Autonomous AP and Bridge Basic Configuration Template

This article was first published here

Madhuri C  Cisco Employee Options ‎04-12-2011 12:38 AM – edited ‎11-18-2020 02:53 AM

Introduction

Autonomous AP and Bridge Basic Configuration Template

Configuration Example

Configuring an IOS AP

1. Creating an SSID

AP#

  Configure terminal

  Dot11 ssid <ssid_name>

   Authentication open

   Guest-mode                                               <— To broadcast the SSID

2. Configuring AP as a DHCP server

AP#

Configure terminal

  Ip dhcp excluded-address                         <—List of IP addresses to be excluded>

  Ip dhcp pool <pool name>

    Network <network id> <mask>

    Default-router <IP address>

3. Configuring radio interface

Configure terminal

Int dot11radio0  or  Intdot11radio1

    Ssid <ssid_name>                                    <— Map the SSID to radio interface

    Station-role root

    bridge-group

    no shut

4. Configuring Ethernet interface

interface FastEthernet0

  bridge-group 1

5. Configure the BVI interface

interface BVI1

ip address <ip address> <mask>

6.

6. Specify the default gateway

  ip default-gateway <ip_address>

7. Configuring  radio sub interfaces

If there are multiple vlans(For ex,vlans 1,2,3 in this case), configure one of the vlan to be native depending on your network/switchport config and map it to bridge-group 1

Conf t

interface Dot11Radio0.1

  encapsulation dot1Q 1 native

  bridge-group 1

interface Dot11Radio0.2

encapsulation dot1Q 2

  bridge-group 2

interface Dot11Radio0.3

encapsulation dot1Q 3

  bridge-group 3

8. Configuring fa sub interfaces for multiple vlans

interface fa0.1

encapsulation dot1Q 1 native

  bridge-group 1

interface fa0.2

encapsulation dot1Q 2

  bridge-group 2

interface fa0.3

encapsulation dot1Q 2

  bridge-group 3

9. Enabling mbssid if multiple ssids needs to be broadcast

Interface dot11 0

  Mbssid

Dot11 ssid <ssid_name>

Mbssid guest-mode

10. SSID and vlan mapping for multiplevlans/ssids

Conf t

  Dot11 ssid <ssid1>

  Vlan 1

Dot11 ssid <ssid2>

Vlan 2

11. Speed, channel and power settings

Conf t

Int dot11 0

Speed range  or Speed throughput

Power local max

Or

Powerlocal cck max

Powerlocal ofdm max

Channel <number> or <least-congested>

12. Enabling http and https to access GUI

Conft

ip http server

ip http secure-server

ip http authentication local

13. WEP configuration

Configuration if there are multiplevlans and if SSIDs are mapped to vlans:

Conf t

interface Dot11Radio0

      encryption vlan <id> mode wepmandatory

encryption vlan <id> key<slot> size 128bit 0 <encryption key> transmit-key

or

Configuration if there is a single vlans and if SSID is notmapped to vlan explicitly”

Conf t

interface Dot11Radio0

       encryptionmode wep mandatory

encryption key <slot> size 40bit 0 <encryption key> transmit-key

14. WPA1 configuration

Configure terminal

interface dot11Radio 0

    encryption vlan <id> modeciphers tkip

     (or )

    encryption mode ciphers tkip               <— Configuration if SSID is not mapped to vlans explicitly

exit

dot11 ssid <ssid_name>

authentication open

  authentication key-management wpa

  wpa-psk ascii <Enter pre-shared_key>

15.  WPA2 configuration

Configure terminal

interface dot11Radio 0

  encryption vlan <id> mode ciphers aes-ccm

  (or)

  encryption mode ciphers aes-ccm           <— Configuraton if SSID is not mapped to vlans explicitly

exit

dot11 ssid <ssid_name>

authentication open

  authentication key-management wpa version 2

  wpa-psk ascii <Enter pre-shared_key>

16. Configuration on switchport

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 1

switchport trunk allowed vlan 1,2,3

Bridge Configuration

Unlike APs, bridges would have a single SSID mapped to native VLAN for bridging. The SSID, Encryption, Authentication on root and non root bridges should match.

1. Configuration Root bridge

dot11 ssid bridging

   vlan 1

   infrastructure-ssid                     <— Use infrastructure-ssid optional ifwireless clients are to be connected too

int dot11 0

station-role root bridge

or

station-role root bridge wireless-clients               <— Bridging and allow client association too

interfaceDot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

interfaceDot11Radio0.2

encapsulation dot1Q 2

bridge-group 2

interfaceFastEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

interfaceFastEthernet0.2

encapsulation dot1Q 2

bridge-group 2

2.  Configurationon Non Root bridge

dot11 ssid bridging

   vlan 1

   infrastructure-ssid

int dot11 0

station-role non-root bridge

(or)

station-role non-root bridge wireless-clients                <— Bridging and allow client association too

interfaceDot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

interfaceDot11Radio0.2

encapsulation dot1Q 2

bridge-group 2

interfaceFastEthernet0.1

encapsulation dot1Q 1 native

bridge-group 1

interfaceFastEthernet0.2

encapsulation dot1Q 2

bridge-group 2

Useful commands

–  ‘Show dot11 associations all’ to check details of associated clients.

–   ‘Show controllers dot11 0’ to check the current channel,current and available power values, number of mbssids.

–   ‘Dot11 dot11radio 0 carrier busy and show dot11 carrier busy’ shows the interference percentage for every channel which can be used to select the channel with least interference.

Useful links

Vlans on APs and bridges

Complete configuration guide of AP

Configuration Examples and TechNotes