Separating Management from Data traffic on AIR-AP1131AGs
I am trying to redesign the network in my place of employment. When I got here, all traffic was contained on one vlan and address space was a real issue. As we have moved forward, we are beginning to rectify this issue. I am moving all management traffic onto a separate vlan. This has been working well, up to the point where I try to get these AIR-AP1131AGs configured.
I discovered, through the web ui that you can assign vlan's to the SSID's (which is exactly what I want to do). After setting this up, i did not see how to define the management vlan. my desire is that the ap should be ip'ed in the management vlan and pass traffic in the data vlan. Seems like a simple request but I have not figured out how it make it happen.
I thought perhaps default vlan (define the data vlan using the webui, then define all untagged traffic as belonging to the management vlan). I am not sure how to accomplish this as the ap connects to an third-party vendor's gear (Extreme x450e stack).
Re: Separating Management from Data traffic on AIR-AP1131AGs
I was able to get the this setup working, but not the all cisco version. I am not sure how to ip the ap on the management vlan and pass traffic on the data vlan.
I have tried config'ing the port as a trunk and calling the native vlan on that trunk port vlan 20, but the device never replied to ping:
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
I had not saved the config on the ap, so I was able to restore the config settings on the port and bounce the port:
switchport mode access
switchport access vlan 10
As a refresher, I have an AIR-AP1131AG that is attached to a 3560-24. the switch is on the management vlan and I can telnet into it, which I believe confirms that routing is correct and that the vlans are present and configured in each upstream device. Please advise.
interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm tkip ! ssid ! station-role root ! interface Dot11Radio0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding bridge-group 10 spanning-disabled ! interface Dot11Radio0.20 encapsulation dot1Q 20 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache
interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 no bridge-group 10 source-learning bridge-group 10 spanning-disabled ! interface FastEthernet0.20 encapsulation dot1Q 20 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...