Can an Aironet WiFi Access Point bridge multiple internal VLANs?

I have Cisco Aironet 2700e access points.  Historically they were configured with a single SSID on both radios with WEP 128bit security.
I now need to add new WiFi devices to the network that have limited flexibility.  They must be associated only with a specific radio (2.4ghz or 5ghz) and WPA2PSK security.
My thought was to create two additional SSIDs on the 2700 access points, one for 2.4gz WPA2PSK and the other for 5ghz WPA2PSK.  The pre-existing SSID will continue to use 128bit WEP.  To do that  I need to use VLANs on the 2700e.
I have no other VLANS on my network.  I only need VLANs on the 2700e because I have different physical devices that support different WiFi frequencies and security options.  I don't need to segment the network.
How do I bridge the VLANs on the 2700e?
Devices that connect to the non-native VLANs appear to be isolated from the rest of the network (as I would suspect with VLANs).  But that's not what I want .  I'm only using VLANs because I need multiple SSIDs, and I need multiple SSIDs because I have different physical devices that want different WiFI access point configurations.  I can't seem to find any way to configure the 2700e to bridge the VLANs for the multiple SSIDs.
Any guidance would be appreciated.  I could buy additional access points but that seems to be defeating the purpose of having a device like the 2700e.
Any help would be appreciated.
Thank you.

I made these changes to the example here:
https://supportforums.cisco.com/document/55561/multiple-ssid-multiple-vlans-configuration-example-cisco-aironet-aps
and it seems to be working.  (By "working" I mean that I can now ping to/from devices connected on different SSIDs.) I had to make these changes from the CLI.  There does not seem to be a way to make these changes from the GUI.  Is that correct? If there is a way to make these changes from the GUI please let me know.
The changes I made were to make the sub interface for Dot11 radio 0 on the VLANs part of bridge-group 1.  So assuming the config in the example:
ap(config)#interface Dot11Radio0.2
ap(config-subif)#no bridge-group 2
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
ap(config)#interface Dot11Radio0.3
ap(config-subif)#no bridge-group 3
ap(config-subif)#bridge-group 1
ap(config-subif)#exit
I did not change the bridge group on the Ethernet interface.
Questions:
1. Did I create any new problems making this change? It seems to work, but am I going to get myself in trouble somewhere else?  Intuitively it makes sense to me: the VLANs are now part of the same bridge group (1, the native VLAN).  So all traffic should be bridged together.  Correct?
2. I didn't change the Ethernet sub interfaces.  I don't seem to need to make that change.  I also don't like things sitting out there that I don't understand.  Should I do anything to clean up the Ethernet interfaces?
3. The original configuration was made entirely from the GUI.  This change needs to be made from the CLI.  Can it be done from the GUI?  I can't seem to find a way to change bridge groups for a sub interface from the GUI. It worried me that it can't be done from the GUI.
Thank you.
Larry

Similar Messages

  • RV180W as access point to multiple existing VLans

    The company that initially built our network setup sold us two RV180W as accesspoints for internal/Guest WLan provision. In the end they never properly installed them, so I am stuck with solving the riddle …
    Q: Is it possible to connect an RV180W with two network ports to two existing VLans on a CISCO 2960 with the following funtionality
    - VLAN 100 internal, authentification via Windows2012/Radius
    - VLAN 101 guest access to CISCO ASA 5510 direct to Internet
    and how am I going to configure this?
    I am kind of lost, as I did not find a way to set up different IP ranges on VLAN tagged LAN ports on the RV180W, nor did I find a howto either in the manual nor on the web.
    thanks in advance
    Michael

    already toyed around with the router in AP mode. What I understood so far:
    - do not use VLan Numbers set up on corresponding ports of other CISCO equipment – the router does not care (understand?) about that,
    - do not tag VLans,
    - only use VLans to separate port/WLan combinations on the RV180W from each other,
    then
    - VLans will be separated,
    - the AP will offer different WLans,
    - even offer DHCP address leases, though I did not find a way to manipulate IP-ranges or gateway settings in AP mode …
    Will have a go next week and try to use routing functionality for our planned external network
    - to route the external VLan directly to our ASA Firewall,
    - connect the internal VLan to our Win2012 DHCP Server,
    - enable Radius authentification on the internal VLan.
    Toying around was rather easy with trial and error, but
    - reset, reboot and config is sluggish,
    - which makes the needed trial and error approach a pita,
    - documentation is really bad, it’s even missing the gaps,
    - interoperability with business products is neither logical nor reasonably documented.
    I run several ten year old linksys APs that are better documented and more straightforward to config.
    If this is technical advance I want the developer’s money back …
    accept my apologies for the rant
    Michael
    PS and last edit: the thing seems awesome, especially at its pricepoint, but the documentation is absolutely subterranean compared to what the router really offers …

  • Securing Aironet 350 Access Point

    Hello -
    My small network is operating correctly using the Aironet 350 Access Point and multiple clients. However, the setup is not secure.
    How is it possible to secure access to our AP?
    Specifically: I would like to establish a WEP key, as some devices (i.e. pocket-pc's) do not support more advanced security schemes.
    Thanks,

    Extensible Authentication Protocol (EAP) authentication, also called 802.1x authentication, provides dynamic WEP keys to wireless users. Dynamic WEP keys are more secure than static, or unchanging, WEP keys.
    For more details on configuring both types of WEP refer the following document,
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12215ja/i12215sc/s15wep.htm

  • Proxy Setting for Multiple WiFi Access Points

    I'm getting ready to roll out 30 iPads in a school setting.  They are going to be on a cart that teachers will be able to check out for class use, but will be returned to the computer lab each evening.  This creates a problem.
    Throughout the building, we have several WiFi access points - next year we will have an access point in each classroom.  And of course we connect through a proxy server so that the district can block various wbsites.  As I am setting up my iPad to connect to each access point, I have to set the proxy server address for the access point; I would really like to be able to simply say "This is my proxy server address and port for EVERY WiFi access point in the building." and be done with it.  I haven't been able to find a way to do this -- it looks like I have to configure each access point individually.
    Am I just missing something (I hope)?

    I suspect you have the D-Link set up to make its network an entirely new subnet using NAT.
    If you setup the D-Link as a bridge to the network created by the Extreme, things may work properly.
    You may need to refer to the D-Link documentation to find out the proper way to do this.

  • Can't HP Officejet pro 8100 do wifi access point?

    Yesterday my HP Officejet pro 8100 arrived and I try to connect via wifi. I thinked that It need a infrastructure access point to print via wifi.
    When I powered on the printer I osserved that It create an access point autonomously with SSID: HP-Setup-7A-Officejet Pro, with IPv4 address server, etc...
    I was very happy and I printed a page with my smartphone samsung s4 connected directly with printer access point (not wifi direct but standard wifi).
    Today no changed occurred but I can't use printer with its own access point, but only with an external wifi access point.
    Someone can help me, please? It could be an hardware problem?
    Thanks,
    Luca
    P.S. in web server I checked that "access point connectivity" (Punto di accesso wireless connettività in Italian) is checked.
    This question was solved.
    View Solution.

    Hello lucait
    To print via WiFi you need to have a wireless router setup. Once you have the wireless router setup correctly you will have a SSID and Wepkey that will enable you to add devices to your network. The network will allow all your devices to communicate not just with each other but with the internet. At the moment your printer was not put in a network so instead of broadcasting on a network it is broadcasting on it's own network called HP-Setup-7A-Officejet Pro which is only good for a short period of time to allow you to setup your wireless. I am going to assume you have a wireless network and you are just needing assistance getting the printer setup on that network.
    To set your printer up on a network you will need to reset your network defaults so your printer begins to broadcast that HP-Setup-7A-Officejet Pro network again. You can do this buy following the steps on the HP Support document Resetting the Network Settings. Once you have done this you can begin to install the software that came with your printer on your computer. You want to set the printer up wirelessly when the option arrives. The software should configure your printers wireless for you and put it on the network. Once completed you should be able to access your printer from all your devices as long as they are on the network. 
    I hope this helps resolve your wireless issue. Thank you for posting on the HP Forums. Have a great day! 
    Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
    Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
    Dunidar
    I work on behalf of HP
    Find out a bit more about me by checking out my profile!
    "Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter

  • How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    The Guest Network function of the Time Capsule and AirPort Extreme cannot be enabled when the device is in Bridge Mode. Unfortunately, with another router...the Telus...upstream on your network, Bridge Mode is indicated as the correct setting for all other routers on the network.
    If you can replace the Telus gateway with a simple modem (that performs no routing functions), you should be able to configure either the Time Capsule or the AirPort Extreme....whichever is connected to the modem....to provide a Guest Network.

  • How can I turn mac mini into wifi access point for iPhone?

    Hi,
    I do not have a wifi router.
    I want my iPhone to be able to use my broadband internet instead of the slow EDGE internet.
    The simple solution would be to buy a wifi router whih would enable my iPhone to access the wifi home network.
    *What if I could turn the mac mini into a wifi access point?* That would save me from the hassle of buying a wifi router.
    Any idea how to do this??
    Message was edited by: d00by666

    I did this.
    I think I am doing something wrong. I am doing something wrong in this setting *from ethernet to airport*.
    see attached screenshot.
    To start Internet sharing on a computer using Mac OS X:
    1. Open System Preferences, click Sharing, and then click Internet.
    2. Select how you would like to share your Internet connection, and then click Start. You
    can choose to share your Internet connection with AirPort-enabled computers,
    computers with built-in Ethernet, or both.
    Note:
    If your Internet connection and your local network use the same port (built-in
    Ethernet, for example), contact your ISP before you turn on Internet sharing. In some
    cases (if you use a cable modem, for example) you might unintentionally affect the
    network settings of other ISP customers, and your ISP might terminate your service to
    prevent you from disrupting its network.
    3. If you want to share your Internet connection with computers using AirPort, click
    AirPort Options to give your network a name and password.
    ----------------------------------------------------

  • I already have a WiFi access point. Can I still use a time capsule?

    I already have a WiFi access point.  Reading about the Time Capsule, it appears that it is also an access point.  If so, ca I still use it in conjuction with my existing WiFi?

    Welcome to the Apple Support Communities
    Of course. With the Time Capsule, you can still use the network of your old router or you can use the network of the Time Capsule (I recommend you to use the network of the Time Capsule unless your router is much better). Note that the Time Capsule is a router with a hard drive inside, so it's normal that you can use it as a router

  • Roaming between two WiFi access points fails

    Hi...
    I just bought a Hawking WiFi range extender...a device that acts like a second wireless access point for rooms that are far from your wireless router. It's also known as a repeater. It has the same SSID (network name) as the one set up by the router.
    You are supposed to be able to move about the house and you will connect to whichever device has the higher signal strength, transparently, with no hiccups, like moving your cell phone from one cell antenna to another.
    The setup works fine with my Dell laptop, but not with my MacBook Pro or my iPad. When I change "zones", the Network locks up. This is repeatable and consistent.
    I've heard rumors about Apple product difficulties with this "WiFi roaming."
    Can anyone help?
    Thx
    Steve

    I've been using a roaming setup in my home for years.  The company I work for has building wide WiFi roaming setup with multiple WiFi access points on each floor.  At home and at work, I frequently move my MacBook between access points without loosing things like my VPN, Screen Sharing, File Sharing, ssh terminal sessions, etc....
    But 3rd party networking hardware has not always been well tested against Apple products.  Many times 3rd party networking vendors test against some version of Windows and then ship it.  Sometimes the 3rd party vendor offers a firmware update that corrects issues with Apple products.
    At home I have Apple Airport Extreme base stations for my roaming setup.  At work, the company is using Cisco commercial WiFi access points.
    A roaming setup needs to have all WiFi devices on the same network "Subnet".  That means a 2nd WiFi base station cannot act as a router, but must be just a bridge on the existing router's subnet (generally that means it cannot be offering DHCP services nor NAT services).
    The 2nd WiFi base station must have the same SSID (as you said you setup).
    And it must have the same security password using the same encryption algorithm (WPA2 preferred from a security stand point).  You did not mention this, but I'll assume you did this as well.

  • Blackberry Z10 connection with an Aironet Cisco Access Point 1200

    Hi everybody,
    I'm trying without success a connection between a Blackberry Z10 and an Aironet Cisco Access Point 1200.
    We have no BB Server, we would like just to connect the WIFI.
    I've checked this points during the activation of the device:
    There's no LEAP protocolle.
    There's an EAP-Fast possibility.
    There's Mac Address recognition possibility.
    When we try to use the EAP-Fast possibility, we generate a .pac file, but i don't know where i can put this file so that the Blackberry recognize this file. I've search the whole day and didn't find anything... there's simply no explanation with the Z10 around the .pac file without a BB Server.
    I've try the Mac Address recognition and it simply doesn't work (no error the search time is too long)
    Every other older smartphones - Blackberry (there's 4 devices) are working.
    Anyone have an idea about? a suggestion? a list of compatible WIFI Devices?
    Thank you ahead.
    Have a nice day.
    Joel.

    Sorry i don't understand your answer.
    I'm not a developper but a system administrator.
    I just would like to use a Balckberry Z10 with our Wifi/Router Aironet Access Point 1200.
    not more.
    Best regards,
    Joel

  • 1300 Series Access Point/Bridge Power Injector - Using power over ethernet

    Can I use power over ethernet to supply the Injector with power?

    Hi Mikael,
    Sorry, this will not work. Have a look at these specs;
    1300 Series Power
    Power
    The access point/bridge receives inline power from the Cisco Aironet Power Injector (hereafter called the power injector). Dual-coax cables are used to provide Ethernet data and power from the power injector to the access point/bridge. The power injector is an external unit designed for operation in a sheltered environment, such as inside a building or vehicle. The power injector also functions as an Ethernet repeater by connecting to a Category 5 LAN backbone and using the dual-coax cable interface to the access point/bridge.
    The power injector is available in two models:
    Cisco Aironet Power Injector LR2 standard version (included with the access point/bridge)
    48-VDC input power
    Uses the 48-VDC power module (included with the access point/bridge)
    Cisco Aironet Power Injector LR2T optional transportation version
    12- to 40-VDC input power
    Note The power injector and the power module must not be placed in an outdoor unprotected environment. The power module must not be placed in a building's environmental air space, such as above a suspended ceiling.
    http://www.cisco.com/en/US/products/ps5861/products_installation_guide_chapter09186a008079b93b.html#wp1051840
    Dual coaxial cable to run from the power injector to the 1300. See attached notes:
    Cisco Aironet 1300 Series
    Cisco Aironet 1300 Series Access Point/Bridge Power Injector
    The Cisco Aironet 1300 Series Outdoor Access Point/Bridge Power Injector,converts the standard 10/100 BaseT Ethernet interface that is suitable for weather protected areas to a dual F-Type connector interface for coax cables that are more suitable for harsh outdoor environments. The Power Injector also provides power to the outdoor unit over the same cables with a power discover feature and surge protection. To support longer cable runs from your wireless network switch or router, the Power Injector LR is designed to accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor cat5 cable?enabling total cable runs up to 200 meters. The Cisco Aironet 1300 Series Outdoor Access Point/Bridge ships with the Power Injector LR2 and an AC power supply.
    From this link:
    http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a008022551d.html
    Cisco Aironet 1300 Series Outdoor Access Point/Bridge Hardware Installation Guide
    Ethernet Ports
    The access point/bridge dual-coax Ethernet ports consists of a pair of 75-ohm F-type connectors, linking the unit to your 100BASE-T Ethernet LAN through the power injector. The dual-coax cables are used to send and receive Ethernet data and to supply inline 48-VDC power from the power injector to the access point/bridge.
    From this link:
    http://www.cisco.com/en/US/products/ps5861/products_installation_guide_book09186a00804d3095.html
    AIR-PWRINJ-BLR2
    F-Type Connectors
    Dual coaxial cable carries full-duplex Ethernet, DC power, and full-duplex console port (RS-232 connection)
    From this link:
    http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a00802252e1.html
    Hope this helps!
    Rob

  • Conection 1300 series Aironet As Access Point

    I´m thinking to install a 1300 series Cisco aironet on my network, i wish this network can offers remote access to my network as a Access point to Laptop or pc than works with a 54MB/s and 11 MB/s. I should configured my AP as a Repeater of my network. well all you can help. i really glad you.

    Hi Luis,
    Here are some docs for the 1300 to get you started:
    Cisco Aironet 1300 Series
    Read Me First
    http://www.cisco.com/en/US/products/ps5861/products_quick_start09186a00804fbd81.html
    Configuring the Access Point/Bridge as an Access Point
    http://www.cisco.com/en/US/products/ps5861/products_configuration_guide_chapter09186a008021e5e4.html#wp1043091
    Cisco Aironet 1300 Series Outdoor Access Point/Bridge Software Configuration Guide, 12.3(4) JA
    http://www.cisco.com/en/US/products/ps5861/products_configuration_guide_book09186a008041369a.html
    Hope this helps!
    Rob
    Please remember to rate helpful posts......

  • Aironet 350 Access Point needs security

    I have been asked to help a fledgling school lock down their wireless network.  The network is currently setup as 3 Aironet 350 Access Points with operating on the same subnet distributed around the school.
    These have NOT been updated or touched since the day they were installed, by all acounts.  I think they are running VXworks.  My issue is that most support links that might prove helpful seem to be broken.
    A few simple questions:
    Can the Aironet 350 be secured and then used with a simple shared key?  This link seems to say no, that you must have Cisco software on the user computer as well.  that certainly can't be right, can it?
    I'm clearly out of my comfort zone with these, but they just don't have anyone to do this for them.  It looks like they need to be flashed to IOS and then able to use WPA but not WPA2?  I'm having trouble finding a firmware lik for the 350 as well because it's EOL.
    Basically, any help or information is welcome!  I'm ready to just pull the plug on them and call them secure!

    350 APs (not bridges) can be converted to IOS.  Then they can do WPA-PSK TKIP.  Downside is they only have 802.11b radios.  The latest IOS they can run is old but could probably be setup with WDS using an internal RADIUS server on one.
    The upgrade tool and image are still available for download.  I'm attaching a .pdf of instructions.
    You need these files:
    Aironet-AP-Cisco-IOS-Conversion-Tool-v2.1.exe
    AP350-Cisco-IOS-Upgrade-Image-v2.img

  • A tech company just set up a wifi network in my house and does not use my existing TC; how do I get it in the network to serve as backup for my iMac? (I don't need it as a wifi access point anymore)

    a tech company just set up a wifi network in my house and does not use my existing TC; how do I get it in the network to serve as backup for my iMac? (I don't need it as a wifi access point anymore) thanks

    Just bridge the TC and plug it by ethernet into the main router.
    Bridge in v5 airport utility.
    In v6 it is under network.. change it from DHCP and NAT to Off bridge mode.
    Turn off the wireless.

  • No 'BTFON' in WiFi Access Point List - Non HomeHub...

    Hi,   I am a BT broadband customer, opted in to the BTFON thing.  On the BTFON website I can see my location has a BTFON acces point marked (it is definately me as I live in the middle of nowhere).  However, I can't see a BTFON option on my iphone or iPod Wifi Settings list.  I CAN see other BTFON access points when I am out and about, tho.
    I do not have a BT HomeHub at home, I am using a Cisco wireless router - I dont think I ever got a HomeHub as I have had BT broadband for eons - before, I think, they were supplied..?
    Regards, MW.

    yes i think it is indeed due to you using a third party router.
    the homehub can be configured (remotely) to allow it to display a separate wireless access point which is totally separate to your own private network and with a limited bandwidth for fon/openzone users to connect to/
    this ensures that your available bandwidth is not all used should there be a connection to your hotspot and more importantly that there is no direct connection to the rest of your network so that no external user can gain access to your PC's
    this could not be guarenteed if it were to be implemented on a third party router.
    no trees were harmed in the sending of this message but millions of electrons were terribly inconvenienced

Maybe you are looking for

  • Digital to analog converter

    I think this question will be for a tech.  I am trying to hook up a converter to a TV that will then be used to transmit the audio from the TV to a device that will send it to a pair of hearing aids.  I am using a Gefen TV GTV-DIGAUD-2-AAUD converter

  • How to make the text fields as mandatory (in 'notes and attachment' tab)?

    Hi, We have defined some Fixed Values for texts under IMG>SRM>SRM Server>Cross Application Basic Settings>Text Schema>Define Fixed Values for Texts, for a certain transaction type of RFx responses for a text schema. Because of this, the bidder can ch

  • BC4J: Updating calculated attributes

    We're working on some web services with BC4J. For querying data, we have various tags which are calculated. I'm looking for the best practice for receiving updates to those calculated values. For example, the web service needs to work with the <count

  • Start workflow

    Hi, My friend asked me to post this question in his name here. He wants to create a simple workflow in PM. After user creation of the equipment in IE01 workflow need to be started and give the task for asset number creation to the next user. Do you h

  • Moving Home option does not work

    I try to use option "Moving Home" but after i enter all details and click continue page reload and stop in same place. I enter details few times, change date, continue and still nothing.