IP Address

Aug 16 2009   4:53AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 3

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS, DHCP Server, IP Address

 

In today’s entry we will focus on configuration of VLANs and SSIDs in a Cisco Aironet 1250 Series Access Point. The procedure is as follows.

 

Configure

 

In this section, you will see the configuration steps required to complete the above mentioned scenario.

 

1^st Step: Configure the Native VLAN on the Cisco Aironet 1250 Series Access Point

The Native VLAN is a VLAN to which the Cisco Aironet 1250 Series Access Point and the Cisco Catalyst 3560 Switch are connected. Native VLAN of the Cisco Aironet 1250 Series Access Point is usually different from the other VLANS configured in the Cisco Aironet 1250 Series Access Point (In our case VLAN 101 and VLAN 102). The IP address used for the management of the Cisco Aironet 1250 Series Access Point is assigned to its BVI Interface and the IP address assigned is in the native VLAN. (In our case VLAN 100). . The traffic, for example, management traffic, sent to and by the Point itself assumes the native VLAN (VLAN 100), and it is untagged. All untagged traffic that is received on an IEEE 802.1Q (dot1q) trunk port is forwarded with the native VLAN (VLAN 100) that is configured for the port. If a packet has a VLAN ID that is the same as the native VLAN ID of the sending port, the Cisco Catalyst 3560 Switch sends the packet without a tag. Otherwise, the switch sends the packet with a tag.

In order to configure a native VLAN on a Cisco Aironet 1250 Series Access Point, issue the following commands in the global configuration mode on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#interface gigabitEthernet 0.100

ITKE-AP-01(config-subif)# encapsulation dot1Q 100 native

ITKE-AP-01(config-subif)#exit

 

(The above commands will configure the encapsulation as dot1q and assign VLAN 100 as the native VLAN on the Giga Ethernet interface.)

 

ITKE-AP-01(config)#interface dot11radio 0.100

ITKE-AP-01(config-subif)# encapsulation dot1Q 100 native

ITKE-AP-01(config-subif)#exit

 

(The above commands will configure the encapsulation as dot1q and assign VLAN 100 as the native VLAN on the radio interface.)

 

 

2^nd Step: Configure the SSIDs on the Cisco Aironet 1250 Series Access Point

In this step we will configure two VLANs (VLAN 101 & VLAN 102) one for the ITKE administration department and other for the guest users only with an internet access.  The SSIDs are also need to be associated with specific VLANS as shown below.

 

·         VLAN 101 for the ITKE administration department and uses the SSID ADMIN.

·         VLAN 102 for the guest users and uses the SSID GUEST.

 

In order to configure a VLAN101 and 102 on a Cisco Aironet 1250 Series Access Point, issue the following commands in the global configuration mode on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#dot11 ssid ADMIN

ITKE-AP-01(config-ssid)#authentication open

ITKE-AP-01(config-ssid)#vlan 101

 (The above commands will create an ssid ADMIN, assigned to VLAN 101 and with an open authentication.)

 

ITKE-AP-01(config)#dot11 ssid GUEST

ITKE-AP-01(config-ssid)#authentication open

ITKE-AP-01(config-ssid)#vlan 102

(The above commands will create an ssid GUEST, assigned to VLAN 102 and with an open authentication).

 

ITKE-AP-01(config)#interface gigabitEthernet 0.101

ITKE-AP-01(config-subif)#encapsulation dot1Q 101

ITKE-AP-01(config-subif)#bridge-group 101

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the giga Ethernet).

 

ITKE-AP-01(config)#interface dot11Radio 0.101

ITKE-AP-01(config-subif)#encapsulation dot1Q 101

ITKE-AP-01(config-subif)#bridge-group 101

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

 

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the sub interface on the radio interface).

 

 

ITKE-AP-01(config)#interface gigabitEthernet 0.102

ITKE-AP-01(config-subif)#encapsulation dot1Q 102

ITKE-AP-01(config-subif)#bridge-group 102

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 102 and assigns the sub interface to bridge group 102 to the giga Ethernet).

 

ITKE-AP-01(config)#interface dot11Radio 0.102

ITKE-AP-01(config-subif)#encapsulation dot1Q 102

ITKE-AP-01(config-subif)#bridge-group 102

ITKE-AP-01(config-subif)#exit

ITKE-AP-01(config)#

(The above commands will set the encapsulation dot1q for VLAN 101 and assigns the sub interface to bridge group 101 to the sub interface on the radio interface).

 

3^rd Step: Assign the multiple SSIDs to the radio interface on the Cisco Aironet 1250 Series Access Point

 

ITKE-AP-01(config)#interface dot11Radio 0

ITKE-AP-01(config-if)#ssid ADMIN

ITKE-AP-01(config-if)#ssid GUEST

ITKE-AP-01(config-if)#mbssid

(The above commands assigns the multiple SSIDs ADMIN and GUEST  to the radio interface dot11radio 0 ).

 

Note: The SSIDs ADMIN and GUEST are configured for open authentication, For information on how to configure different authentication types on the Cisco Aironet 1250 Series Access Point , refer the Cisco document “Configuring Authentication Types”.

In next post we will look at the configuration for the Cisco 3560 Switch .

Aug 13 2009   8:56AM GMT

Configuring Multiple SSIDs in Cisco 1250 Access Points Series 2

Posted by: Yasir Irfan
Multiple SSID, Configuring Multiple SSID in Cisco Access Point, Cisco Aironet 1250 Series Access Points, configuring multiple SSIDs, VLANS, Cisco Configurations, Wireless, Cisco Wireless, Cisco Access Points, Cisco Aironet 1250, Cisco Aironet 1250 Access Point, Sample Configurations, configuration scenarios, Windows 2003 Server, Wireless Clients, SSIDs, Native VLAN, Cisco Catalyst 3560 Switch, Cisco Catalyst 6500 Series Switch, IOS Version 12.4(10b) JDA3, IOS version 12.2(44) SE1, IOS version 12.2(18) SXF14, Cisco IOS, DHCP Server, IP Address

In order to configure multiple SSIDs in a Cisco Aironet 1250 Series Access Point, we will follow the following scenario,

 

The Scenario is based on following hardware and software versions.

 

Cisco Aironet 1250 Series Access Point runs with an IOS Version 12.4(10b) JDA3.

Cisco Catalyst 3560 Switch runs with an IOS version 12.2(44) SE1.

Cisco Catalyst 6500 Series Switch runs with an IOS version 12.2(18) SXF14.

 

The Cisco Aironet 1250 Series Access Point has three VLANs, - VLAN 100, VLAN 101 and VLAN 102. VLAN 100 will be the native VLAN, VLAN 101 for the ITKE admin department and VLAN 102 for the guest users. The Wireless users who belong to ITKE admin department must connect to the Cisco Aironet 1250 Series Access Point and should be able to connect the ITKE admin department users on the wired network which is VLAN 101.

 

The wireless guest users should be able to connect to the Internet Gateway or web server which is on the wired segment of VLAN 102.

A Cisco Catalyst 3560 Switch is connected to the Cisco Aironet 1250 Series Access Point at the access layer and the Cisco Catalyst 3560 Switch is also connected to the Cisco Catalyst 6500 Switch at the Core/Distribution layer). All VLANs are created in the Cisco Catalyst 6500 Switch which is beyond the scope of this document. (If any one feels he or she needs the sample configuration for the VLANs in the Cisco Catalyst 6500 switch it can be provided in the comments section of this blog entry).

 

A windows 2003 Server is used as a DHCP server which provides the IP address for both the VLANs VLAN 101 and VLAN 102. A DHCP scope has to be configured for both VLANS in the windows 2003 Server which is also beyond the scope of this document. But I am just adding the snap shot from the DHCP Server.

 

The following IP Address Scheme is applied for the VLANs

 

VLAN 100– 10.0.0.0 /23 (NATIVE VLAN)

VLAN 101 – 10.2.0.0/23

VLAN 102– 10.4.0.0/23

 

Following are the IP address used for the devices in this document.

 

·         The Cisco Aironet 1250 Series Access Point Bridge-Group Virtual Interface (BVI) IP Address (VLAN 100) 10.0.0.99.

 

·         Windows 2003 DHCP Server with an IP address 10.0.1.100 with VLAN scopes configured

 

·         Web Server with an IP Address 10.4.0.100.

 

·         Wireless Clients (SSID ITKE) gets connected to VLAN 101 gets an IP address from the Windows 2003 DHCP Server from the subnet 10.2.0.0.

 

·         Wireless Clients (SSID Guest) gets connected to VLAN 102 gets an IP Address from the Windows 2003 DHCP Server from the subnet 10.4.0.0.

In my next post I will post the configuration steps required to carry out the above motioned task. Until then do leave your comments for any future improvements or suggestions.

Mar 17 2009   12:28PM GMT

Don’t Panic for ICND 1 Simualtion questions.

Posted by: Yasir Irfan
ICND 1 Simualtion questions, ICND1, CCENT, Show ip interface, Show ip interface brief, CCNA, CCNA Exam, ICND1 Exam, CCENT Exam, Cisco Tips, Routing, IP Address, sho running-config

One of my colleagues went for the ICND 1 (640-822) exam and he failed to pass the exams with a small margin. He got few simulation questions, in which he was suppose the find out the IP address for the router interfaces connected in the topology provided. The show running command was disabled, he was suppose to use alternative IOS commands to determine the IP address assigned to the router interface.

 

In this scenario don’t panic,  the best command to determine the IP address assigned to interface s in any router is “show ip interface brief” or Show ip interfaces. Here is the sample output of these commands

 

ITKE-DAC-3745R01#sho ip interface brief

Interface                     IP-Address      OK? Method Status                Protocol

FastEthernet0/0         10.135.5.21     YES DHCP   up                    up     

FastEthernet0/1         192.168.1.2     YES NVRAM  up                    up     

Tunnel0                       172.31.31.50    YES NVRAM  up                    up     

ITKE-DAC-3745R01#

 

ITKE-DAC-3745R01#show ip interface

FastEthernet0/0 is up, line protocol is up

  Internet address is 10.135.5.21/24

  Broadcast address is 255.255.255.255

  Address determined by DHCP

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF Feature Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

FastEthernet0/1 is up, line protocol is up

  Internet address is 192.168.1.2/28

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.5 224.0.0.6

  Outgoing access list is not set

  Inbound  access list is 101

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is enabled

  IP CEF switching is enabled

  IP CEF Flow Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, Flow, CEF, Flow Cache

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

Tunnel0 is up, line protocol is up

  Internet address is 172.31.31.50/30

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1476 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.5

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is enabled

  IP CEF switching is enabled

  IP CEF Flow Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, Flow, CEF, Flow Cache

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

ITKE-DAC-3745R01#

Sep 24 2008   8:27AM GMT

How to configure intervlan routing between Cisco Catalyst Switches and HP Procurve Switches Series 2

Posted by: Yasir Irfan
Networking, Switches, Cisco, HP Procurve, Cisco Tips, Cisco 3560, Cisco Learning, Cisco 3560-E, Intervlan routing, IP Address, IOS commands, HP switches

In my previous post I did discussed about the how common terminologies are applied by both Cisco & HP, now it’s time  proceed further , in this example we will create two VLANs and make intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

 

 

We will create 2 VLANS in both Switches, as shown in the below table

 

Now let’s see what configuration commands required to create a VLAN, and enable intervlan communication between HP Procurve Switches  and Cisco Catalyst Switches.

Aug 16 2008   11:12AM GMT

How to change an IP address in a HP Procurve Switch

Posted by: Yasir Irfan
Switches, HP Procurve, IP Address, HP switches

Changing an IP address in a Cisco Switch is quite simple, where as in HP Procurve Switches if you try to change an IP address for any existing vlan you get an error message  The IP address (or subnet) 10.0.0.122/23 already exists.. 

I will demonstrate how to change an IP address for an existing VLAN. In this example we have a VLAN 100 assigned with an IP address 10.0.0.99/23 in a HP Procurve Switch.

vlan 100

   name “VLAN100″

   ip address 10.0.0.97 255.255.248.0

   tagged 25-26

   exit

We will try to change the IP address in a normal way as we do in a Cisco Catalyst Switch.

ICU(config)# vlan 100

ICU(vlan-100)# ip address 10.0.0.122 255.255.254.0

The IP address (or subnet) 10.0.0.122/23 already exists.. 

The moment you enter the IP address command you will get an error message mentioned above.

In order to change an IP address do the following things

Log in to the Switch thro a console port.

Then from the global parameters use the following commands

vlan 100

 name “VLAN100″

 no ip address 10.0.0.97 255.255.248.0

 ip address 10.0.0.122  255.255.248.0

However, you can’t do that if you connect to the switch remotely. As soon as the “no ip address” command is received and processed by the switch, your session will be disconnected and you won’t be able to get to the switch.The trick to get around this issue is to make this IP address change through the switch’s built-in menu system instead of using the plain old CLI.

1. Type “menu”, hit Enter
2. Select “Switch Configuration”
3. Select “IP Configuration”
4. Navigate to Edit, hit Enter
5. Change the IP and then Save

you will be disconnected once you save it but you will be able to reconnect using the new IP.