Cisco 1200

Discussion in 'Cisco' started by jspinney@arnoldlogistics.com, Feb 12, 2007.

  1. Guest

    Quick question and I may already know the answer.

    Here is the setup first.
    We have several Cisco 1200 APs currently with only 1 SSID and an
    access-list to limit where clients go. The current authentication is
    WEP with MAC authentication to a Radius server. Also important is the
    AP is not connected to a Cisco switch. I think it is Nortel...
    The reason for the WEP/MAC authentication is a limitation of the
    devices that are connecting to the AP (DOS based terminals), which is
    also the reason for the access-lists. I have read up on creating a
    2nd SSID on 1200, but it requires a second VLAN, which if I'm correct
    would require a Cisco switch or at least a switch that understood
    VLANs(not sure if other manufacturers make any). My end goal is to
    have a connection that our DOS based terminals can connect to easily
    with little issue, but extremely limited as to where they can go and
    another connection (whether it be a different SSID or not) that I can
    use for Windows/Linux clients to connect to that has a tougher
    authentication (WPA/WPA2) and tougher encryption capabilities.

    Any ideas or thoughts are greatly appreciated.

    Jon
    , Feb 12, 2007
    #1
    1. Advertising

  2. Hi Jon,

    ~ Quick question and I may already know the answer.
    ~
    ~ Here is the setup first.
    ~ We have several Cisco 1200 APs currently with only 1 SSID and an
    ~ access-list to limit where clients go. The current authentication is
    ~ WEP with MAC authentication to a Radius server. Also important is the
    ~ AP is not connected to a Cisco switch. I think it is Nortel...
    ~ The reason for the WEP/MAC authentication is a limitation of the
    ~ devices that are connecting to the AP (DOS based terminals), which is
    ~ also the reason for the access-lists. I have read up on creating a
    ~ 2nd SSID on 1200, but it requires a second VLAN,

    Not strictly true. You can configure multiple SSIDs (with different
    wireless authentication methods) even if you only have one VLAN on
    the wired side. However, you will be subject to the restriction that
    all wireless SSIDs use the same crypto scheme. If you have multiple
    SSIDs mapped to different wired VLANs, then you can use independent
    crypto schemes per SSID.

    ~ which if I'm correct
    ~ would require a Cisco switch or at least a switch that understood
    ~ VLANs(not sure if other manufacturers make any).

    What you're looking for is "802.1q trunking support". 802.1q is an
    industry standard, so non-Cisco switches support it, maybe even your
    Nortel.

    To hook up the AP to an 802.1q trunk, the best practice would be:

    - have the native VLAN be called "VLAN 1" on the switch, and the
    AP's IP address (BVI1) must be in this native VLAN
    - have the wireless clients mapped to non-native VLANs

    ~ My end goal is to
    ~ have a connection that our DOS based terminals can connect to easily
    ~ with little issue, but extremely limited as to where they can go and
    ~ another connection (whether it be a different SSID or not) that I can
    ~ use for Windows/Linux clients to connect to that has a tougher
    ~ authentication (WPA/WPA2) and tougher encryption capabilities.

    See if you can't configure 802.1q in your non-Cisco infrastructure.
    If your AP can only connect to a non-trunk port (access port), then
    your options are not so good. You could configure "WPA migration mode",
    which purports to support both WPA and WEP clients, but bear in mind that
    this scheme would require that your static WEP clients use a key index
    other than 1, and typically proves in practice to be not wholly
    satisfactory.

    Regards,

    Aaron
    Aaron Leonard, Feb 13, 2007
    #2
    1. Advertising

  3. blackmamaba

    Joined:
    Jan 30, 2008
    Messages:
    1
    Location:
    Colorado
    This may be an old thread but it sure came in handy on a google search.

    I used this to figure out how to config multiple SSID (multi VLAN obviously) on a Cisco 1200 and get it to work on an Extreme Networks switch. Thanks for the info.
    blackmamaba, Jan 30, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Love

    Cisco 350 / 1200 AP Configuration File

    Michael Love, Oct 15, 2003, in forum: Cisco
    Replies:
    2
    Views:
    681
    Michael Love
    Oct 17, 2003
  2. David
    Replies:
    1
    Views:
    492
    Phillip Remaker
    Dec 5, 2003
  3. Michael Love
    Replies:
    2
    Views:
    2,594
    Michael Love
    Dec 13, 2003
  4. Sbux
    Replies:
    0
    Views:
    767
  5. NYA
    Replies:
    1
    Views:
    467
    Aaron Leonard
    Nov 7, 2006
Loading...

Share This Page