cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
945
Views
0
Helpful
9
Replies

Adding wireless to the Network

James Simpson
Level 1
Level 1

Hi All

I currently have a lab in place where I am using multiple Vlans with different Ip ranges using SVI's

I want to add a stand alone AP with the core switch a cting as the DHCP server.

i have 2 vlans 10.8.5.0/24 10.8.6.0/24 I have reserved the 1st 10 address in each ranges.

Gateways vlan 5 10.8.5.1/24

               vlan 6 10.8.6.1/24         

I want to configure a trunk port on the switch for the AP to connect to

ap(config)#Dot11 ssid HR

ap(config-ssid)#authentication open

ap(config-ssid)#guest-mode

ap(config-ssid)#exit

ap(config)#Dot11 ssid staff

ap(config-ssid)#authentication open

ap(config-ssid)#guest-mode

ap(config-ssid)#exit

Do I simply just need to configure sub interfaces on the radio's and the physical interface using

encapsulation dot1q 5

encapsulation dot1q 6

and adding the bridge groups in on both sets of interfaces.

add the BVI 1 interface 10.8.5.9

will this be enough to get me going ???

Thanks

Will this be

2 Accepted Solutions

Accepted Solutions

Hi James,

Glad to hear that

Please mark the thread as "Answered" if your issue is resolved.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Please rate if helpful and mark as answered if your issue is resolved.
You need to match native vlan on AP and trunk port.
Do you have vlan 5 as a native vlan on the trunk port connected to the AP? If not please do it.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"

View solution in original post

9 Replies 9

Amjad Abdullah
VIP Alumni
VIP Alumni

You need at least one sub-interface to be on the native vlan.

encapsulation dot1q 1 native (supposing that the vlan 1 is the native).

For the others you simply (encapsulation dot1q 5) and same for vlan 6.

BVI 1 ip address must be in native vlan subnet range. It will not work if it is on a tagged VLAN. it must be untagged.

sub-interfaces tagging (and bridge-group number also) must be the same on radio and ethernet intefaces. i.e. subinterface dot11radio0.5 or dot11radio 1.5 must have same encapsulation as fastethernet 0.5 (or gigethernet 0.5).

sample config

mbssid guest-mode ----------> enables multiple SSIDs on the AP.

Dot11 ssid HR

authentication open

mbssid guest-mode  --------------> mbssid keyword is needed if multiple SSIDs need to be broadcasted.

vlan 5               --------------> you need to specify the VLAN to which the SSID is mapped.

int dot11radio0

ssid HR ----------> broadcast ssid HR on radio 0.

!

encryption vlan 5 mode cipher ..... -------------> specify the encryption type of the VLAN 5 ssid if needed.

!

(same above config need to be applied to dot11radio1 if the WLAN need to be on 5 GHz radio as well).

!

interface dot11radio 0.1

encapsulation dot1q 1 native ---------> this is the native vlan.

bridge-group 1 -----------> bridge group 1 need to be under the native vlan sub-interface.

!

!

interface dot11radio 1.1

encapsulation dot1q 1 native ---------> this is the native vlan.

bridge-group 1 -----------> bridge group 1 need to be under the native vlan sub-interface.

!

!

intreface fastethernet 0.1

encapsulation dot1q 1 native

bridge-group 1

!
!

interface dot11radio 0.5

encapsulation dot1q 5

bridge-group 5

!

interface dot11radio 1.5

encapsulation dot1q 5

bridge-group 5

!

interface fastethernet 0.5

encapsulation dot1q 5

bridge-group 5

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hi Thanks for that Amjad

for That im still cant get the BVI 1 interface up and the AP to send beacons. I have the output of the config below.

I understand that there may be some additional config in there, that is not relavant.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
logging rate-limit console 9
enable secret 5 $1$I5/V$FSTi6anwaUrW3CXUwlKUX/
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid DE-BO
   vlan 6
   authentication open
   mbssid guest-mode
dot11 ssid UK-BO
   vlan 5
   authentication open
   mbssid guest-mode
!
!
crypto pki trustpoint TP-self-signed-3181700439
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3181700439
revocation-check none
rsakeypair TP-self-signed-3181700439
!
!

username Cisco password 7 14341B180F0B

!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
antenna gain 0
speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive

interface GigabitEthernet0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.11.0.15 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end

Two points I noticed:

- The native VLAN must be in bridge-group 1. remove the bridge-group 1 from the main interface and put it under the sub-interface with the default vlan.

- you need to either use the keyword (dot11 mbssid) globally or you can interchangeably use the keyword (mbssid) under the radio interface (both radio interfaces).

Hope that will fix it.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hi Amjad

I changed the 2 interfaces that have the native vlan to bridge group 1. That brought BVI 1 up.

Thank you for that.

I had to use the use the global dot11 mbssid as you cannot use the singular command under the sub interfaces

I got the following error

%DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio0 not started.^Z

Hi James,

OK. great. we found one more thing missing

- "mbssid" is a command that is put under the interface itself, not the sub-interface.

- the missing point is adding the SSIDs under the radio interfaces as the below.

interface Dot11Radio0

no ip address

no ip route-cache

ssid DE-BO ----------> those commands are added under the main interface, not the sub-interface.

ssid UK-BO

do the same for Dot11Radio1 interface.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hi Amjad

I di extacly that I went under the dott11radio 0

added the 2 ssid's and enabled mbssid

I also selected channel 6

and the SSID's are now being advertised

Many thanks

Hi James,

Glad to hear that

Please mark the thread as "Answered" if your issue is resolved.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hi Amjad

I have another dilema

I can connect to the Vlan 6 ID DE-BO no problem I get the correct IP address and I can get internet connection.

However the Vlan 5 UK-BO (native) I cannot get an address and no internet connection.

Is it possibly something to do with it being Native

I have allowed all vlans on the trunk port at the switch end. Please see the config below

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!

!
logging rate-limit console 9
enable secret 5 $1$I5/V$FSTi6anwaUrW3CXUwlKUX/
!
no aaa new-model
!
!
dot11 mbssid
dot11 syslog
!
dot11 ssid DE-BO
   vlan 6
   authentication open
   mbssid guest-mode
!
dot11 ssid UK-BO
   vlan 5
   authentication open
   mbssid guest-mode
!
!

!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid DE-BO
!
ssid UK-BO
!
antenna gain 0
speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
!
interface BVI1
ip address 10.11.0.15 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end

sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.11.0.15      YES manual up                    up     
Dot11Radio0                unassigned      YES NVRAM  up                    up     
Dot11Radio0.1              unassigned      YES unset  up                    up     
Dot11Radio0.2              unassigned      YES unset  up                    up     
Dot11Radio1                unassigned      YES NVRAM  administratively down down   
GigabitEthernet0           unassigned      YES NVRAM  up                    up     
GigabitEthernet0.1         unassigned      YES unset  up                    up     
GigabitEthernet0.2         unassigned      YES unset  up                    up  

Please rate if helpful and mark as answered if your issue is resolved.
You need to match native vlan on AP and trunk port.
Do you have vlan 5 as a native vlan on the trunk port connected to the AP? If not please do it.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: