Tuesday, April 14, 2026

Configure cisco air-cap3602i-a-k9 Access Point

 

To configure your Aironet 3602i from scratch, we will wipe any existing settings and build the Bridge-Group Virtual Interface (BVI) architecture.

In this scenario:

  • VLAN 1 (Native): Management (AP gets its IP here).

  • VLAN 10: User Traffic (SSID: Private_Net).

  • Hidden SSID: We will use the guest-mode command (or rather, the absence of it) to hide the SSID.

Phase 1: Global Setup & Security

Enter configuration mode and define the encryption for the user VLAN.

Code snippet
enable
configure terminal

# Enable password encryption and basic security
service password-encryption
hostname AP-3602

# Define the SSID
dot11 ssid Private_Net
   vlan 10
   authentication open 
   authentication key-management wpa version 2
   wpa-psk ascii 0 YourSecretKey123
   # Do NOT enter 'guest-mode' here; this keeps the SSID hidden

Phase 2: Wired Interface (GigabitEthernet0)

We must split the physical Ethernet port into sub-interfaces that match the switch's trunk tags.

Code snippet
# Management / Native VLAN
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1

# User Data VLAN
interface GigabitEthernet0.10
 encapsulation dot1Q 10
 bridge-group 10
 exit

Phase 3: Radio Interfaces (Dot11Radio)

You must apply the configuration to both the 2.4GHz (Radio0) and 5GHz (Radio1) radios for full coverage.

Code snippet
# --- 2.4GHz Radio Configuration ---
interface Dot11Radio0
 encryption vlan 10 mode ciphers aes-ccm
 ssid Private_Net
 no shutdown

interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1

interface Dot11Radio0.10
 encapsulation dot1Q 10
 bridge-group 10

# --- 5GHz Radio Configuration ---
interface Dot11Radio1
 encryption vlan 10 mode ciphers aes-ccm
 ssid Private_Net
 no shutdown

interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 bridge-group 1

interface Dot11Radio1.10
 encapsulation dot1Q 10
 bridge-group 10
 exit

Phase 4: Management IP & Gateway

This is where you assign the static identity to the AP. The IP lives on BVI1, which links to Bridge-group 1.

Code snippet
interface BVI1
 ip address 192.168.1.50 255.255.255.0
 no shutdown
 exit

# Set gateway so you can manage it from other subnets
ip default-gateway 192.168.1.1

Phase 5: Finalizing

Verify that the SSIDs are active and save your work.

Code snippet
# Check that the SSID is up (it should not show 'G' for Guest/Broadcast)
show dot11 bssid

# Save the config
write memory

Important Checklist

  1. Switch Side: Ensure your switchport is configured as:

    • switchport mode trunk

    • switchport trunk native vlan 1

  2. Hidden SSID Note: Since the SSID is hidden, you will need to manually type "Private_Net" into your devices to connect the first time.

  3. WPA Settings: Ensure you used encryption vlan 10 mode ciphers aes-ccm on the physical radio interfaces, or the WPA2 handshake will fail.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Configure cisco air-cap3602i-a-k9 Access Point

  To configure your Aironet 3602i from scratch, we will wipe any existing settings and build the Bridge-Group Virtual Interface (BVI) archit...

  • Allow AutoCAD License Check on FortiGate
      Allow AutoCAD License Check on FortiGate Identify the Licensing Server URLs and Ports Used by AutoCAD Autodesk’s licensing servers requir...
  • MS Activation
      Run CMD as administrator    cd "C:\Program Files\Microsoft Office\Office16" cscript ospp.vbs /sethst:kms.digiboy.ir cscript ospp...
  • GPO Folder redirection
      Configure Folder Redirection using Group Policy 05/15/2025 Folder Redire...