Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 340 Series

101

102

103

104

105

106

107

108

109

110

4-19

Cisco Aironet Access Point Software Configuration Guide

OL-0657-07

Chapter 4 Configuring VLANs

Rules and Guidelines for Wireless VLAN Deployment

Step 5 Verify that the SSIDs you created appear in the Existing SSIDs field.

Step 6 If the VLANs and SSIDs verified in Steps 2 and 5 are correct, go to Step 7. If not, review the procedures

and correct the problem.

Step 7 In the VLAN (802.1Q) field, click Enable.

Step 8 In the Native VLAN ID field, enter 1.

Step 9 Click OK. The 802.1Q Encapsulation Mode setting changes from Disabled to Hybrid Trunk.

Your wireless network is ready to operate using the VLANs you have created.

Creating an SSID for Infrastructure Devices

You must map the native VLAN to an SSID for infrastructure devices (such as workgroup bridges and

repeaters) so that they can communicate in the VLAN environment. Follow these steps.

Step 1 From the Setup page, click Service Sets.

Step 2 Create a new SSID called Infrastructure.

Step 3 Return to the AP Radio Service Sets page. Highlight the Infrastructure SSID in the Existing SSIDs field.

Step 4 In the Disallow Infrastructure Stations on any other SSID field, click Yes..

Rules and Guidelines for Wireless VLAN Deployment

You may want to consider these rules and guidelines before you deploy wireless VLANs on your

network:

• The switch must be capable of providing an IEEE 802.1Q trunk between it and the access point.

• A maximum of 16 VLANs per ESS are supported; each wireless VLAN is represented with a unique

SSID.

• Each VLAN must be configured with a unique encryption key.

• Only one unencrypted VLAN per ESS is permitted.

• Only one primary SSID per ESS is supported.

• TKIP/MIC/Broadcast key rotation can be enabled for each VLAN.

• Open, Shared-Key, MAC, Network-EAP (LEAP), and EAP configuration types can be configured

on each SSID.

• Shared-Key authentication is supported only on the SSID mapped to the native VLAN (this is most

likely to be the Infrastructure SSID).

• A unique policy group (a set of Layer 2, Layer 3, and Layer 4 filters) is allowed for each VLAN.

• Each SSID is mapped to a default wired VLAN with an ability to override its SSID to VLAN ID

using RADIUS-based VLAN access control mechanisms.

• RADIUS-based VLAN ID assignment per user is supported.

• RADIUS-based SSID access control per user is supported.

• Assigning a CoS mapping per VLAN is permitted (8 priority levels are supported).