Trying to run multiple SSIDs matching differents VLANs on my Cisco 1242 Wireless Access Point, i was boring to only find on Internet bad or mismatch configurations. So here is a working one i built myself. FYI, the Fast Ethernet interface is connected to a 802.1q portswitch which allow VLANs 20 (VENUS), 30 (EARTH) and 40 (MARS) to be forwarded. The Access Point here doesn't give an IP address to the wireless clients : you need a DHCP server on each VLAN.
Cisco 1242 AP and a Wireless controler
! Access point name :
name APTEST
!
! Admin password :
enable secret 0 Cisco
!
! No local database for authentication
no aaa new-model
!
! SSID used by WiFi Clients
dot11 ssid VENUS
!
! matching VLAN
vlan 20
!
! Allow wireless association with anyone
authentication open
!
! Enabling wpa v2
authentication key-management wpa version 2
!
! Broadcast the SSID with other ones
mbssid guest-mode
!
! Pre-shared key to declare inside wifi client configuration
wpa-psk ascii 0 VENUS_PASSWORD
!
! SSID VENUS will run with two concurrent SSIDs : EARTH & MARS
dot11 ssid EARTH
vlan 30
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 0 EARTH_PASSWORD
!
dot11 ssid MARS
vlan 40
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 0 MARS_PASSWORD
!
! Allow power over Ethernet in case of plugging the Access Point
! on PoE Ethernet switch (no needs of !external power supply
! on PoE Ethernet switch (no needs of !external power supply
power inline negotiation prestandard source
!
! Routing and Bridging IPhich kind of bridging Integrated routing and bridging
bridge irb
!
! Physical 802.11B/G radio (2.4 Ghz)
interface Dot11Radio0
no ip address
no ip route-cache
!
! Encrypting with Temporacl Key Integrity Protocol method
encryption mode ciphers tkip
encryption vlan 20 mode ciphers tkip
encryption vlan 30 mode ciphers tkip
encryption vlan 40 mode ciphers tkip
!
! Broadcast multiple SSIDs :
mbssid
!
ssid VENUS
ssid TERRE
ssid MARS
!
! Wireless speed negotiation in Mb/s
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
!
! Main AP
station-role root
!
! Configuring sub interface matching 802.1q VLAN 20
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
! Configuring sub interface matching 802.1q VLAN 30
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
! Configuring sub interface matching 802.1q VLAN 40
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
!
! Physical 802.11a radio (5 Ghz)
interface Dot11Radio1
no ip address
no ip route-cache
!
! Using Advanced Encryption Standard (iPhone compliant)
! or Temporal Key Integrity Protocol (802.11i) encryption
! or Temporal Key Integrity Protocol (802.11i) encryption
encryption mode ciphers tkip
encryption vlan 20 mode ciphers aes-ccm tkip
encryption vlan 40 mode ciphers aes-ccm tkip
encryption vlan 30 mode ciphers aes-ccm tkip
!
ssid VENUS
ssid TERRE
ssid MARS
!
no dfs band block
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
! Connect Sub-Wireless (WLAN) interface and 802.1q
! tagged VLAN thru the bridge-group
! tagged VLAN thru the bridge-group
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
!
! Lan Interface with 802.1q trunking
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
! Sub-Ethernet interface (VLAN) and WLAN
! are joined thru the bridge group.
! are joined thru the bridge group.
interface FastEthernet0.20
description *** VENUS - Internal Network ***
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface FastEthernet0.30
description *** EARTH - Admin Network ***
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface FastEthernet0.40
description *** MARS - Direct Internet Access ***
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
no bridge-group 40 source-learning
bridge-group 40 spanning-disabled
!
! Bridge Virtual Interface with cmmand "ip address dhcp -client -id FastEth0"
! is used for Wireless client to give DHCP server an unique
! DHCP identifier (DHCP option 61).
! is used for Wireless client to give DHCP server an unique
! DHCP identifier (DHCP option 61).
interface BVI20
ip address dhcp client-id FastEthernet0
no ip route-cache
!
interface BVI30
ip address dhcp client-id FastEthernet0
no ip route-cache
!
interface BVI40
ip address dhcp client-id FastEthernet0
no ip route-cache
!
! Running http(s) interface
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
line con 0
line vty 0 4
password 0 Cisco
login local
!
end
Copy/Paste and Enjoy !
1 commentaire:
Merci Olivier pour cet exemple de config !
Ça me rappelle des souvenirs... Enfin souvenir récent puisque, j'ai toujours mon 1941w à coté de mon bureau, mais il fonctionne! Après 6 mois de dur labeur.
Enregistrer un commentaire