07-13-2006 06:08 AM - edited 07-04-2021 12:36 PM
We have a Aironet 1200 currently configured for wireless data access. Our Telco team wants to add some WiFi phones, which will need to be on their own VLAN for security reasons. I've added the second vlan and SSID to the AP, but where I'm having the problem is I've attemped to add a secondary IP, this doesn't take. We're currently running verseion Version 12.3(2)JA4. Any assistance would be helpful
07-13-2006 07:44 AM
Hi,
The following doc should give you some useful pointers:
Using VLANs with Cisco Aironet Wireless Equipment
HTH
Andrew.
07-13-2006 08:40 AM
Thanks Andrew, I've reviewed that document and I don't see what I'm missing. I've attaching the config minus the IP's and SSID's, Here's where I'm at, The data SSID network works perfectly, my laptop can authenticate with the AP retrieve an IP after authenticating with the Radius server (MS IAS). The Phone SSID (768) I'm able to make the connection to the AP with my laptop configured to that IP, I must statically assign the IP to my laptop, I'm unable to ping the 768 VLAN on the switch that the AP connects to, from my laptop. From the AP I'm able to ping the 768 VLAN. Any ID's
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 767 mode ciphers wep128
!
encryption vlan 768 mode ciphers tkip
!
broadcast-key change 60
!
broadcast-key vlan 767 change 420
!
!
ssid
!
ssid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no dot11 qos mode
!
interface Dot11Radio0.767
encapsulation dot1Q 767 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.768
encapsulation dot1Q 768
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
hold-queue 160 in
!
interface FastEthernet0.767
encapsulation dot1Q 767 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.768
encapsulation dot1Q 768
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface BVI1
ip address <###.###.###.### MMM.MMM.MMM.MMM>
no ip route-cache
!
ip default-gateway <###.###.###.###>
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
access-list 111 permit tcp any any neq telnet
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.16.128.70 auth-port 1812 acct-port 1813 key 7
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
line vty 5 15
access-class 111 in
!
sntp server <###.###.###.###>
sntp broadcast client
end
07-13-2006 11:36 AM
Hi,
Nothing in that config looks particularly problematic, but there are so many potential issues (switch configs, IAS configs, etc) that it's difficult to say for sure where the problems might lie - it could be authentication, encryption, dhcp, etc...
Cisco have heaps of info on how to configure voice over wireless, such as the following:
Even if you're not using cisco phones most of the config is relevant. I'd recommend not to configure encryption until after everything else works - and don't forget QoS...
HTH
Andrew.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide