LAP Access Point - trunk or switchport ?

Hi Folks.
I always thought that an access point (unless configured not to) would tunnel back to the controller, so would be connected to a switchport in the same VLAN as the management interface. However, if you apply smartport, it configures the port as a trunk port.
Which is the correct way to go ?
Many thanks,
NM

Hi, Surendra.
Thanks for the reply, however it doesn't really answer the question. I can set the port to be a trunk port and the access point will get an IP address if there is DHCP on the default VLAN and it will be fine if the access point management port is also on the same VLAN.
Or I can set it to be a switch port in the native VLAN 1, where the curreent management ports are and there is DHCP.
The question is, "If best practice tells us to use a switchport for access points, why does the smartport role make the switch port a trunk port ?"
That's what I want to know, there must be a reason for it.
NM

Similar Messages

Cisco AIR-1141-E-k9 access points

Hi,
Facing an issue with 1141. Not sure if it is from AP or from the Laptops!
Problem is when some users are trying to connect their laptops to wireless it shows Limited connectivity and didnt take an IP address. But with some users its obsolutly working fine.
I'm facing this issue only at one of the site. We have other sites working fine without any interruptions.
Checked the security:
Using WPA/TKIP
Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(25d)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 09-Dec-10 15:24 by prod_rel_team
System returned to ROM by reload
System image file is "flash:/c1140-k9w7-mx.124-25d.JA/c1140-k9w7-mx.124-25d.JA"
BR

Tried couple of times, still the same.
Let me brief ma scenerio:
Router 881 ( DHCP server ) vlan 14 ---- Access switch 2960 ---- AIR-1141 access point --- clients (Laptops)
#switchport is configure as vlan 14.
#Access point mgmt IP configured in vln14 range . And it is accociated in access point vlan1 (Native).
BR

QOS config 4500 switchport for Lightweight access point

What is the best QOS configuration what needs to be applied on a 4500 switchport for Lightweight access point.

Hi,
If you are asking about Layer 2 QoS configuration for switch-port then it is global command, which will apply on all switch-ports, not for any specific switch-port.
As far as switch-port mode is concern which in connected to LWAP then yes it is better you keep it in default mode.

Access Point Switchport configuration for OOB NAC

Hello.
Here we have to implement Out of Band with WLC and NAC, I have already checked this guide:
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml
But I have a little doubt. On the document showed above does not specific which vlan should be configured on switch's access port facing access points. Should I configure this with trusted or untrusted VLAN? I know all traffic from wireless clients go to WLC through a CAPWAP tunnel, but I am not really sure on the Out of Band deployment which access vlan should be for access points.
Greettings.

Just to add again to another one of Steve's post:) You don't want to put the AP traffic through NAC, but only the traffic for the wireless clients which egress out of the WLC. So if your wireless clients are being placed in VLAN30 (just an example), you can have an untrusted layer 2 vlan VLAN29 which hit the NAC untrusted and if remediation id good, then placed in VLAN30. Makes sense?
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Strange VLAN issue on aironet access points

I'm setting up some access points for WPA. I've ran into a strange issue. The client VLAN (VLAN that the users will be put into) is 1, and the native VLAN is 10. The RADIUS server is in VLAN 1 (but I have a test RADIUS server in VLAN 10 as well). I can connect from the access point to a RADIUS server in either VLAN, and from the RADIUS servers to the access point as well. When I point to a RADIUS server in VLAN10 authentication works fine. If I point to a RADIUS server that is located in VLAN1, and I put the wireless clients in VLAN10 it works fine. But for some reason when I have the RADIUS server and the clients in VLAN (1) and the native (BVI1) interface in VLAN 10 the authentication packets never seem to get to the RADIUS server. It is as if the authentication is being sources out of the wrong VLAN. I can?t find any docs to say that this isn?t a supported configuration.

Hi Shannon,
have a look here:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#apconfig
- - - Snipp - - -
Significance of Native VLAN
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
Note: If there is a mismatch in the native VLANs, the frames are dropped.
This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
- - - Snapp - - -
Best regards,
Frank

Access-Point going up/down

Hello All
We got Issue with One Access Point [ model - AP1242AG ] - it goes up/down. Users connected on this Access Point get disconnected or time-out connecting to Server. The access-point was installed around 3-4 weeks back. We checked the cable connecting to the Access Point but didnt notice like disconnected or time-out.
[ Access Point was configured with these options ]
AP Name - JD1
status - Enabled
AP mode - Local
IP address - Static
No of Radio Interface - 2
802.11 b/g/n
802.11 a/n
which debug command will help to identify the issue or GUI option
thanks in advance
Cisco Kid

Hi All
I restarted the Access Point and will see what happens. Our Access Point and WLC are in the Same VLAN.
WLC is connected to Layer3 switch and the port is configured as Trunk port with additional command switchport trunk native vlan 12.
The access point ports configured are also configured as
switchport mode trunk
swichport trunk native vlan 12
Are these configuration correct for controller and Access Point.
The following is the show interface output where the AP is connected
sh interfaces fastEthernet 0/9
FastEthernet0/9 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0021.a1d2.ee09 (bia 0021.a1d2.ee09)
Description: **AP3**
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:40, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 518000 bits/sec, 130 packets/sec
     25673274 packets input, 5670744879 bytes, 0 no buffer
     Received 2413785 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 557119 multicast, 0 pause input
     0 input packets with dribble condition detected
     16665439077 packets output, 10663148678995 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

1142 Access Point - DHCP trouble

Hi there,
I am setting up an autonomous 1142 Access Point. The intended goal is to get it accessible though 2 SSIDs:
Private: VLAN3 (our internal data VLAN)
Guest: VLAN98 (our DMZ/Segregated VLAN)
At present, our VLAN3/internal users get DHCP addresses from x2 Windows DHCP servers. Eventually, the DMZ VLAN connections will get their IP addresses from a switch in our DMZ VLAN.
At the moment, I am able to authenticate with the Access Point through the VLAN 3 SSID but never get an IP address. I have posted the switch port config below as well as the Access Point config. I'm a newbie on these devices so any help would be greatly appreciated:
**SWITCH PORT CONFIG**
interface FastEthernet0/10
description IT Office Wireless Access Point
switchport trunk native vlan 3
switchport trunk allowed vlan 3,98
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
**AP Config**
Attached to the post as quite wordy

Hi Danny,
You have a native vlan mismatch between the AP and the switch. The switchport has vlan 3 defined as the native, but it is not defined as native on your AP.
You will simply want to add the keyword native at the end of the following line under your .3 subinterfaces:
encapsulation dot1Q 3 native
On another note, to take full advantage of the 1140 series AP with 802.11n connections, you will need to use WPA2 with AES encryption:
encryption vlan x mode ciphers aes-ccm tkip
This will allow use of both WPAv1/TKIP and WPAv2/AES
-Patrick Croak
Wireless TAC

Public & Private Access on same Access Point

Hi folks -
I recently purchased Cisco 1131AG Access Points, which have the ability to create VLAN's. I want to provide staff with wireless access, and also the guests with wireless access.
Staff needs access to all network resources, and public needs just access to the Internet. In addition, I want to limit public to a certain bandwidth in addition to blocking them from downloading movies, music etc.?
Can anyone recommend a way to do this?

You're on the right track. You will need to configure two VLANs on the AP plus a default VLAN (which must be VLAN 1). You can then apply configure an SSID for each VLAN and apply security to each VLAN separately. You will then need to define the VLANs on your switches and configure the APs switchport as a trunk port.
Once you've done this you will need to restrict access from the visitor SSID/VLAN so that all it can do is access the Internet, you'll need some means of issuing clients with an IP address, give them access to DNS, etc.
As to limiting their bandwidth and blocking downloads, can't do that through the AP, that needs to be handled by your Internet connection and the devices that manage that.

Configuring Cisco Access Points 1602i Air-SAP-1602I-Z-K9

Hi everyone,
I am having touble configuring cisco access points 1602i. I have configured them and they are broadcasting SSID and clients are able to connect to them, but the only thing which is troublesome is speed. I have 100Mbps bandwidth speed but at access point I am getting speed between 17 to 25. Can anyone please tell me where I am gone wrong.
I have Juniper Srx210 configured as backbone for providing internet on fiber. Then further I have attached one POE switch (managable). From that switch I have attached 4 access points.
One more thing,two ports of Juniper is configured as Vlans, one for staff and one for students. I have attached this POE switch to Student Vlan, but haven't configured ports of POE switch as trunk. Please tell me do I have to configure ports as trunk on POE Switch. Is this the cause of slow bandwidth over access points.
I am also planning to go for Wlan Controller to manage Access points. When I contact my supplier about it, told me the following:
"You just need to convert the Access points to autonomous mode. Here are some details, there is no additional charge."
https://supportforums.cisco.com/message/3889653
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
http://www.youtube.com/watch?v=QQ_NuxdRhQ4
https://supportforums.cisco.com/docs/DOC-14960
I looked at the links but couldn't understand properly. Then I searched over the internet and found out that
"a cisco autonomous access point basically runs on its own while a lightweight access point uses a centralized device called a wireless lan controller to get its configuration. autonomous access points are managed individually, while the lightweight access points can be managed centrally. also, the switchport configurations to support both types of access points will differ. "
I didn't understand, why he suggested to go for Wlan controller and to upgrade access points to autonomous mode, when according to above finding, it says that autonomous access points runs individually.
Please advice.
I shall be thankfull

Hello Scott and Leo,
Thanks for all your help.
I have managed to install and configure 4 Access points and Now Access points are giving speed between 25 to 45Mbps. Still not enought but it sloving the purpose. Everyone is enjoying their face book. I will soon get the Cisco Wlan Controller as well. I dont know if there is a way to get more speed from these access points. I am ready to buy more equipments if required.
Anyway, today I need your guys expretise once again. As you know Junipr Srx 210 is configured for fiber internet to provide internet services to school. Now we are changing the building and transfering the line to new building. This time I want to use Cisco router in place of Juniper Srx210. But I need to know what model will support the current configuration for fiber. Would you please tell me what model/series router will be suitable for fiber internet and for implementing other restrictions.
I am attaching a picture of current jiniper Srx 210 for your consideration.
I shall be very thankfull to you
Sarabjit

Aironet 1600 - A response was not received from the router or access point

Hi,
I'm trying to set up a wireless network with multiple SSID's. The new network only has CISCO products (router, switches). For the moment I'm trying to connect to 1 SSID (Windekind.Gast). the SSID is visible but when connecting devices have te folowing error message in the log:
Connection status summary
Connection started at: 2015-02-17 09:55:49-951
Profile match: Success
Pre-Association: Success
Association: Fail
Security and Authentication: Not started
Root cause:
Wireless association to "Windekind.Gast" failed
A response was not received from the router or access point.
Detailed root cause:
Wireless association to this network failed. Windows did not receive any response from the wireless router or accesspoint.
The signal is perfect (I'm only a few feet away from the AP).
To make sure there is no dhcp problem I tested the swich port in access mode for vlan 30 which supplied an IP correctly. I'm really not seeing the problem and searched the web for days now! Any help would be very much appreciated!
Below the config of the access point (done via de web interface).
! Last configuration change at 05:30:28 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
vlan 50
band-select
authentication open
mobility network-id 50
dot11 ssid Windekind.Gast
vlan 30
band-select
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 30
wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
vlan 40
band-select
mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2452
no preamble-short
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end

Hi Rasika
thanks for the reply! 10.0.0.81 belongs to vlan 1. I changed the config as suggested but no luck.. (same problems are logged in the event viewer). the ap is connected to a switchport in trunk mode and vlan 1 is the native lan (untagged). the port also is joined to vlan 30 (and others).
Below the new config. Hope you can see an error..
! Last configuration change at 22:56:10 UTC Thu Apr 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname AP002-C
logging rate-limit console 9
enable secret 5 $1$Bxv3$Of8o5..8v6gzIiAe2tXlh/
no aaa new-model
no ip cef
dot11 syslog
dot11 vlan-name Default vlan 1
dot11 vlan-name Windekind.Directie vlan 50
dot11 vlan-name Windekind.Gast vlan 30
dot11 vlan-name Windekind.Klasnet vlan 40
dot11 ssid Windekind.Directie
   vlan 50
   band-select
   authentication open
   mobility network-id 50
dot11 ssid Windekind.Gast
   vlan 30
   band-select
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   mobility network-id 30
   wpa-psk ascii 7 14201B05080121222A2C6A6D63
dot11 ssid Windekind.Klasnet
   vlan 40
   band-select
   mobility network-id 40
crypto pki token default removal timeout 0
username Cisco password 7 112A1016141D
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 2
stbc
beamform ofdm
mbssid
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
no preamble-short
channel 2452
station-role root
payload-encapsulation dot1h
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 30 mode ciphers aes-ccm tkip
ssid Windekind.Directie
ssid Windekind.Gast
ssid Windekind.Klasnet
antenna gain 4
no dfs band block
stbc
beamform ofdm
mbssid
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
payload-encapsulation dot1h
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 spanning-disabled
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 spanning-disabled
no bridge-group 30 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 spanning-disabled
no bridge-group 50 source-learning
interface BVI1
ip address 10.0.0.81 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging facility user
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end
t

Access Point Modes

Dear Folks,
As I have noticed multiple modes in a LWAPP, which is Monitor , Access Point, Sniffer etc. Could you please provide what all functions does it provide than an Access Point?
Regards,
Siddarth

Hi Siddarth,
Q. What are the different modes in which a lightweight access point (LAP) can operate?
A. An LAP can operate in any of these modes:
Local mode-This is the default mode of operation. When an LAP is placed into local mode, the AP spends 60 milliseconds on channels that it does not operate on every 180 seconds. During this time, the AP performs noise floor measurements, measures interference, and scans for IDS events.
REAP mode-REAP mode enables an LAP to reside across a WAN link and still be able to communicate with the WLC and provide the functionality of a regular LAP. Currently, REAP mode is supported only on the 1030 LAPs. This functionality is included on a broader range of LAPs in the future.
Monitor mode-Monitor mode is a feature designed to allow specified LWAPP-enabled APs to exclude themselves from handling data traffic between clients and the infrastructure. They instead act as dedicated sensors for location based services (LBS), rogue access point detection, and intrusion detection (IDS). When APs are in Monitor mode they cannot serve clients and continuously cycle through all configured channels listening to each channel for approximately 60 ms.
Note: From the controller release 5.0, LWAPPs can also be configured in Location Optimized Monitor Mode (LOMM), which optimizes the monitoring and location calculation of RFID tags. For more information on this mode, refer to Cisco Unified Wireless Network Software Release 5.0.
Note: With controller release 5.2, the Location Optimized Monitor Mode (LOMM) section has been renamed Tracking Optimization, and the LOMM Enabled drop-down box has been renamed Enable Tracking Optimization.
Note: For more information on how to configure Tracking Optimization, read the Optimizing RFID Tracking on Access Points section.
Rogue detector mode-LAPs that operate in Rogue Detector mode monitor the rogue APs. They do not transmit or contain rogue APs. The idea is that the rogue detector should be able to see all the VLANs in the network since rogue APs can be connected to any of the VLANs in the network (thus we connect it to a trunk port). The switch sends all the rogue AP/Client MAC address lists to the Rogue Detector (RD). The RD then forwards those up to the WLC in order to compare with the MACs of clients that the WLC APs have heard over the air. If MACs match, then the WLC knows the rogue AP to which those clients are connected is on the wired network.
Sniffer mode-An LWAPP that operates in Sniffer mode functions as a sniffer and captures and forwards all the packets on a particular channel to a remote machine that runs Airopeek. These packets contain information on timestamp, signal strength, packet size and so on. The Sniffer feature can be enabled only if you run Airopeek, which is a third-party network analyzer software that supports decoding of data packets.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
Hope this helps!
Rob

Access point problem... help

i have an access point which is not suppose to be in the native vlan, the port which is connected to the access point has no trunk.
when i checked the native vlan, this error prompted...
%SYS-4-P2_WARN: 1/Tag 1 on packet from <mac add> port 1/3, but port's native vlan is 2
but when i unchecked it, the connection lost between AP & switch...
what actually happened? can anyone plz help me?

Hi,
the connected switch a Cisco Switch? If yes do you have configured a "switchport access vlan xx"?
If the connected Switch is not a Cisco i had a problem similiar to yours and fixed it with the setup of the used VLAN (in my case VLAN 10) as Native VLAN in the AP.
Maybe you should setup the Native VLAN to 2 in your AP Config.
I Hope that helps.
Best regards,
Frank

Access point single VLAN

Hi all
I would like to ask about vlan configuration on access point Airone1242.
Is mandatory connect it into trunk port on the switch ? , i will use only one Vlan through one SSID exept of native vlan.
I m going to connect it into access port on switch , which is member vlan 63 , and through web menu add attach vlan63 to ssid..
Is there some mandatory settings which can unfavorably influnece network ?
Thanks in Advance
edit : \\ Nobody ?

Hi Scott,
Correct me if im wrong here. What you are saying is even if we dont configure vlan under the ssid but have switch port as vlan 63 by default the wireless client will be based in VLAN 63 ...Is that right?
For example i have a AP configured as below.
dot11 ssid 8008
authentication open
Since there is no vlan associated with this SSID 8008 my understanding was that this will be placed on vlan 1. Now this is connected to a switch port which has configuration as below.
int fas 1/0
switchport mode access
switchport access vlan 63
So the question is in this case do we not have a VLAN mismatch (AP on vlan 1 and Switch port on vlan 63) here?
Regards

Access Points not being associated with Controller

I have a 4400 series controller capable of 25 access points. I currently have 11 deployed and the controller is only seeing 10. Also if I have the need to reset a switch the AP is hanging from it can take days for the AP to find itself again, if it finds itself at all. Any Thoughts? I am new to this technology.

I double checked and it is set to Auto/Auto. It is connected to a Cisco Catalyst 6513 on a WS-X6454-ge-tx board. It's port is setup as a trunk but I am having difficulities setting it to a dot1q trunk. I was trying to use the "switchport trunk encapsulation dot1q" command but the only command that board will give me is a "switchport dot1q ethertype 600-FFFF" command. When I type in "switchport trunk ?" I get no encapulation only Allowed, Native and Pruning. I am using an unused VLAN for my trunk.I also double checked my ports my AP's are on and they too are set to Auto speed / duplex. As far as performance Since this is a new setup we have had limited users at a time testing but all have been getting about 54Mbps. Any other thoughts or guidance would be greatly appreciated. I have tried getting onto the Cisco site again this morning but it is DOG SLOW. Not sure what that is about. Everything else seems fine.

Single access point with multiple ssids and single channel possible?

Hi everybody.
I have this silly question.
Let say we have three vlans, vlan1,2,3 and they are mapped to wlans as follows:
Vlan 1 ssid1
Vlan 2 ssid2
Vlan3 ssid 3
AP --------trunk------Switchted network.
Our Ap has mobile devices in three wlans, i.e ssid1ssid2 and ssid3
Since AP uses half duplex mode, mobile devices need positive ack from ap before they can send data, therefore once channel let say channel 3( assuming 802.11b is used) can be shared by all mobile devices in three wlans.
Is my understanding correct?
Thanks and have a great weekend.

Hii ,
Yes ,that is pretty much possible as suggested by other experts on board. Depending on your access point you will have 1 (2.4 GHz) or both 2.4 & 5GHz radios.
You can configure multiple SSIDs (up to 16 ) known as MBSSID mode in autonomous environment. In Controller based architecture you can configure up to 512 WLAN (SSID) and transmit any 16 of them per AP (using AP group feature). However , it is recommended to keep multiple SSID count below 8 as for each SSID separate beacon will be sent on air which consumes more air time.
Hope this helps
Thanks
Vinay

LAP Access Point - trunk or switchport ?

Similar Messages

Maybe you are looking for