Encrypting Aironet 1410 bridge link using multiple VLANs

Similar Messages

• Is it possible to configure 2 SSIDs without using multiple VLANs?

  I am trying to set up a 1231G to allow normal users to connect using WEP and visitors to connect with no encryption in guest mode. Using one SSID, I can get one or the other to work using the guest-mode command on the SSID, but have the problem that WEP mandatory or optional on the radio interface disables either the normal user or the guest. If I set up 2 separate SSIDs for each of these user groups is it necessary to assign a separate VLAN for each to make this work? The AP is on a network that is not trunked.
  Thanks for any help or direction you can give me.
  --Sara

  Hi Sara,
  Hopefully the attached docs will answer your question:
  Cisco Aironet 1200 Series
  Using VLANs with Cisco Aironet Wireless Equipment
  Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
  Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
  Configuring Multiple SSIDs
  vlan vlan-id
  (Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
  Also this answer from Cisco Aironet 1200 Series FAQ;
  Q. How many service set identifiers (SSIDs) can you have per VLAN?
  A. You can have only one SSID per VLAN. The use of multiple SSIDs over a single VLAN is not supported with Aironet APs.
  Hope this helps! (sorry to be the bearer of bad news)
  Rob
  Please remember to rate helpful posts.......

• Bridge with clients & multiple VLANs on 1242 AP

  Hi,
  I am trying to set up a test as per the attached diagram. I am looking to use 2x 1242 access points to bridge to a remote part of the network.
  I currently have 2 VLANs on the network, all network devices are on VLAN 1 for management and client access is on VLAN 2.
  What I am trying to achieve is to bridge between the two access points and also have clients connect to VLAN 2 on each access point.
  Firstly, are the 1242's capable of this or would I need to look at a 1300 Bridge?
  I have attached a copy of the base config I have on both AP's, the only difference between them is the root or non-root role.
  My bridge link currently works and I can ping across it on VLAN 1 but I cannot get a client to connect to the SSID on VLAN2. Although the SSID is set to guest mode I cannot see it being broadcast and if I manually try and connect nothing happens.
  Is there anything basic I am missing here or can anyone offer advice on bridging multiple VLANs with 1242 AP's?
  Thanks,
  Paul

  Ooops....forgot to add the attachments first time.
  Thanks,
  Paul.

• 1410 Bridges link fail

  Hi,
  I have a point to point link of 9.27 km using 1410 bridges and AIR-ANT58G28SDA-N antennas as per the documentation that would be an easy to deploy link and it should work at 54 Mbps, eventhough it drops the link, it's so slow and the power measurments indicate -70 dbm (aprox) right under the antenna which is at 9 m height.
  This is not the first time I have troubles with 1410 bridges, the other two times I had to change them for 1310 bridges. I wonder if it has to do with some configuration tunning like, external antena gain, link distance or anything else? By the wat this is ocurring in México don't know if that might be worth of taking into consideration in order to deploy a 1410 link.
  Please let me know if you need to know any other information to figure out the scenario.
  Thanks in advance!
  Roberto.

  Take a look a the specs of that antennae. IT's a parabolic dish with a narrow beam
  http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008022b11b.html
  4.75°H, 4.75°V is the beam width.  if you are standing 9m below the antannae, -70 is pretty impressive, since you're getting bleed signal. 
  What does the signal look like up by the antennae? What errors are you seeing in the logs on the bridges?  Are there any trees that could be blown into the way?
  Cheers,
  Steve
  If  this helps you and/or answers  your question please mark the question as "answered" and/or rate it, so  other users can easily find it.

• Building to building Bridge link using Aironet 1300's

  We have a requirement to link two adjacent buildings that are about 20-metres apart over a public road. I need some advice on what the best solution will be.
  Initial thoughts are a pair of Aironet 1300's configured as Wireless Bridges but the antenna type and where to mount them is confusing me. Will the internal patch antennas be enough for this or will we need external antennas? If so what type - directional or? Do the AP's need to be mounted externally or can we simply mount them internally facing each other through windows? What do we need to be aware of regards signal overlaps and interference etc?
  What looked like a simple setup seems to have opened a can of worms....
  Thanks
  Andy

  Hi Andy,
  The 20m distance is quite short.
  In this case, as recommended by Cisco*, for AP1300 series, you can use the AIR-ANT2410Y-R antenna. This directional antenna can be used/installed indoor or outdoor.
  Approximate Indoor Range at 6 Mbps : 548 ft (167 m)
  Approximate Indoor Range at 54 Mbps: 165 ft (50 m)
  *http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a008022198b.html
  Look under 'Table 4. Antennas for the Cisco Aironet 1300 Series Outdoor Access Point/Bridge with RP-TNC Type Connector'.
  Both AP1300 and the antenna can be installed indoor. You need to wall-mount the antenna facing each other from each building.
  Since the distance is only 20m, you can play around with the transit power to control the signal distance.
  As for overlapping channel & probability of interference, do a simple site survey (can use freeware NetStumbler) and make sure your antenna does not mounted near equipment like microwave, or any equipment that produced high frequency noise.
  Hope this helps.
  Rgds,
  AK

• Monitoring Aironet 350 Bridge Link Signal Strength

  Hello,
  Does anyone have ideas/examples on using SNMP to query 350 series bridges to obtain running data on signal strength & quality? I would like to use something like MRTG to monitor signal strength, along with link usage.
  Looking through the MIB files (especially ftp://ftp.cisco.com/pub/mibs/v2/AWCVX-MIB.my)
  it looks like awcDot11TpFdbLatestRxSignalStrength is what I'm after, however I cannot see how to properly reference this. When I walk the tree from 1.3.6.1.4.1.522.3.12 it doesn't seem to list the relevant values.
  Any help/advice most appreciated!
  Thanks,
  Ben Trigger

  PS - when I walk the tree i get the following:
  snmpwalk -c public 172.16.0.2 1.3.6.1.4.1.522.3.12
  SNMPv2-SMI::enterprises.522.3.12.1.1.0 = INTEGER: 10
  SNMPv2-SMI::enterprises.522.3.12.1.3.0 = INTEGER: 2
  SNMPv2-SMI::enterprises.522.3.12.1.5.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.7.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.8.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.9.0 = INTEGER: 1
  SNMPv2-SMI::enterprises.522.3.12.1.10.0 = INTEGER: 1
  SNMPv2-SMI::enterprises.522.3.12.1.11.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.12.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.13.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.14.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.1.15.0 = INTEGER: 1
  SNMPv2-SMI::enterprises.522.3.12.1.16.0 = INTEGER: 0
  SNMPv2-SMI::enterprises.522.3.12.2.1.0 = INTEGER: 8192
  SNMPv2-SMI::enterprises.522.3.12.2.2.0 = Gauge32: 300
  SNMPv2-SMI::enterprises.522.3.12.2.3.0 = Gauge32: 28800
  SNMPv2-SMI::enterprises.522.3.12.2.4.0 = Gauge32: 1800
  SNMPv2-SMI::enterprises.522.3.12.2.5.0 = Gauge32: 1800
  SNMPv2-SMI::enterprises.522.3.12.2.6.0 = Gauge32: 1800
  SNMPv2-SMI::enterprises.522.3.12.2.7.0 = Gauge32: 28800
  SNMPv2-SMI::enterprises.522.3.12.2.8.0 = Gauge32: 28800
  SNMPv2-SMI::enterprises.522.3.12.2.9.0 = Gauge32: 28800
  SNMPv2-SMI::enterprises.522.3.12.2.10.0 = Gauge32: 28800
  SNMPv2-SMI::enterprises.522.3.12.2.11.0 = INTEGER: 1
  SNMPv2-SMI::enterprises.522.3.12.2.12.0 = INTEGER: 2
  SNMPv2-SMI::enterprises.522.3.12.2.13.0 = INTEGER: 30
  SNMPv2-SMI::enterprises.522.3.12.2.14.0 = INTEGER: 2

• Bridging problem with multiple vlans

  Hello Everyone, I am using two 1310 bridges in a root / non-root setup. The switches on both sides of the wireless bridge were setup to trunk native vlan 253. Each wireless bridge also had vlan 253 setup as a Radio and Ethernet Interface. In this config, the wireless bridges could associate and ping each other, but the switches on each side could not ping each other?s management vlan interface (Vlan 25). The only way to get traffic to pass to the corresponding switches on each side of the wireless bridge was to use vlan 253 for everything. We also see this problem with some of our other 1310 bridge connections at other plants. Has anyone seen this problem or a similar problem before?

  Hi Craig,
  Er, dunno if you have any insight on my issue. I'm trying to get 2 AP1231s (12.3-8) in bridge mode (root/non-root, antennas transmit/receive right) that have 4 VLANs going across the airwaves. Now, the bridges are associated, they can see each other's IP address, but will they ping? Absolutely not! VLAN20 is the native assigned to bridge-group 1, I've tried IP addresses on the BVI1, dot11Radio 0.20 and fa0.20 interfaces with no luck. There's no other fancy configuration options applied, just 4 VLANs going across two associated bridges. Any ideas? Appreciate any assistance you can offer.
  I'd already found the document that Rob recommended beforehand and that proved useful in getting the units to associate. Now I just need a ping! A PC connected to the non-root bridge's Ethernet port via a Xover cable is able to ping the non-root bridge but that's as far as it goes.
  Root bridge config attached. No IP assigned on this copy but as advised, tried a few scenarios!
  Thanks, Paul

• Configuring Bridge Priority Of Multiple Vlans (Odd/Even)

  Upon applying Vlan Bridge Priorities through STP, will there be a delay on the Production network in order for the respective vlan to go into a forwarding, learning,listening state, or will the change be transparent to the Production Network? Currently the Vlans on our production 6504s do not have Bridge priority applied to them, we are looking at performing this step, but obviously need to know what the ramifications will be. Please advise. Thanks

  Upon applying Vlan Bridge Priorities through STP, will there be a delay on the Production network in order for the respective vlan to go into a forwarding, learning,listening state, or will the change be transparent to the Production Network?
  >> If the root will change from the current root expect a network wide service interruption as the switches will have to re-calculate the path to the root. The STP state will take 15 sec for each stage so, that comes to 45 secs. But expect a likttle more on the edge switches, how much more? That really depends on the size of the network and how long it takes for the BPDU to travel down the tree. It is always recommended to have a maintenance window when tweaking the STP.
  Currently the Vlans on our production 6504s do not have Bridge priority applied to them, we are looking at performing this step, but obviously need to know what the ramifications will be. Please advise.
  >> Do you at least know who the root is for each vlan? Are these 6504 the root?
  Please rate all posts.

• Multiple VLAN's, one SSID

  I'm getting to the point where my campus wireless network is growing past the subnet size that I'm comfortable dealing with.  I have a WiSM and WCS and am running the newest IOS on each.  Is there any way to use multiple VLAN's on one campus-wide SSID?
  Or, can I put the same SSID on the two controllers and map it to two separate VLAN's without causing roaming issues?
  Thanks,
  Eric

  Hi Eric,
  Yes we can do this and this feature is called AP Grouping on WLC... Here is the configuration example to do the same..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
  Regards
  Surendra

• Can I use Bridge CS6 as a central image database for linking to multiple documents?

  Can I use Bridge CS6 as a central image database for linking to multiple documents?

  It's only really good for Adobe document formats, if you want to be able to view and/or tag documents.

• Bridge link with two aironet 1242

                     Hi to all,
  I want to connect with wireless devices two buildings, one in front of another.
  Short distance (about 20 meters) and no obstacles.
  I have a couple of aironet 1242 and i was wondering if it would be possible to setup this link with this equipment.
  could  WGB be the solution?
  thank you very much

  WGB could work, if you do not need to extend multiple VLAN across the link, and you have less than, I want to say 200, devices.
  What you might want to look into is Root/ non-Root bridging.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Wiki: Using multiple hard drives, LVM & encryption

  I have lately found myself with the issue of having multiple hard drives and wanting to do LVM stuff & encryption with while retaining maximum flexibility. After scanning through wikis, manpages and forum entries I came up with a solution for myself. The only thing I don't cover with it is mounting while booting as I don't need and can't test it.
  I want to share the knowledge I gained and help other people find a solution faster and so I wrote a Wiki entry (first on my user page). I would now like to hear the opinion of the community regarding the following questions:
  Do you see any security risks with my solution (especially the part on storing the unencrypted keyfile on a ramdisk)?
  Do you think this text is worthy for a wiki entry or should I keep it in the forums?
  Do you spot any errors (typing or else)?
  Would you improve this article anywhere?
  Of course, if you have further comments, I would like to here them as well. And now without further ado: Using multiple hard drives, LVM & encryption.
  Regards,
  javex
  P.S.: As a small side question: Is my user page a good playground for article creation or would you recommend some other area where to do this (since here noone else could improve the article while in this early stage)?

  mwmmartin wrote:
  I have a 1 TB hard drive; but I have a 500GB and 250GB usb external hard drives.
  Wouldn't it be cool if I could make the two external hard drives a RAID drive and use Time Machine to use all the 750GB of external memory to do my backups???
  You can, but I would +*strongly recommend against+* it. See +Concatenated RAID+ in the Help for Disk Utility.
  There are several potential problems:
  Depending on how much data is on your 1 TB drive, 750 GB may not be enough to back it up. See #1 in Time Machine - Frequently Asked Questions (or use the link in *User Tips* at the top of this forum).
  To set up a +Concatenated RAID+ set, both drives will be erased.
  When (not if) either drive fails, you'll lose all the data on both.
  Both drives must be connected any time you do a backup or want to browse your backups.
  Especially with USB, if one drive wakes from sleep, or spins up, quickly enough, but the other one doesn't, the backup may fail and/or your backups may be corrupted.
  For now, it looks like my only solution is to go buy a bigger external hard drive and spend more money,,,
  That's your best solution +*by far.+* Anything else is taking a large risk with your backups.

• Multiple VLANs over 1300 series bridges

  Hi
  I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
  Many thanks
  Simon

  Hi Simon,
  Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
  Regards,
  Milton Tizoc.

• Configuration of a Point to MultiPoint link with Cisco Aironet 1310 bridges

  Hi All,
  The previous problem of which I started another conversation here:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddba023
  somehow dissapeared. It could have been a problem of interferences.
  I have another issue with other (multipoint) wireless WAN link, which I hope has a solution.
  On the central node, we have an Cisco Aironet 1310 bridge configured as root-bridge. It has a panel of four vertical polarity 17 dBi panel 90? antennas, with more than enough gain (there is a 250 mWatts 802.11 b/g amplifier, before the 4-way splitter) and excellent line of sight to three remote bridges.
  The three (03) remote bridges are also Aironet 1310 models, confidured as non-root-bridges.
  The problem we have is that it seems that when the three remote links operate concurrently the amount of lost packets is huge. When I shutdown the radio interfaces of two bridges, the remaining bridge makes an excellent link with the central node.
  It seems that some hours are more critical than others, also the links operate much worse when there is some (small) network traffic in them.
  I have read the 1310 manuals, and I can't find a sample configuration for point to multi-point links.
  Does someone knows what radio interface configuration should I need to use to establish better quality communication?
  I mean, perhaps the 1 x root - 3 x no root configuration is not recommendable for the multipoint link configuration.
  Any hints will be welcome.
  Best Regards,
  Igor Sotelo.

  Hi All,
  Thank you for the information. I configured the distance on the root bridges, but the links showed instability.
  I'm using a bi-directional amplifier. It has two pieces. According to the manuals, one is installed indoors, the other outdoors. I'm not sure if the indoors piece has the transmition module or it's only the injector.
  We could establish connection at 7 km (around 4 milles) distance from the central point, using 24 dBi antennas on the other side.
  However, we have issues with a near located point that is only 1.2 Km (around 0.8 milles) away and has a 13 dBi integrated patch antenna. The signal strenght value we get there is in the -62 to -68 dBm range, and is noticiably (5-10 dBm) lower than the strenght we get at other points of the link. And I have trouble establishing a high quality link with that point, using OFDM modulation. I tend to think that if I remove the amplifier I'm not going to reach that point at all. The EIRP on the central iste is 34 dBm / 2.5 watts, without amplifier it would be 26 dBm / 0.4 watts.
  On the opposite sites the EIRP is 33 dBm / 2 watts using CCK or 28 dBm / 0.63 watts using OFDM.
  When one looks at the central site from that point, an Motorola Canopy with passive reflector (EIRP 48 dBm or around 64 watts) can be seen. It doesn't have the same direction, but the opposite site must be large distance and could interfere with my wireless network. Attached is an amplified photo of the view. It's safe to assume that the Canopy operates in the 2.4 GHz frequency range.
  Once I connect the point at 1.2 Km, the multipoint link loses its quality, and soon the lost packets get too frequent.
  The CCK seems to be much more interfered than OFDM, I guess because of that canopies.
  Another thing I'm wondering about is if the Aironet 1310 can continuosly switch CCK-OFDM over the same point - multipoint link, without losing packets.
  What other parameters should I tweak? Is there a way to avoid interferences fromt the canopy?
  I would like to apply 100 mWatts local power using the radio with OFDM, but it seems that's not possible.
  Best Regards,
  Igor Sotelo.

• Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

  Hi Surendra,
  I was just given this task to see how i can configure a second ssid for guest access in our environment.
  this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
  Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
  Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
  My AP config is attached below.
  Please tell me what am I doing wrong.
  Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
  Does the access point need to be aware of the voice vlan?
  Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
  I will greatly appreciate your urgent response.
  Thanks in advanced.

  Hi,
  As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
  int vlan 20
  ip helper-address 192.168.33.xxx
  int vlan 60
  ip helper-address 130.20.1.xxx
  I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
  Modify the AP config as below since you are using data vlan as the native vlan
  interface Dot11Radio0.20
  encapsulation dot1Q 20 native
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface FastEthernet0.60
  encapsulation dot1Q 60
  no ip route-cache
  bridge-group 60
  no bridge-group 60 source-learning
  bridge-group 60 spanning-disabled
  Hope this helps.
  Regards
  Najaf