Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Wireless Two SSID's

Posted on 2009-04-13
8
Medium Priority
?
2,208 Views
Last Modified: 2013-12-27
I've got a cisco aironet and I'm trying to have two SSID's one with WPA security the other with wep (for our kids nintendo ds's).  Or if I must no security at all on the second SSID (nintendo) if it can't be done, but in that case i'd prefer the SSID was hidden.  Our neighborhood is very sparse so our neighbors would have to drive to the house and park outside to pick up the signal, so security isn't the hugest concern.

As it stands right now i can see/connect fine to the SSID 845 but cannot see or connect to the nintendo SSID.

Any ideas?
Kitchen_AP#show run
 
Building configuration...
 
Current configuration : 1634 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Kitchen_AP
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid 845
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 <OMITTED>
!
dot11 ssid nintendo
   authentication open
   mbssid guest-mode
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 broadcast-key change 900
 !
 !
 ssid 845
 !
 ssid nintendo
 !
 mbssid
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2462
 station-role root
 antenna gain 128
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 172.16.1.3 255.255.255.0
 no ip route-cache
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end
 
Kitchen_AP#

Open in new window

0
Comment
Question by:ZooyorQ
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 8

Expert Comment

by:engeltje
ID: 24147694
As I know of, most of the aeronet models haven't support for multiple SSID.
Your cisco sees the first, skips the second.

Further: Why would you do this? The security of your network is as strong as the weakest point.
In your case I would secure the network WEP only. In a sparse environment like yours, who will do the effort of cracking your wep key?
There is nothing to win, there are many unsecured networks, in all neighborhoods.
Things would be different when you lived in an appartment where some resident can capture the network for his own internet connectivity.
Not so here. So, a single wep must be sufficient.




0
 

Author Comment

by:ZooyorQ
ID: 24150113
The only reason being is we have 5 wireless access points in the house and currently all the computers (macs) are setup with the SSID using WPA.   Some are apple express's, some are linksys, some are cisco, etc.  Theres only one part in the house where a nintendo ds needs to connect using WEP.  My thought was create the secondary SSID using WEP on the Aironet thats near the area and use WEP to secure it.

I could switch all the AP's over to WEP but I hate handing out WEP passwords to guests etc.. its a pain :\
0
 
LVL 10

Expert Comment

by:atlas_shuddered
ID: 24153949
You can set up multiple SSIDs.  I'm posting a document that will at least get you started and give you more information than is realistic to try and post here.  Take a look and if you run into a hitch, post back I we can go from there.

http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15ssid.html

Cheers
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:ZooyorQ
ID: 24162522
Ok, just to be clear it looks like each SSID needs its own VLAN?  I can't have them on the same VLAN?

My ultimate problem is i'd like to support older devices (even if the SSID isn't broadcast) that require WEP.  While the primary way with a broadcast SSID using WPA.  Its also acceptable if necessary for me to have the unbroadcast SSID have no security at all.
0
 
LVL 10

Accepted Solution

by:
atlas_shuddered earned 2000 total points
ID: 24162727
Your understanding is correct.  Each SSID has to be on a seperate VLAN.  When you get down to brass tacks, an SSID is a VLAN (a seperate logical segment of the network).  The Cisco IOS is will force you to pair only one SSID to each VLAN and vice versa.

The issue of the WEP I will have to think about for a bit.  I'm pretty sure that you won't be able to set up both WPA and WEP on the same device, however, you may be able to set up one SSID with and one without, however, there are a couple of things that you would need to be aware of.

I'll post back in a bit.
0
 
LVL 10

Expert Comment

by:atlas_shuddered
ID: 24170381
Zoo

Okay, I've been able to think this through a bit and have come down to this for you.

You should be able to run both WEP and WPA on your APs (there may be a limitation to this by model but overall it is doable).  However, the problem that you are going to run into is the issue of setting up your network with multiple SSIDs.  This equates to multiple VLANs which in turn means that you will be running differing broadcast domains.  Essentially, this means two differing subnets.  In order to actually get everything up and running correctly, with connectivity between the differing VLANs or for the differing VLANs connecting out to the internet, you will need a layer three device, either a layer 3 switch or a router with multiple interfaces or capable of inter-vlan routing.

This making sense?
0
 
LVL 10

Expert Comment

by:ampranti
ID: 24179912
to make ssid hidden:

conf t
dot11 ssid nintendo
no mbssid guest-mode
exit
exit

Each ssid must be in different vlan.
To see which SSID are active use the command:

"sh dot11 bsiid"
0
 

Author Comment

by:ZooyorQ
ID: 24189260
Atlas,

Yup thats what I figured, I do have a Cisco 1600 router but it may be easier to just go out and buy a linksys wap for like 50 bucks and make it a hidden ssid with wep rather then get into all this reconfiguring. :\
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question