Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do I need a BVI ?

I am editing a AP that has already been configured. The BVI1 has the proper IP address and works fine. My question is do i need this? should it be on eth1? I have the Cisco "Using VLANs with Cisco Aironet Wireless Equipment" documentation and it tells me to use eth1. I am about to add a second SSID and VLAN to these access points.

apwire#sh run

Building configuration...

Current configuration : 4884 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname apwire

!

!

clock timezone UTC -5

clock summer-time UTC recurring

ip subnet-zero

ip domain name wireless

ip name-server 192.168.1.10

ip name-server 192.168.1.12

!

!

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.1.20 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

cache expiry 1

cache authorization profile admin_cache

cache authentication profile admin_cache

!

aaa group server tacacs+ tac_admin

cache expiry 1

cache authorization profile admin_cache

cache authentication profile admin_cache

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa cache profile admin_cache

all

!

aaa session-id common

!

dot11 ssid wifi

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

guest-mode

infrastructure-ssid optional

!

dot11 arp-cache optional

!

crypto pki trustpoint TP-self-signed-1651530556

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1651530556

revocation-check none

rsakeypair TP-self-signed-1651530556

!

!

crypto ca certificate chain TP-self-signed-1651530556

certificate self-signed 01

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers aes-ccm tkip

!

ssid wifi

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2462

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption mode ciphers tkip

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel 5200

station-role root bridge

antenna receive right

antenna transmit right

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.168.3.12 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.3.1

no ip http server

ip http authentication aaa

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

access-list 111 permit tcp any any neq telnet

snmp-server community RO

snmp-server enable traps tty

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.1.20 auth-port 1645 acct-port 1646 key xxx

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

access-class 111 in

transport preferred all

transport output all

line vty 0 4

access-class 111 in

transport preferred all

transport input all

transport output all

line vty 5 15

access-class 111 in

transport preferred all

transport input all

transport output all

!

1 REPLY
Green

Re: Do I need a BVI ?

Yes, you do.

The BVI is the process that bridges the wireless segment to the wired segment.

There is no routing in the AP. The bridge connects wired & wireless, the BVI lets you assign an IP address for management (and probably ties in with the VLAN management system).

Good Luck

Scott

162
Views
0
Helpful
1
Replies
CreatePlease login to create content