Hello, here my configuration.

- Cisco Switch WS-C2960-24TC-L
- Cisco AIR-AP1041N

vlan1: 192.168.74.X
vlan7: 192.168.1.X


I need to configure the AP1041 with two ssid on two different vlan. but this does not work. I see the SSID broadcast of the two, but I log on vlan1 only ssid.

I have configure 4 ports on the vlan7 of 2960 and all computers receives the right DHCP.

Can you help me?

Here my config:

2960:

config t
vlan 7
name public
interface range fastEthernet 0/9-12
description VLAN 7
switchport mode access
switchport access VLAN 7
switchport nonegotiate
exit
interface fastEthernet 0/13
description VLAN 1 et 7
switchport trunk allowed vlan 1,7
switchport mode trunk
switchport nonegotiate
exit


AP1041N:

Conf t
Dot11 ssid ssidvlan1
Vlan 1
Authentication open
Mbssid Guest-mode
Dot11 ssid public
Vlan 7
authentication open
authentication key-management wpa
wpa-psk ascii public
Mbssid Guest-mode
Int dot11 0
Mbssid
ssid ssidvlan1
ssid public
encryption vlan 1 mode wep mandatory
encryption vlan 1 key 1 size 40bit 0123456789
encryption vlan 7 mode ciphers tkip
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
interface GigabitEthernet0.1
bridge-group 1
encapsulation dot1Q 1 native
interface Dot11Radio0.7
encapsulation dot1Q 7
bridge-group 7
interface GigabitEthernet0.7
bridge-group 7
encapsulation dot1Q 7
bridge irb
bridge 1 route ip
end


Thank You
Sory for my english
Best Regards
Labol

Well Labol, I know just what you're going through as I had to figure out how to do just this a while back from my house. Here is a cleaned config of mine off my 1232AG... your 1041 should be fairly close to this with a few minor changes such as fast ethernet interfaces to gig interfaces etc.

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1232AG
!
enable secret 5 *password*
!
ip subnet-zero
ip domain name justinstamour.local
!
!
ip ssh version 2
no aaa new-model
!
dot11 ssid stamour
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
infrastructure-ssid
wpa-psk ascii 7 *wpa2 key*
!
dot11 ssid stamour-guest
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 *wpa2 key*
!
!
!
username stamour547 privilege 15 secret 5 *password*
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
ssid stamour
!
ssid stamour-guest
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address 192.168.0.4 255.255.255.0
no ip route-cache
!
interface BVI2
ip address 192.168.2.4 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.0.1
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/sm ... g/help/eag
!
!
control-plane
!
bridge 1 route ip
bridge 2 protocol ieee
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no activation-character
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
logging synchronous
login local
transport input ssh
!
end

As I said, you'll have to change somethings to meet your needs but that should get you started. I have a few things to finish implementing myself but that is what I have working right now. I hope this helps.

-J

Does that help you at all?

Hi, yes it work.

Thank you

Best Regards

Labol