Manualshelf

user manual

ManualsBrandsCisco Systems ManualsNetwork RouterNetwork Router DL-2159-05
81828384858687888990
4-21
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 4 Configuring VLANs
Guidelines for Wireless VLAN Deployment
Creating an SSID for Infrastructure Devices
You must map the native VLAN to an SSID for infrastructure devices (such as workgroup bridges and
repeaters) so that they can communicate in the VLAN environment. Follow these steps.
Step 1 From the Setup page, click Service Sets.
Step 2 Create a new SSID called Infrastructure and map it to the Native VLAN.
Step 3 Return to the AP Radio Service Sets page. Highlight Infrastructure in the Existing SSIDs field.
Step 4 In the Disallow Infrastructure Stations on any other SSID field, click Yes .
Guidelines for Wireless VLAN Deployment
You may want to consider these and guidelines before you deploy wireless VLANs on your network:
The switch must be capable of providing an IEEE 802.1Q trunk between it and the access point.
A maximum of 16 VLANs per ESS are supported; each wireless VLAN is represented with a unique
SSID.
Each VLAN must be configured with a unique encryption key.
Only one unencrypted VLAN per ESS is permitted.
Only one primary SSID per ESS is supported.
TKIP/MIC/Broadcast key rotation can be enabled for each VLAN.
Open, Shared-Key, MAC, Network-EAP (LEAP), and EAP configuration types can be configured
on each SSID.
Shared-Key authentication is supported only on the SSID mapped to the native VLAN (this is most
likely to be the Infrastructure SSID).
A unique policy group (a set of Layer 2, Layer 3, and Layer 4 filters) is allowed for each VLAN.
Each SSID is mapped to a default wired VLAN with an ability to override its SSID to VLAN ID
using RADIUS-based VLAN access control mechanisms.
RADIUS-based VLAN ID assignment per user is supported.
RADIUS-based SSID access control per user is supported.
Assigning a CoS mapping per VLAN is permitted (8 priority levels are supported).
The number of clients per SSID is controllable.
All access points and bridges in the same ESS must use the same native VLAN ID in order to
facilitate IAPP communication between them.
Wireless LAN security policies can be mapped to the wired LAN switches and routers.