Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco AIR-SAP2602I

I'm trying to deploy a WiFi solution for a client. It would consist of 2 SSIDs; one for internal users with internal network access and a guest with only internal access.

I have a Sonicwall TZ215:

External IP: x.x.x.x

LAN IP: 192.168.1.1/24

DHCP Server: 192.168.5-195/24

+++++++++++++++++++++++

Cisco SG500:

v1.3.0.62 / R750_NIK_1_3_647_260

CLI v1.0

set system mode switch queues-mode 4

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

hostname xxx

ip ssh server

snmp-server location "xxx"

snmp-server contact "John Doe"

clock timezone CST 0 minutes 0

clock dhcp timezone

ip telnet server

!

interface vlan 1

ip address 192.168.1.2 255.255.255.0

no ip address dhcp

!

interface gigabitethernet1/1/1

switchport mode access

!

interface gigabitethernet1/1/2

switchport mode access

!

interface gigabitethernet1/1/3

switchport mode access

!

interface gigabitethernet1/1/4

switchport mode access

!

interface gigabitethernet1/1/5

switchport mode access

!

interface gigabitethernet1/1/6

switchport mode access

!

interface gigabitethernet1/1/7

switchport mode access

!

interface gigabitethernet1/1/8

switchport mode access

!

interface gigabitethernet1/1/9

switchport mode access

!

interface gigabitethernet1/1/10

switchport mode access

!

interface gigabitethernet1/1/11

switchport mode access

!

interface gigabitethernet1/1/12

switchport mode access

!

interface gigabitethernet1/1/13

switchport mode access

!

interface gigabitethernet1/1/14

switchport mode access

!

interface gigabitethernet1/1/15

switchport mode access

!

interface gigabitethernet1/1/16

switchport mode access

!

interface gigabitethernet1/1/17

switchport mode access

!

interface gigabitethernet1/1/18

switchport mode access

!

interface gigabitethernet1/1/19

switchport mode access

!

interface gigabitethernet1/1/20

switchport mode access

!

interface gigabitethernet1/1/21

switchport mode access

!

interface gigabitethernet1/1/22

switchport mode access

!

interface gigabitethernet1/1/23

switchport mode access

!

interface gigabitethernet1/1/24

switchport mode access

!

interface gigabitethernet1/1/25

switchport mode access

!

interface gigabitethernet1/1/26

switchport mode access

!

interface gigabitethernet1/1/27

switchport mode access

!

interface gigabitethernet1/1/28

switchport mode access

!

interface gigabitethernet1/1/29

switchport mode access

!

interface gigabitethernet1/1/30

switchport mode access

!

interface gigabitethernet1/1/31

switchport mode access

!

interface gigabitethernet1/1/32

switchport mode access

!

interface gigabitethernet1/1/33

switchport mode access

!

interface gigabitethernet1/1/34

switchport mode access

!

interface gigabitethernet1/1/35

switchport mode access

!

interface gigabitethernet1/1/36

switchport mode access

!

interface gigabitethernet1/1/37

switchport mode access

!

interface gigabitethernet1/1/38

switchport mode access

!

interface gigabitethernet1/1/39

switchport mode access

!

interface gigabitethernet1/1/40

switchport mode access

!

interface gigabitethernet1/1/41

switchport mode access

!

interface gigabitethernet1/1/42

switchport mode access

!

interface gigabitethernet1/1/43

switchport mode access

!

interface gigabitethernet1/1/44

switchport mode access

!

interface gigabitethernet1/1/45

switchport mode access

!

interface gigabitethernet1/1/46

switchport mode access

!

interface gigabitethernet1/1/47

switchport mode access

!

interface gigabitethernet1/1/48

switchport mode access

!

interface gigabitethernet1/1/51

switchport mode access

!

interface gigabitethernet1/1/52

switchport mode access

!

exit

macro auto disabled

ip default-gateway 192.168.1.1

encrypted

+++++++++++++++++++++++++++++++++++=

Cisco AIR-SAP2602I

!

! Last configuration change at 00:11:27 UTC Mon Mar 1 1993 by administrator

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname XXX

!

logging rate-limit console 9

enable secret 5 $1$RVFD$DybWHlNypzf3XsnL6RGND/

!

no aaa new-model

no ip routing

ip domain name XXX

!

!

dot11 syslog

dot11 vlan-name Guest_VLAN vlan 200

dot11 vlan-name Internal_Users vlan 300

dot11 vlan-name default vlan 1

!

dot11 ssid Internal

   vlan 300

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 05180704241A18471802161B05

!

dot11 ssid Guest

   vlan 200

   authentication open

   authentication key-management wpa

   guest-mode

   mbssid guest-mode

   infrastructure-ssid optional

   wpa-psk ascii 7 10652D4B5341151E09173E

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2946962253

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2946962253

revocation-check none

rsakeypair TP-self-signed-2946962253

!

!

crypto pki certificate chain TP-self-signed-2946962253

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32393436 39363232 3533301E 170D3933 30333031 30303431

  34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343639

  36323235 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  81009438 47D6CAB8 36B9260D D5FEFA7A DFA7E065 E47ECCA2 346674C6 54D9C004

  D6D62585 DE26A41E 447E8607 D0BD58C5 92899510 4EEBF95C 9352D082 1BB71EBF

  72D56DDC 87D55A85 4A242578 6BBD31AD E48C8354 1C7331BD 5ED9F29D 5F8B868E

  14DB0C08 3930D2D4 3266ED2D 9902DAA4 A348B722 82FCC132 6FC4BF22 DC7B9DBC

  2F010203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 149FB8D9 F772C9DE 4BC86DD9 451902F3 4994F7D8 E0301D06

  03551D0E 04160414 9FB8D9F7 72C9DE4B C86DD945 1902F349 94F7D8E0 300D0609

  2A864886 F70D0101 05050003 81810054 FBCE018A CC09679F 8CB2D20A C773DE00

  51AFA13A AB5105D5 BAAB6F2F B7CAF46A 2BFDCDDC F156593F 16C509EF 8C5215C1

  7631DEFA 9E16633C 1E89CE65 C56591B2 5BE90BD0 1941F0EA 5478924C 4C0E229D

  013743C3 2D4993E0 C44F9143 89A7A5D6 870E3A6C A772B8BB D032956F 1A5B894A

  40EC55B9 8C5E3876 7E4B45FE 3DD00B

            quit

!

!

ip ssh version 1

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

encryption vlan 100 mode ciphers aes-ccm

!

encryption vlan 200 mode ciphers aes-ccm

!

encryption vlan 300 mode ciphers aes-ccm

!

broadcast-key vlan 1 change 10000

!

broadcast-key vlan 100 change 10000

!

!

ssid Internal

!

ssid Guest

!

antenna gain 0

stbc

mbssid

station-role root

!

interface Dot11Radio0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 spanning-disabled

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers aes-ccm

!

encryption vlan 300 mode ciphers aes-ccm

!

encryption vlan 200 mode ciphers aes-ccm

!

broadcast-key vlan 1 change 10000

!

antenna gain 0

dfs band 3 block

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1

no ip route-cache

!

interface Dot11Radio1.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio1.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 spanning-disabled

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

hold-queue 160 in

!

interface GigabitEthernet0.1

encapsulation dot1Q 1

no ip route-cache

!

interface GigabitEthernet0.200

encapsulation dot1Q 200 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface GigabitEthernet0.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

bridge-group 255 spanning-disabled

no bridge-group 255 source-learning

!

interface BVI1

ip address 192.168.1.10 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.1.1

no ip http server

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

transport input all

!

end

+++++++++++++++++++++++++++++++++++++++++

I was able to get dhcp from the Sonicwall with 192.168.1.0/24, but not from the SG500. I created a scope(192.168.2.0/24 for guest; 192.168.3.0/24 for internal users) I even created DHCP scope on the AP, but cannot get an IP from that either. I creatd an ACL to allow the 192.168.3.0/24 access elewhere, and denied 192.168.2.0 access to other but internet.

If I disabled all scopes on the Sonicwall, I get an APIPA from both AP/SG500. Any thoughts?

1 REPLY

Cisco AIR-SAP2602I

What is your default VLAN?

On the AP, you configured VLAN 200 to be the native. is that the same with your othe devices?

"encapsulation dot1Q 200 native"

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
931
Views
0
Helpful
1
Replies
CreatePlease to create content