Cisco Wireless VLANNING!
Author: dennis5 feb
Hi There,
Since there was little information about cisco wireless stuff, for example the aironet 11xx series and 12xx and 13xx series. I had a though time searching for how to create different SSID’s in a seperate vlan. It turned out to be very simple, since I don’t want to explain much I give you an example!
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wireless.thingie
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
!
dot11 mbssid
dot11 vlan-name default vlan 1
dot11 vlan-name publicssid vlan 13
dot11 vlan-name salesssid vlan 11
dot11 vlan-name techssid vlan 10
!
dot11 ssid publicssid
vlan 13
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii enterastupidpasswordhere
!
dot11 ssid salesssid
vlan 11
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii enteranotherstupidpasswordhere
!
dot11 ssid techssid
vlan 10
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii enterastupidpasswordhereyetagain
!
power inline negotiation prestandard source
!
!
username dennis privilege 15 password yeahsomething:)
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 11 mode ciphers aes-ccm tkip
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 13 mode ciphers aes-ccm tkip
!
ssid publicssid
!
ssid salesssid
!
ssid techssid
!
channel 2457
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.13
encapsulation dot1Q 13
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 11 mode ciphers aes-ccm tkip
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 13 mode ciphers aes-ccm tkip
!
ssid publicssid
!
ssid salesssid
!
ssid techssid
!
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.11
encapsulation dot1Q 11
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.13
encapsulation dot1Q 13
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
no ip http server
no ip http authentication aaa
no ip http secure-server
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
end
You can see I have 3 vlan’s, 10, 11, and 13… Where 10 is the vlan for the techies, vlan 11 is the vlan for the sales people, and vlan 13 is for the public people. Ofcourse you can do it anyway you want, but if you have a router (linux or whatever) that supports these vlan’s and a nice dhcp server for each vlan you can route them separately without worrying that one can see the other. Simple and effective!
Categories
- Private
- TechInfo
Welcome to www.ponne.nu, configurations for different routing hardware, simple php/sql programming and lots of other stuff business or personal, please take a look around.
If you are dutch and you want to buy a used car then never buy at Damenautos in Nieuwendijk, they really suck ass! Check my story (it's in dutch) CLICK
Some keywords for this site are Juniper configuration, cisco configuration, person search, technical, routing, vpn, php, mysql.
Click on TechInfo above if you are searching for Juniper or other vendor configurations explained by me.
Person Search
Above search is my optimized person searcher powered by google! Try it now!
Latest image from my live webcam on my fishtank, click on the image to see the live feed.
Links
- Antoinette Eimers-Ponne
- Andries Ponne
- Dennis Snoek
- Hinko Kielman
- De Vissenkom
- True BV
- Schildersbedrijf Eimers
- ZusenZo
- Reiki
- Kevin van Zonneveld
- MuntInternet BV
- Slickeel's Starcraft Manual!! Nice!
- Damen autos zuigt
- Damenautos verschrikkelijk
Archives
- Brein vs The Pirate Bay
- Running Dropbox on your Ubuntu server.
- Solaris handy’s
- Opensolaris and ZFS as a home NAS server
- Cisco VPN vlanning PPTP
- Cisco Wireless VLANNING!
- Got a new camera
- 49
- World of warcraft.. or Windows 7.
- Christmas Tree
- Your Favourite place.
- It’s friday!
- Howto’s
- Cisco VPN
- Crap…
- Here is my new page!
- PHP and Mysql for beginners.
- Juniper how-to for newbies.
Leave a reply
You must be logged in to post a comment.