Misc 38

In this article, I'm going to talk about setting up wireless service. I'm not going to go in-depth so newbies like me can join in the fun. We'll be using this topology here:

What we want to achieve is to have two separate VLANs on the switch. The VLANs will be:
VLAN 4 - OFFICE
VLAN 5 - LOBBY

IP addressing would be as follows:
Router
F0/0.4 - 4.4.4.1/24 - DOT1Q VLAN4
F0/0.5 - 5.5.5.1/24 - DOT1Q VLAN5

Switch
VLAN4 - 4.4.4.2/24

AP
BVI1 - 4.4.4.3/24

I'll skip on the router on a stick part because I assume you already know it. If not, you can check CCNA 37.

Now we'll configure the port connecting the switch to the AP. This port should be a trunk and should have the native VLAN set if the BVI interface of the AP is not in VLAN 1. In this case, my BVI is set to 4.4.4.3, so it belongs to VLAN4. The switch is connected to AP's G0 through its F0/11 port, so it would have to be configured as follows:
in f0/11
sw m t
sw t e d
sw t n v 4

The AP would then need to be configured to support the VLANs. This is the configuration I'll use:
in bvi1
ip add 4.4.4.3 255.255.255.0
no shut
in g0
no shut
in g0.4
encap dot 4
bridge-group 1
in g0.5
encap dot 5
bridge-group 5

The bridge-group is required to bridge the radio interface together with the subinterfaces later on. Now we'll begin by creating SSIDs. An SSID entry defines its VLAN, authentication and beacon mode:
dot11 ssid Kelvin-LOBBY
vlan 5
authentication open
mbssid guest-mode
dot11 ssid Kelvin-OFFICE
vlan 4
authentication open
mbssid guest-mode
authentication key-management wpa
wpa-psk ascii 0 cisco

Notice that I used the keyword "mbssid". Using mbssid (as opposed to using the "ssid" command) allows the AP to broadcast multiple SSIDs.

Now we'll set up the radio parameters. This is the last thing we need to take care of. A radio entry represents the physical antenna and it defines the encryption mode, attached SSIDs, and channel. We would also need to create subinterfaces to be bridged with the gigabit link:
in dot0
encryption vlan 4 mode ciphers tkip
mbssid
ssid Kelvin-LOBBY
ssid Kelvin-OFFICE
channel 6
in dot0.4
encap dot 4 native
bridge-group 1
in dot0.5
encap dot 5
bridge-group 5

The "mbssid" keyword here enables you to put multiple mbssid SSIDs into the interface. You can now use a Windows client to connect through WPA. As for DHCP wise, you would only need to set up DHCP on that router interface. The AP can be treated as a switch and therefore, the AP, Switch and the Router interface is in the same broadcast domain.