Multiple VLAN config help

I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
I need:
1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
2. To ensure the WEP key is setup correctly for VLAN2
Thanks in advance for your help!

So are you saying both SSID's are currently broadcasting?
I would delete and re-create your client configurations. I don't think it's on the AP side.

Similar Messages

Multiple Xserve config- help/advice needed...

We have just purchased a second xserve (quadcore) to go along with our current xserve (G5 dual-core). We run FTP, web(wikis, blogs, etc that use the LDAP for authentication), LDAP, Open Directory, softwareupdate, DNS, NetInstall (occasionally) and AFP services.
I would like to share the services across the two servers- using the new, more powerful machine to host the home directories, AFP, FTP, etc; and the older machine to handle web, etc. My concern is that I would like to have both use the same LDAP so that I only have to enter in users once, and so that everyone can access their files via FTP at one IP.
Is this even the best way to be thinking about implementing this? Will assigning one server as the OD master, and the other as the OD replica provide both servers with the same LDAP directory? I have clearly never done this before, and I am very excited to be able to use two servers to increase the efficiency. Thanks for any help/advice.

Hi
+Is this even the best way to be thinking about implementing this?+
Yes
+Will assigning one server as the OD master, and the other as the OD replica provide both servers with the same LDAP directory?+
Yes
I've done this myself many times. The relevant Admin Manuals do have enough information outlining what needs to be done:
http://www.apple.com/server/resources/
Steve's link is something you should definitely look at. There are some minor differences but nothing to get worried about. Both Servers have to be exactly the same OS and SSH needs to be enabled.
Tony

Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

Hi,
I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
Router (RV016 10/100 16-Port VPN Router) as gateway mode:
IP : 172.16.0.1/24
DHCP Server :
IP : 172.16.0.2/24 GW: 172.16.0.1
2 subnets :
172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
IP 172.16.0.254 (vlan 8 default)
Vlan 1 : 172.16.1.1
Vlan 2 : 172.16.2.1
1 device connected on each vlan
a workstation on the vlan 1
a laptop on the vlan 2
In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
I hope the explanations are clear enough and my English too
Any help will be highly appreciated,
Zoubeir

Hi Eric, the small business group doesn't support the ASA config, but I can help with the switch.
A couple things I notice in your description-
48 port (192.168.1.254) and the other 24P (192.168.1.253) we have a second vlan 20 set up on the 24P switch (192.168.2.253) we have ports 1-12 set for vlan20 (untagged and trunk), the remaining ports on on the default vlan 1.
The connection between the switches, is it 1u, 2t?
The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
We have the 24p and 48p switches connect using GE1 and GE1. We are unable to ping a device on vlan 20 ( on the 24p switch
The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
We have a static route set on the 24p switch (0.0.0.0 192.168.1.0).
Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
-Tom
Please rate helpful posts

Multiple VLAN traffic on one switchport

Good Morning all,
I would like some help with a switchport config on one of my VMware clusters.
Currently the live vDS sits with the below config on a Cisco 4500
switchport trunk encapsulation dot1q
switchport trunk native vlan 8
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpduguard enable
I require the hots to be able to communicate on multiple VLANs, it sits on VLAN 8 but needs to communicate on 200 and 201 and 8.
Any help would be greatly appreciated.
Thanks,
Hassan.

Hassan
The switch port that you show us is correctly configured as a trunk. You have not shown us whether these three vlans are correctly configured on the switch and active on the interface. The output of show interface trunk would be helpful in determining this. If the switch appears to be correctly configured then the other part of the question is whether your VMware cluster is correctly configured to use the three vlans on that interface.
HTH
Rick

Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

Hi Surendra,
I was just given this task to see how i can configure a second ssid for guest access in our environment.
this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
My AP config is attached below.
Please tell me what am I doing wrong.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
Does the access point need to be aware of the voice vlan?
Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
I will greatly appreciate your urgent response.
Thanks in advanced.

Hi,
As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
int vlan 20
ip helper-address 192.168.33.xxx
int vlan 60
ip helper-address 130.20.1.xxx
I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
Modify the AP config as below since you are using data vlan as the native vlan
interface Dot11Radio0.20
encapsulation dot1Q 20 native
interface FastEthernet0.20
encapsulation dot1Q 20 native
Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60
no ip route-cache
bridge-group 60
no bridge-group 60 source-learning
bridge-group 60 spanning-disabled
Hope this helps.
Regards
Najaf

New VLAN config on Cisco router

We are in the process of rolling out VOIP with new Cisco router
configurations. When the VLAN config is changed on the router it can no
longer ping the server. The router config is setup with secondary IP info
so that we don't have to go thru the process of changing IP config on the
NW 6.5 SP 6 servers.
Has anyone seen this issue? Do I need to bind new VLAN ti IP NICs? Any
other thoughts?
Thanks for any help received,
Todd W Carter

On 6/5/2007 Todd W Carter wrote:
> We are in the process of rolling out VOIP with new Cisco router
> configurations. When the VLAN config is changed on the router it can no
> longer ping the server. The router config is setup with secondary IP info so
> that we don't have to go thru the process of changing IP config on the NW 6.5
> SP 6 servers.
>
> Has anyone seen this issue? Do I need to bind new VLAN ti IP NICs? Any other
> thoughts?
When pinging from the router, the packets will be source from its primary
ip address. If the server's subnet is part of the secondary IP address on the
router, you must use an extended ping in the router for it to work.
However, I recommend implementing router-in-a-stick instead of secondary IP
addressing when creating multiple VLANs.
On the router, you can create sub-interfaces under the LAN interface and deploy
dot1q trunking. At the switch-port, configure dot1q trunking as well and the
router
will route between VLANs while providing a better design.
This is outside of the scope of this forum so I recommend posting in the Cisco
forums at http://forum.cisco.com/eforum/servlet/NetProf?page=main
Thanks !
Edison Ortiz
(Routing & Switching, CCIE # 17943)

Issues using multiple load-config files with ant

Hello,
Not sure if this is the correct place...
I am creating an ant build script to compile our flex application. I am trying to use the default flex-config by doing <load-config filename="${flex.sdkPath}/frameworks/flex-config.xml"/> and project specific config file add the datavisualization module and any other libraries we might need in the future. I am trying to do this as I don't want to modify the flex-config.xml
The issue I keep running into is I get a compiler error saying "unable to locate specified base class 'spark.comonents.application..". if I place the custome load-config file above the adobe default flex-config it gives errors stating it the "SeriesSlide" type
<mxmlc file="${project.sourcePath}/FBApp.mxml"
         output="${project.output.binaryPath}/${project.output.fileName}.swf"
         locale="en_US"
         static-link-runtime-shared-libraries="false"
         static-rsls="false"
         use-network="true"
         accessible="false"
         debug="true">
         <load-config filename="${flex.sdkPath}/frameworks/flex-config.xml"/>
         <load-config filename="C:/Hudson/.hudson/jobs/FB 2.0 Flex/workspace/FBApp/FB-config.xml"/>
         <source-path path-element="${flex.sdkPath}/frameworks/libs"/>
         <source-path path-element="${project.sourcePath}"/>
         <library-path dir="${flex.path}/sdks/${flex.sdkVersion}/frameworks/locale/en_US"
            includes="*"/>
         <library-path dir="${project.libraryPath}"
            includes="*"/>
         <keep-as3-metadata name="Protected"/>
      </mxmlc>
the following is my FB-config.xml
<?xml version="1.0"?>
<flex-config>
   <runtime-shared-library-path>
<path-element>C:\Program Files\Adobe\Adobe Flash Builder 4 Plug-in\sdks\4.1.0\frameworks\libs/datavisualization.swc</path-element>
<rsl-url>http://fpdownload.adobe.com/pub/swz/flex/4.1.0.16076/datavisualization_4.1.0.16076.swz</rsl-url>
<policy-file-url>http://fpdownload.adobe.com/pub/swz/crossdomain.xml</policy-file-url>
<rsl-url>datavisualization_4.1.0.16076.swz</rsl-url>
<policy-file-url>.</policy-file-url>
   </runtime-shared-library-path>
</flex-config>
It seems to be that the first "load-config" ant runs into is the only one that gets used. When looking around the internet I have multiple cases of where people say they have successfully used multiple load-config files.
This one in particular.
http://flashdevelop.org/community/viewtopic.php?f=13&t=5629&view=previous
If I had to guess on what was wrong I believe my FB-config.xml file is incorrect but I can't find an example of anyones custom configuration file.
Any guidance would be apprecaited.

I am embarrassed to say that your solution answered my question.
I was about 10 min away from rewriting my Ant script to just use the mxmlc.exe directly instead of the mxmlc ant tag. I kept running into the -flex-config+=YourConfig.xml for the command line option but never saw the xml variant.
http://blog.flexexamples.com/2008/12/21/using-a-custom-flex-configxml-file-in-flex-builder -3/
http://livedocs.adobe.com/flex/3/html/help.html?content=configuring_environment_3.html
Does Flex have any documenation that shows all the different tags that are available like the Ant documenation?
http://ant.apache.org/manual/Tasks/delete.html
Thanks at ton.

Encrypting Aironet 1410 bridge link using multiple VLANs

I've looked at the documentation available for Aironet 1400 series, and still would like to see a single document showing an example of
the best encryption/authentication available for bridge links using multiple VLANs.
As I understand it, 1400 series can support WPA-PSK using AES, which would work for me. I just can't picture how to integrate chapters 9 and 10 for the 'WEP and WEP Features' + 'Configuring Authentication Types' instructions.
I'm looking either for an example config, or a step-by-step that did all steps consecutively.
Thanks

What doc are you refering to? If you want to encrypt the link from root bridge to non-root bridge, then WPA/TKIP-PSK is what you should use. Here is a link to how to setup your link ssid to WPA: http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15auth.html#wp1044935
Don't worry about the example they show on the WEP, just use the configuration from the above link for your encryption.
Configuring a VLAN
Configuring your bridge to support VLANs is a five-step process:
1. Create subinterfaces on the radio and Ethernet interfaces.
2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
3. Assign a bridge group to each VLAN.
4. (Optional) Enable WEP on the native VLAN. <-- Use WPA-PSK
5. Assign the bridge's SSID to the native VLAN.
http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15vlan.html
Here is an example of vlan 1 (native) will be your management and your wireless link. vlan 10 & 20 will pass through the link.
BR# configure terminal
BR(config)# interface dot11radio0.1
BR(config-subif)# encapsulation dot1q 1 native
BR(config-subif)# bridge group 1
BR(config-subif)# exit
BR(config)# interface fastEthernet0.1
BR(config-subif)# encapsulation dot1q 1 native
BR(config-subif)# bridge group 1
BR(config)# interface fastEthernet0.10
BR(config-subif)# encapsulation dot1q 10
BR(config-subif)# bridge group 10
BR(config)# interface fastEthernet0.20
BR(config-subif)# encapsulation dot1q 20
BR(config-subif)# bridge group 20
BR(config-subif)# exit
BR(config)# interface dot11radio0
BR(config-if)# ssid batman
BR(config-ssid)# vlan 1
BR(config-ssid)# infrastructure-ssid
BR(config-ssid)# end

Windows Load Balancing on Multiple VLAN?

Hi all. Just wondering if any of you having this same issue as I did. I've got NLB configured on 2 VM running on Hyper-V. Each of the VM equiped with 2 NIC. The NIC for heart beat purpose is configured
with Static MAC and with the option "Enable Spoofing for MAC Address" enabled. Another NIC is for LAN communication purose. Each of the NIC is reside on a different VLAN (VLANx and VLANy). After I've got the NLB configured,
with "unicast" mode. I've noticed I am not able to ping the NLB virtual IP address from any of the clients. Ping works between the NLB hosts, and is accessible. Once I've put all the NIC into the same VLAN, NLB works
fine; I can ping the NLB virtual IP, and test on IIS works good. My question, does NLB requires all the host to reside in the same VLAN? If NLB support mulitple VLAN, then how can I configure it to support multiple VLAN (eg: production LAN
NIC on VLANx, and heart beat NIC on VLANy)? Thank you.

Hi,
It seems that we need to use Multicast mode.
Configure Network Load Balancing Cluster Operation Mode
http://technet.microsoft.com/en-us/library/cc731616.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Multiple VLANs over 1300 series bridges

Hi
I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
Many thanks
Simon

Hi Simon,
Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
Regards,
Milton Tizoc.

AP1300 Bridging Multiple Vlans with Dot1q

I have a pair of AIR-BR1310G-E-K9 to do ptp bridging. Topology is like this:
host-switch-rootAP---nonRootAP-switch-host
We have multiple vlans and have followed this doco:
<http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html>
The native vlan is all good and can ping across end-to-end. However, the when I attach a host to the switch in another vlan i.e. user vlan - there is no connectivity. Essentially, we want to dot1q over the ptp bridge setup.
running version:
c1310-k9w7-mx.124-10b.JA1
appreciate any input.
Ajaz

yes. standard trunk config on both switches:
5SL_SWITCH#srif 0/24
Building configuration...
Current configuration : 186 bytes
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
end
5SL_SWITCH#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1,100
Port Vlans allowed and active in management domain
Fa0/24 1,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,100
5SL_SWITCH#
11SL_SWITCH#srif 0/24
Building configuration...
Current configuration : 186 bytes
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
end
11SL_SWITCH#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1,100
Port Vlans allowed and active in management domain
Fa0/24 1,100
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,100
11SL_SWITCH#
furthermore the vlans exist in the db and when i trunk between the switches - I can ping the SVI's.
Do you want me to post the AP config?

Multiple VLANs per SSID with local switch

Is it possible to use an 'AP Group' or 'Interface group' to assign multiple VLANs to a WLAN when remote, h-reap APs are in local switch mode?
If not, is there a way to overcome 500 maximum host per VLAN when APs are local switching?
Thanks!

dont think its possible...
I donno if the following config will even work but u can have the hreap APs connected at the remote site to map to different vlans...
Example:
AP1 -- ssid 1 --- vlan 10
AP2 -- said 1 --- vlan 11 and so forth..
Sounds crazy but i ll have to ponder on this a bit more.. Need a pen and paper to draw a quick topology :)...
Sent from Cisco Technical Support iPhone App

Creating multiple vlans across multiple switches

Hi All,
How should I create multiple vlans across multiple switches?
For instance, I have two (primary/redudant) layer 3 (core) switches and four layer 2 access switches (Cisco 2960) for the hosts, and given these are the vlans/subnets to be created. Should I do it in the core switches only and it would just propagate through the access via VTP? Just trying to practice and learn.. Any help will be greatly appreciated:)
VLAN 100: [DHCP-workstations]
172.26.4.0/24
172.26.5.0/24
VLAN 200: [Servers]
172.16.1.0/24
172.16.2.0/24
VLAN 300: [Printers]
192.168.129.0/24
192.168.130.0/24
VLAN 800: [Management for switches/routers]
10.160.1.0/24

Hi
You will have the SVI on the core. Set a VTP domain, make one of the cores as VTP server and rest of the switches as VTP clients. Once you do this, you won't have to login into each switch and create a vlan locally. The vlans will be automatically advertised from the VTP server to all the VTP clients.
Thanks
Ankur
"Please rate the post if found useful"

How to create multiple Vlan in Controller 4402

Please let me know step-by-step procedure to create multiple vlan in conroller 4402, In my topology we have vlan -1 for date and vlan - 11 for voice both are in different network, please light me detail config on controller and switch

Hi Balamurugan,
I don't want to sound rude, but, you have posted your issue three times. Each one, I recommended that you go through the WLC Configuration Guide. I recommended this because you are new to WLC and it's the best way for you to learn.
However, you recent post has led me to believe that you are reluctant to peruse the document and I am puzzled. Is there any reason of your reluctance and hesitance?
Cisco Wireless LAN Controller Configuration Guide, Release 6.0
http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/Controller60CG.html

Bridge with clients & multiple VLANs on 1242 AP

Hi,
I am trying to set up a test as per the attached diagram. I am looking to use 2x 1242 access points to bridge to a remote part of the network.
I currently have 2 VLANs on the network, all network devices are on VLAN 1 for management and client access is on VLAN 2.
What I am trying to achieve is to bridge between the two access points and also have clients connect to VLAN 2 on each access point.
Firstly, are the 1242's capable of this or would I need to look at a 1300 Bridge?
I have attached a copy of the base config I have on both AP's, the only difference between them is the root or non-root role.
My bridge link currently works and I can ping across it on VLAN 1 but I cannot get a client to connect to the SSID on VLAN2. Although the SSID is set to guest mode I cannot see it being broadcast and if I manually try and connect nothing happens.
Is there anything basic I am missing here or can anyone offer advice on bridging multiple VLANs with 1242 AP's?
Thanks,
Paul

Ooops....forgot to add the attachments first time.
Thanks,
Paul.

Multiple VLAN config help

Similar Messages

Maybe you are looking for