From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Fri Oct 14 2005 - 12:12:45 GMT-3
On that particular version that I've sent you I was with 12.3.JA2, but
since 12.4.JA ( I think) you are obliged to specify config of ssid's
outside radio interface.
like on the config below.
P1-DGS#sh run
Building configuration...
Current configuration : 3841 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP6-DGS
ip subnet-zero
!
aaa new-model
!
!
aaa group server radius LEAPRADIUS
server 192.168.29.1 auth-port 1812 acct-port 1813
server 192.168.29.2 auth-port 1812 acct-port 1813
!
aaa authentication login EAP-Methods group LEAPRADIUS
!
dot11 ssid DGSaude
vlan 2
authentication open
authentication key-management wpa
wpa-psk ascii xxxxxxxxxxxxxxxxx
!
dot11 ssid SalaEmerg
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii xxxxxxxxxxxxxxxxxxxx
!
dot11 ssid dgsvoz
vlan 3
authentication network-eap EAP-Methods
!
!
!
!
!
interface Dot11Radio0
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers tkip
!
encryption vlan 3 mode ciphers wep128
!
broadcast-key vlan 1 change 1800
!
broadcast-key vlan 2 change 1800
!
broadcast-key vlan 3 change 1800
!
!
ssid DGSaude
!
ssid SalaEmerg
!
ssid dgsvoz
!
no ssid tsunami
!
short-slot-time
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
channel 11
station-role root
!
interface FastEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
description --SHUTDOWN--GESTAO
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
shutdown
!
ip default-gateway 192.168.29.254
!
interface BVI1
ip address 192.168.29.6 255.255.255.0
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 11
bridge-group 11 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 12
bridge-group 12 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 13
bridge-group 13 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 12
no bridge-group 12 source-learning
bridge-group 12 spanning-disabled
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 13
no bridge-group 13 source-learning
bridge-group 13 spanning-disabled
!
!
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging snmp-trap emergencies
logging snmp-trap alerts
logging snmp-trap critical
logging snmp-trap errors
logging snmp-trap warnings
!
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
end
AP1-DGS#
________________________________
From: Matt White [mailto:mwhite23@gmail.com]
Sent: sexta-feira, 14 de Outubro de 2005 16:02
To: Gustavo Novais
Cc: Group Study
Subject: Re: Catalyst Switch and Wireless AP - 802.1q Trunk...
Thanks for the great responses guys. This helps tremendously.
Out of curiosity Gustavo, which version of the code are you using?
Matt
#14533
On 10/14/05, Gustavo Novais <gustavo.novais@novabase.pt> wrote:
Hello
I think this can be a error on Documentation. You have to force
the
native vlan to bridge-group 1, but you can use whatever native
vlan you
wish. (At least I do it, and it works!).
You can argue if you should create the Dot11radio subinterface
that
belongs to management. I personally create it and shut it down,
just for
keeping stuff organized.
See the config below.
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 511 mode ciphers wep128
!
broadcast-key vlan 511 change 1800
!
!
ssid e-U
vlan 511
max-associations 20
authentication open eap RADIUS_AUTH
authentication network-eap RADIUS_AUTH
accounting RADIUS_ACC
mobility network-id 511
!
ssid guest_e-U
vlan 510
max-associations 10
authentication open
guest-mode
mobility network-id 510
!
short-slot-time
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0
24.0
36.0 48.0 54.0
rts threshold 2312
station-role root
no cdp enable
!
interface Dot11Radio0.510
encapsulation dot1Q 510
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.511
encapsulation dot1Q 511
no ip route-cache
no cdp enable
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
!
interface Dot11Radio0.593
description -=SHUTDOWN=-
encapsulation dot1Q 593 native
no ip route-cache
shutdown
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.510
encapsulation dot1Q 510
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.511
encapsulation dot1Q 511
no ip route-cache
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
!
interface FastEthernet0.593
encapsulation dot1Q 593 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
no ip http server
ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
bridge 10 protocol ieee
bridge 11 protocol ieee
!
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
Matt White
Sent: sexta-feira, 14 de Outubro de 2005 7:49
To: Group Study
Subject: Catalyst Switch and Wireless AP - 802.1q Trunk...
Anyone ever use a non-1 native vlan when trunking VLAN's from a
35X0 to
a 1230 AP? I like 999 for my native, don't use 1 at all, and
900
- 950 for data, voice, video, blah, blah... the AP did not
appear to
appreciate this, and I found this link on CCO, but it did not
make much
sense to me:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1200/
accsspts/b1237ja/i1237sc/s37vlan.htm#wp1038979
Thanks for any input!
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3