14-11
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter14 Configuring VLANs
VLAN Configuration Example
Table14-2 shows the commands needed to configure the three VLANs in this example.Table14-3 shows the results of the configuration commands in Table14-2. Use the show running command to display the running configuration on the access point.

Table14-2 Configuration Commands for VLAN Example

Configuring VLAN 1 Configuring VLAN 2 Configuring VLAN 3
ap# configure terminal
ap(config)# interface
dot11radio 0
ap(config-if)# ssid boss
ap(config-ssid)# end
ap# configure terminal
ap(config)# interface dot11radio 0
ap(config-if)# ssid teach
ap(config-ssid)# end
ap# configure terminal
ap(config)# interface dot11radio 0
ap(config-if)# ssid learn
ap(config-ssid)# end
ap configure terminal
ap(config) interface
FastEthernet0.1
ap(config-subif) encapsulation
dot1Q 1 native
ap(config-subif) exit
ap(config) interface FastEthernet0.2
ap(config-subif) encapsulation dot1Q
2
ap(config-subif) bridge-group 2
ap(config-subif) exit
ap(config) interface FastEthernet0.3
ap(config-subif) encapsulation dot1Q
3
ap(config-subif) bridge-group 3
ap(config-subif) exit
ap(config)#dot11 ssid manage
ap(config-ssid)#vlan 1
ap(config-ssid)#authentication
open eap eap_methods
ap(config-ssid)#exit
ap(config)#interface dot11Radio
0
ap(config-if)#encryption vlan 1
mode ciphers aes-ccm
ap(config)#dot11 ssid teach
ap(config-ssid)#vlan 2
ap(config-ssid)#authentication open
eap eap_methods
ap(config-ssid)#exit
ap(config)#interface dot11Radio 0
ap(config-if)#encryption vlan 2 mode
ciphers aes-ccm
ap(config)#dot11 ssid teach
ap(config-ssid)#vlan 3
ap(config-ssid)#authentication open
ap(config-ssid)#authentication
key-management wpa version 2
ap(config-ssid)#wpa-psk ascii 0
Cisco123
ap(config-ssid)#exit
ap(config)#interface dot11Radio 0
ap(config-if)#encryption vlan 3 mode
ciphers aes-ccm

Table14-3 Results of Example Configuration Commands

VLAN 1 Interfaces VLAN 2 Interfaces VLAN 3 Interfaces
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1
subscriber-loop-control
bridge-group 1
block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
no cdp enable
bridge-group 2
bridge-group 2
subscriber-loop-control
bridge-group 2
block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3
subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface gigabitethernet
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface gigabitethernet
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface gigabitethernet
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled