Jump to content
Sign in to follow this  
dimitrib

autonomous ap and bridging config

Recommended Posts

Creating an SSID :-

 

 

 

 

 

 

 

AP#

 

 

 

Configure terminal

 

 

 

Dot11 ssid <ssid_name>

 

 

 

Authentication open

 

 

 

Guest-mode <--- To broadcast the SSID

 

 

 

 

 

 

 

 

 

 

 

2. Configuring AP as a DHCP server :-

 

 

 

 

 

 

 

AP#

 

 

 

Configure terminal

 

 

 

Ip dhcp excluded-address <---List of IP addresses to be excluded>

 

 

 

Ip dhcp pool <pool name>

 

 

 

Network <network id> <mask>

 

 

 

Default-router <IP address>

 

 

 

 

 

 

 

3. Configuring radio interface:

 

 

 

 

 

 

 

Configure terminal

 

 

 

Int dot11radio0 or Intdot11radio1

 

 

 

Ssid <ssid_name> <--- Map the SSID to radio interface

 

 

 

Station-role root

 

 

 

bridge-group

 

 

 

no shut

 

 

 

 

 

 

 

4. Configuring Ethernet interface:

 

 

 

 

 

 

 

interface FastEthernet0

 

 

 

bridge-group 1

 

 

 

 

 

 

 

 

 

 

 

5. Configure the BVI interface:

 

 

 

 

 

interface BVI1

 

 

 

ip address <ip address> <mask>

 

 

 

 

 

 

 

6. Specify the default gateway:

 

 

 

ip default-gateway <ip_address>

 

 

 

 

 

 

 

7. Configuring radio sub interfaces :

 

 

 

If there are multiple vlans(For ex,vlans 1,2,3 in this case), configure one of the vlan to be native depending onyour network/switchport config and map it to bridge-group 1

 

 

 

 

 

 

 

Conf t

 

 

 

interface Dot11Radio0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

 

 

interface Dot11Radio0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

interface Dot11Radio0.3

 

 

 

encapsulation dot1Q 3

 

 

 

bridge-group 3

 

 

 

 

 

 

 

8. Configuring fa sub interfaces for multiple vlans:

 

 

 

 

 

 

 

interface fa0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

 

 

interface fa0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

interface fa0.3

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 3

 

 

 

 

 

 

 

9. Enabling mbssid if multiple ssids needs to be broadcasted:

 

 

 

 

 

 

 

Interface dot11 0

 

 

 

Mbssid

 

 

 

 

 

 

 

Dot11 ssid <ssid_name>

 

 

 

Mbssid guest-mode

 

 

 

10. SSID and vlan mapping for multiplevlans/ssids:

 

 

 

Conf t

 

 

 

Dot11 ssid <ssid1>

 

 

 

Vlan 1

 

 

 

 

 

 

 

Dot11 ssid <ssid2>

 

 

 

Vlan 2

 

 

 

 

 

 

 

11. Speed, channel and power settings:

 

 

 

Conf t

 

 

 

Int dot11 0

 

 

 

 

 

 

 

Speed range or Speed throughput

 

 

 

 

 

 

 

Power local max

 

 

 

Or

 

 

 

Powerlocal cck max

 

 

 

Powerlocal ofdm max

 

 

 

 

 

 

 

Channel <number> or <least-congested>

 

 

 

 

 

 

 

 

 

 

 

12. Enabling http and https to access GUI :

 

 

 

Conft

 

 

 

ip http server

 

 

 

ip http secure-server

 

 

 

ip http authentication local

 

 

 

 

 

 

 

13. WEP configuration:

 

 

 

 

 

Configuraton if there are multiplevlans and if SSIDs are mapped to vlans:

 

 

 

 

 

 

 

Conf t

 

 

 

interface Dot11Radio0

 

 

 

encryption vlan <id> mode wepmandatory

 

 

 

encryption vlan <id> key<slot> size 128bit 0 <encryption key> transmit-key

 

 

 

 

 

or

 

 

 

 

 

 

 

Configuraton if there is a single vlans and if SSID is notmapped to vlan explicitly”

 

 

 

 

 

 

 

Conf t

 

 

 

interface Dot11Radio0

 

 

 

encryptionmode wep mandatory

 

 

 

encryption key <slot> size 40bit 0 <encryption key> transmit-key

 

 

 

 

 

 

 

 

 

14. WPA1 configuration:

 

 

 

 

 

Configure terminal

 

 

 

interface dot11Radio 0

 

 

 

encryption vlan <id> modeciphers tkip

 

 

 

(or )

 

 

 

encryption mode ciphers tkip <--- Configuraton if SSID is not mapped to vlans explicitly

 

 

 

 

 

exit

 

 

 

 

 

dot11 ssid <ssid_name>

 

 

 

authentication open

 

 

 

authentication key-management wpa

 

 

 

wpa-psk ascii <Enter pre-shared_key>

 

 

 

 

 

 

 

15. WPA2 configuration:

 

 

 

Configure terminal

 

 

 

interface dot11Radio 0

 

 

 

encryption vlan <id> mode ciphers aes-ccm

 

 

 

(or)

 

 

 

encryption mode ciphers aes-ccm <--- Configuratonif SSID is not mapped to vlans explicitly

 

 

 

exit

 

 

 

 

 

dot11 ssid <ssid_name>

 

 

 

authentication open

 

 

 

authentication key-management wpa version 2

 

 

 

wpa-psk ascii <Enter pre-shared_key>

 

 

 

 

 

 

 

16.Configuration on switchport:

 

 

 

switchport mode trunk

 

switchport trunk encapsulation dot1q

 

switchport trunk native vlan 1

 

switchport trunk allowed vlan 1,2,3

 

 

 

 

 

 

 

 

 

Bridge Configuration

 

 

 

UnlikeAPs, bridges would have a single SSID mapped to native VLAN for bridging. TheSSID, Encryption, Authentication on root and non root bridges should match.

 

 

 

 

 

Configurationon Root bridge:-

 

 

 

 

 

dot11 ssid bridging

 

 

 

vlan 1

 

 

 

infrastructure-ssid <--- Use infrastructure-ssid optional ifwireless clients are to be connected too

 

 

 

 

 

int dot11 0

 

 

 

station-role root bridge

 

 

 

or

 

 

 

station-role root bridge wireless-clients <--- Bridging and allow client association too

 

 

 

 

 

 

 

 

 

interfaceDot11Radio0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

interfaceDot11Radio0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

interfaceFastEthernet0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

interfaceFastEthernet0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

Configurationon Non Root bridge:-

 

 

 

 

 

 

 

dot11 ssid bridging

 

 

 

vlan 1

 

 

 

infrastructure-ssid

 

 

 

 

 

int dot11 0

 

 

 

station-role non-root bridge

 

 

 

(or)

 

 

 

station-role non-root bridge wireless-clients <--- Bridging and allow client association too

 

 

 

 

 

 

 

interfaceDot11Radio0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

interfaceDot11Radio0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

interfaceFastEthernet0.1

 

 

 

encapsulation dot1Q 1 native

 

 

 

bridge-group 1

 

 

 

 

 

interfaceFastEthernet0.2

 

 

 

encapsulation dot1Q 2

 

 

 

bridge-group 2

 

 

 

 

 

 

 

Useful commands:

 

 

 

- ‘Show dot11 associations all’ to check details of associated clients.

 

 

 

 

 

 

 

- ‘Show controllers dot11 0’ to check the current channel,current and available power values, number of mbssids.

 

 

 

 

 

 

 

- ‘Dot11 dot11radio 0 carrier busy and show dot11 carrier busy’ shows the interference percentage for every channel which can be used to select the channel with least interference.

 

 

 

 

 

 

 

Useful links:

 

 

 

1. Vlans on APs and bridges :http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

 

 

 

 

 

 

 

2. Complete configuration guide of AP:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

 

 

 

 

3. Various AP configuration examples and technotes:

 

 

 

 

 

 

 

Hidden Content

    Give reaction to this post to see the hidden content.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...