Aironet 350 AP

I have an aironet 350 AP running IOS

apcisco#sh ver Cisco IOS Software, C350 Software (C350-K9W7-M), Version 12.3(8)JEA2, RELEASE SO FTWARE (fc1) Technical Support:

formatting link
(c) 1986-2007 by Cisco Systems, Inc. Compiled Tue 17-Jul-07 23:38 by ccai

ROM: Bootstrap program is C350 boot loader BOOTLDR: C350 Boot Loader (C350-BOOT-M) Version 12.2(13)JA, EARLY DEPLOYMENT REL EASE SOFTWARE (fc1)

apcisco uptime is 2 days, 23 hours, 22 minutes System returned to ROM by power-on System restarted at 16:53:08 R Thu Dec 20 2007 System image file is "flash:/c350-k9w7-mx.123-8.JEA2/c350-k9w7-mx.


This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

formatting link
If you require further assistance please contact us by sending email to

cisco AIR-AP350-IOS-UPGRD (PowerPC860) processor with 15138K/1236K bytes of memory. PowerPC860 CPU at 49Mhz, revision number 0x0000 Last reset from power-on

1 FastEthernet interface 1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:40:96:40:02:B7 Part Number : 0-0000-00 PCA Assembly Number : 000-00000-00 PCA Revision Number : PCB Serial Number : Top Assembly Part Number : 000-00000-00 Top Assembly Serial Number : Top Revision Number : Product/Model Number : AIR-AP350-IOS-UPGRD

Configuration register is 0xF

my question is, do these support more then one vlan/essid ? I've tried configuring more then one via the GUI, and being that you can, id assume its supported. But for the life of me I cannot figure it out.

Part of my problem is it bridges all the subif's and I really dont understand how to get that trunked into a vlan..

I have a cisco 4700m that its jacked into, and a 2924XL available as well.

I have wired vlans working with teh 4700, so its supported. I just cant figure out how to get it working with the AP

Current configuration : 3430 bytes ! ! No configuration change since last restart ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname apcisco ! enable secret 5 $1$O1Hy$K6ay75/zTkZvlzG0AKgnB/ ! clock timezone R -5 clock summer-time R recurring ip subnet-zero ip domain name ip name-server ! ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ! dot11 ssid apcisco_secure vlan 1 authentication open authentication key-management wpa wpa-psk ascii 7 1119090C07115F5D547A3B277963 ! dot11 network-map ! ! username Cisco password 7 0802455D0A16 username admin privilege 15 password 7 0942413C34243653 ! ! class-map match-all vlantag match vlan 1 ! ! policy-map vlan_tagging class vlantag set dscp 2 ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 1 mode ciphers tkip ! ! broadcast-key change 600 ! ! ssid apcisco_secure ! speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 station-role root rts threshold 2312 no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address no ip route-cache ! ip default-gateway ip http server no ip http secure-server ip http help-path

formatting link
radius source-interface BVI1 ! logging history debugging no logging trap logging facility sys14 snmp-server view dot11view ieee802dot11 included snmp-server community public RO snmp-server community EAP RO snmp-server location CT snmp-server contact snmp-server chassis-id C-A350 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps entity snmp-server enable traps disassociate snmp-server enable traps deauthenticate snmp-server enable traps authenticate-fail snmp-server enable traps dot11-qos snmp-server enable traps switch-over snmp-server enable traps rogue-ap snmp-server enable traps wlan-wep snmp-server enable traps config snmp-server enable traps syslog snmp-server enable traps aaa_server radius-server local ! radius-server attribute 32 include-in-access-req format %h radius-server vsa send accounting ! control-plane ! bridge 1 route ip ! ! ! line con 0 stopbits 1 line vty 0 3 exec-timeout 0 0 password 7 130B1827262D45 line vty 4 password 7 130B1827262D45 line vty 5 15 password 7 130B1827262D45 ! sntp server end

I guess I do not understand how to get this to work with a BVI..

Can i whack the BVI and use standard vlan setups (just a bunch of sub if's on FE interface) ?

Any advice or information as always is appreciated

Reply to
Loading thread data ...

I should add, my goal is to have 2 vlans. One using WPA and the other wide open (so friends stopping over, and a few neighbors can connect and not use any creds..) If I can get 2 vlans working, Ill assign a seperate ip block to the open vlan and deny them from all internal network resources and just allow http and mail access outbound.

Reply to

This should give you the basic idea: VLANs on Aironet Access Points Configuration Example

formatting link
(This tip was written a while back, before the SSIDs were configured globally.)

Anyway, the idea is to configure separate subinterfaces under the AP's FastEthernet0 interface for each VLAN. Configure corresponding subinterfaces under Dot11Radio0. And map to the VLANs from the SSIDs.


Reply to
Aaron Leonard Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.