

  Dot11 ssid <ssid_name>

   Authentication open

   Guest-mode                                               <--- To broadcast the SSID

 

2. Configuring AP as a DHCP server

 

 

AP#

Configure terminal

  Ip dhcp excluded-address                         <---List of IP addresses to be excluded>

  Ip dhcp pool <pool name>

    Network <network id> <mask>

    Default-router <IP address>

 

3. Configuring radio interface

 

Configure terminal

Int dot11radio0  or  Intdot11radio1

    Ssid <ssid_name>                                    <--- Map the SSID to radio interface

    Station-role root

    bridge-group

    no shut

 

 

4. Configuring Ethernet interface

 

 

interface FastEthernet0

  bridge-group 1

 

5. Configure the BVI interface

 

 

interface BVI1

ip address <ip address> <mask>

6.

6. Specify the default gateway

 

  ip default-gateway <ip_address>

 

7. Configuring  radio sub interfaces

 

If there are multiple vlans(For ex,vlans 1,2,3 in this case), configure one of the vlan to be native depending on your network/switchport config and map it to bridge-group 1

 

 

Conf t

interface Dot11Radio0.1

  encapsulation dot1Q 1 native

  bridge-group 1

 

 

interface Dot11Radio0.2

encapsulation dot1Q 2

  bridge-group 2

 

 

interface Dot11Radio0.3

encapsulation dot1Q 3

  bridge-group 3

 

 

 

8. Configuring fa sub interfaces for multiple vlans

 

 

interface fa0.1

encapsulation dot1Q 1 native

  bridge-group 1

 

interface fa0.2

encapsulation dot1Q 2

  bridge-group 2

 

 

interface fa0.3

encapsulation dot1Q 2

  bridge-group 3

 

 

 

9. Enabling mbssid if multiple ssids needs to be broadcast

 

 

Interface dot11 0

  Mbssid

 

 

Dot11 ssid <ssid_name>

Mbssid guest-mode

 

10. SSID and vlan mapping for multiplevlans/ssids

 

Conf t

  Dot11 ssid <ssid1>

  Vlan 1

 

 

Dot11 ssid <ssid2>

Vlan 2

 

 

11. Speed, channel and power settings

Conf t

Int dot11 0

 

Speed range  or Speed throughput

 

Power local max

Or

 

Powerlocal cck max

Powerlocal ofdm max

 

Channel <number> or <least-congested>

 

 

12. Enabling http and https to access GUI

 

Conft

ip http server

ip http secure-server

ip http authentication local

 

 

 

13. WEP configuration

 

 

Configuration if there are multiplevlans and if SSIDs are mapped to vlans:

 

Conf t

interface Dot11Radio0

      encryption vlan <id> mode wepmandatory

encryption vlan <id> key<slot> size 128bit 0 <encryption key> transmit-key

 

 

or

 

 

Configuration if there is a single vlans and if SSID is notmapped to vlan explicitly”

Conf t

interface Dot11Radio0

       encryptionmode wep mandatory

encryption key <slot> size 40bit 0 <encryption key> transmit-key

 

 

14. WPA1 configuration

 

 

Configure terminal

interface dot11Radio 0

    encryption vlan <id> modeciphers tkip

 

     (or )

 

    encryption mode ciphers tkip               <--- Configuration if SSID is not mapped to vlans explicitly

 

 

exit

 

dot11 ssid <ssid_name>

authentication open

  authentication key-management wpa

  wpa-psk ascii <Enter pre-shared_key>

 

 

15.  WPA2 configuration

 

Configure terminal

interface dot11Radio 0

  encryption vlan <id> mode ciphers aes-ccm

 

  (or)

 

  encryption mode ciphers aes-ccm           <--- Configuraton if SSID is not mapped to vlans explicitly

exit

 

 

dot11 ssid <ssid_name>

authentication open

  authentication key-management wpa version 2

 

  wpa-psk ascii <Enter pre-shared_key>

 

16. Configuration on switchport

 

switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1,2,3

 

 

 

 

Bridge Configuration

 

Unlike APs, bridges would have a single SSID mapped to native VLAN for bridging. The SSID, Encryption, Authentication on root and non root bridges should match.

 

1. Configuration Root bridge

 

dot11 ssid bridging

   vlan 1

   infrastructure-ssid                     <--- Use infrastructure-ssid optional ifwireless clients are to be connected too

 

int dot11 0

station-role root bridge

 

or

 

station-role root bridge wireless-clients               <--- Bridging and allow client association too

 

 

interfaceDot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

 

 

interfaceDot11Radio0.2

encapsulation dot1Q 2

bridge-group 2

 

 

interfaceFastEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

 

 

interfaceFastEthernet0.2

encapsulation dot1Q 2

bridge-group 2

 

 

 

2.  Configurationon Non Root bridge

 

dot11 ssid bridging

   vlan 1

   infrastructure-ssid

 

 

int dot11 0

station-role non-root bridge

 

(or)

 

station-role non-root bridge wireless-clients                <--- Bridging and allow client association too

 

 

interfaceDot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

 

interfaceDot11Radio0.2

encapsulation dot1Q 2

bridge-group 2

 

 

interfaceFastEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

 

 

interfaceFastEthernet0.2

encapsulation dot1Q 2

bridge-group 2

 

 

 

Useful commands

 

-  ‘Show dot11 associations all’ to check details of associated clients.

 

-   ‘Show controllers dot11 0’ to check the current channel,current and available power values, number of mbssids.

 

-   ‘Dot11 dot11radio 0 carrier busy and show dot11 carrier busy’ shows the interference percentage for every channel which can be used to select the channel with least interference.

 

 

Useful links

 

Vlans on APs and bridges

 

Complete configuration guide of AP

 

Configuration Examples and TechNotes

 

 

Comments
Vinay Sharma
Level 7
Level 7

Madhuri great information. thanks for sharing and keep it up

pjhingra
Level 1
Level 1

Excellent documentation. Pls add a network diagram for completeness.

greylingch
Community Member

Thank you for being awesome !

vitor.oliveira1
Level 1
Level 1

Are you using telnet?

louhutchinson
Community Member

Wireless Bridging Diagram:

AP1 <===> AP2

brianalster
Level 1
Level 1

Not sure if anyone is still monitoring this, but....

There are a few references in this document to bridge-groups 2 & 3, however, I do not see where they are ever applied to an interface (like bridge-group 1 is to Gig0 is in section 4).  Can someone explain how the different bridge-groups are implemented and why?  I am trying to set up a point to multi-point wireless connection and I'm wondering if I need to configure bridge-groups for each remote building (i.e. bridge-group 2 vlans would be directed to building #2 and bridge-group 3 vlans would be directed to building #3, etc.)  I'm just not understanding how the bridge-groups in the configuration example are supposed to function.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: