# # @see https://www.firewall.cx/cisco-technical-knowledgebase/cisco-wireless/826-cisco-wiress-air1242-mssid.html # @see https://sites.google.com/site/chaseerry/cisco-wireless/1131ag---configuring-multiple-ssids # @see https://community.cisco.com/t5/wireless/power-local/td-p/1947200 # @see https://community.cisco.com/t5/wireless/difference-between-power-local-and-power-client-for-autonomous/td-p/2717464 # @see https://www.cisco.com/c/en/us/td/docs/wireless/access_point/atnms-ap-8x/configuration/guide/cg-book/cg-chap14-vlan.html # @see https://www.cisco.com/c/en/us/td/docs/wireless/access_point/atnms-ap-8x/configuration/guide/cg-book/cg-chap14-vlan.html # @see https://networkguy.de/multiple-ssids-with-cisco-access-points/ # @see https://community.cisco.com/t5/wireless-mobility-knowledge-base/how-to-configure-and-verify-the-transmitted-power-level-on-aps/ta-p/3107653 # @see https://packetlife.net/blog/2012/feb/20/aironet-aps-bridge-groups-and-bvi/ # no ip domain-lookup ip domain-name example.com hostname ap1 banner motd #Access restricted. Authorized personel only# service password-encryption ip name-server 10.0.0.1 ip default-gateway 10.0.0.1 ntp server 10.0.0.1 crypto key generate rsa ip ssh version 2 enable secret username martin priv 15 secret no username Cisco ip access-list extended ACL-SSH permit ip 10.0.0.0 0.0.0.255 any deny ip any any exit ip access-list extended FireWall permit icmp 10.0.0.0 0.0.0.255 any permit tcp 10.0.0.0 0.0.0.255 any eq 22 permit tcp 10.0.0.0 0.0.0.255 any eq www 100 deny ip any any exit line vty 0 15 transport input ssh access-class ACL-SSH in privilege level 15 login local exit line console 0 login local exit int g0 no shut exit int g0.10 encapsulation dot1q 10 native desc Vlan 10 - Management no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning no shut exit int bvi1 desc Vlan 10 - Management interface ip address 10.0.0.11 255.255.255.0 ip access-group FireWall in no ip route-cache cdp enable no shut exit copy run start dot11 ssid MyWiFI vlan 12 authentication open authentication key-management wpa version 2 wpa-psk ascii mbssid guest-mode exit dot11 ssid Wii2 vlan 13 authentication open authentication key-management wpa version 2 wpa-psk ascii mbssid guest-mode exit # Enable bridge routing bridge irb int dot11radio0 mbssid encryption vlan 12 mode ciphers aes-ccm encryption vlan 13 mode ciphers aes-ccm ssid MyWiFI ssid WiFi world-mode dot11d country-code SI both power local 11 no shut exit int dot11radio1 mbssid encryption vlan 12 mode ciphers aes-ccm encryption vlan 13 mode ciphers aes-ccm ssid MyWiFI ssid WiFi world-mode dot11d country-code SI both power local 11 no shut exit int dot11radio0.12 desc WiFi Home encapsulation dot1Q 12 no ip route-cache bridge-group 12 bridge-group 12 subscriber-loop-control bridge-group 12 spanning-disabled bridge-group 12 block-unknown-source no bridge-group 12 source-learning no bridge-group 12 unicast-flooding no cdp enable exit int dot11radio0.13 desc WiFi Guest encapsulation dot1Q 13 no ip route-cache bridge-group 13 bridge-group 13 subscriber-loop-control bridge-group 13 spanning-disabled bridge-group 13 block-unknown-source no bridge-group 13 source-learning no bridge-group 13 unicast-flooding no cdp enable exit int dot11radio1.12 desc WiFi Home encapsulation dot1Q 12 no ip route-cache bridge-group 12 bridge-group 12 subscriber-loop-control bridge-group 12 spanning-disabled bridge-group 12 block-unknown-source no bridge-group 12 source-learning no bridge-group 12 unicast-flooding no cdp enable exit int dot11radio1.13 desc WiFi Guest encapsulation dot1Q 13 no ip route-cache bridge-group 13 bridge-group 13 subscriber-loop-control bridge-group 13 spanning-disabled bridge-group 13 block-unknown-source no bridge-group 13 source-learning no bridge-group 13 unicast-flooding no cdp enable exit int g0.12 desc Vlan 12 - Home encapsulation dot1q 12 no ip route-cache bridge-group 12 bridge-group 12 spanning-disabled no bridge-group 12 source-learning no cdp enable exit int g0.13 desc Vlan 13 - Guest encapsulation dot1q 13 no ip route-cache bridge-group 13 bridge-group 13 spanning-disabled no bridge-group 13 source-learning no cdp enable exit