[c-nsp] HELP!!!!Aironet 1200 Problem Routing

Kristofer Sigurdsson ks at rhi.hi.is
Thu Apr 28 14:20:14 EDT 2005 

Hi,

On Thu, 2005-04-28 at 19:42 +0200, Eusebio López wrote:
> thanks to help me
> 
> I have solved the problem temporarily assign an IP from the secondary network as a secondary address on the default gateway.
> 
> I like to separate the networks by means of Vlans. could you send me any example simple to create multiple SSIDs and assign a unique VLAN per SSID????

Sure.  There are two ways to do this.  Since you are using IOS version
12.2 (according to the config you posted earlier), here comes a config
sample (see the inline comments):

This configuration uses your encryption/SSID (from your earlier posted
config) and has a 802.1q trunk to the switch with native VLAN 1.

Don't forget to configure a trunk from your switches to your gateway
and configure the gateway to terminate them in different L3 interfaces
(VLAN subinterfaces or SVI's).

interface Dot11Radio0
 !
 ! Note - different encryption settings per SSID are implemented
 ! by configuring them per VLAN.
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid prueba14
    vlan 1
    authentication open eap eap_methods
    authentication key-management wpa
    guest-mode
    infrastructure-ssid optional
 !
 ssid AnotherNetwork
    vlan 2
    authentication open
 !
!
! You have to create interfaces & bridging groups for each VLAN
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface FastEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.2
 encapsulation dot1Q 2
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
end

This should work for your box.  However, this has one caveat.  You 
cannot have more than one SSID set to "guest mode", i.e. only one
of the AP's networks will show up in a standard laptop's network list.
This is fixed in IOS 12.3-4JA, which uses a feature called Multiple 
Basic Service Set ID's (MBISSD).  From this release on, there's an 
entirely different way to specify SSID's.  It is no longer done on an
interface level, but globally.  So, if you want to have two active, 
usable networks (usable == usable by a standard (l)user), you want to
upgrade to 12.3-4JA (which is currently the latest version), and 
configure this differently.
If you do, keep your fastethernet/dot11radio sub-interface configs, but
instead of specifying SSID's under the dot11radio0 interface config, do
this (normal config mode):

dot11 ssid prueba14
   vlan 1
   authentication open eap eap_methods
   authentication key-management wpa
   mbssid guest-mode
   infrastructure-ssid optional
!
dot11 ssid AnotherNetwork
   vlan 2
   authentication open
   mbssid guest-mode
!
interface Dot11Radio0
!
! Note - you still set encryption here
!
 encryption vlan 1 mode ciphers tkip
 !
 ssid prueba14
 !
 ssid AnotherNetwork
 !
 ! Enable MBSSID's!
 !
 mbssid
!

That should be it.

-- 
Kristófer Sigurðsson         | Tel: +354 525 4103 / MSN: ks at rhi.hi.is
Netsérfr./Network specialist | Reiknistofnun HÍ/University of Iceland

More information about the cisco-nsp mailing list