Solved

Cisco Wireless Two SSID's

Posted on 2009-04-13
8
2,190 Views
Last Modified: 2013-12-27
I've got a cisco aironet and I'm trying to have two SSID's one with WPA security the other with wep (for our kids nintendo ds's).  Or if I must no security at all on the second SSID (nintendo) if it can't be done, but in that case i'd prefer the SSID was hidden.  Our neighborhood is very sparse so our neighbors would have to drive to the house and park outside to pick up the signal, so security isn't the hugest concern.

As it stands right now i can see/connect fine to the SSID 845 but cannot see or connect to the nintendo SSID.

Any ideas?
Kitchen_AP#show run
 

Building configuration...
 

Current configuration : 1634 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Kitchen_AP

!

ip subnet-zero

!

!

no aaa new-model

!

dot11 ssid 845

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 <OMITTED>

!

dot11 ssid nintendo

   authentication open

   mbssid guest-mode

!

!

bridge irb

!

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip

 !

 broadcast-key change 900

 !

 !

 ssid 845

 !

 ssid nintendo

 !

 mbssid

 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

 channel 2462

 station-role root

 antenna gain 128

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

 bridge-group 1

 no bridge-group 1 source-learning

 bridge-group 1 spanning-disabled

 hold-queue 160 in

!

interface BVI1

 ip address 172.16.1.3 255.255.255.0

 no ip route-cache

!

ip default-gateway 172.16.1.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

 login local

!

end
 

Kitchen_AP#

Open in new window

0
Comment
Question by:ZooyorQ
8 Comments
 
LVL 8

Expert Comment

by:engeltje
ID: 24147694
As I know of, most of the aeronet models haven't support for multiple SSID.
Your cisco sees the first, skips the second.

Further: Why would you do this? The security of your network is as strong as the weakest point.
In your case I would secure the network WEP only. In a sparse environment like yours, who will do the effort of cracking your wep key?
There is nothing to win, there are many unsecured networks, in all neighborhoods.
Things would be different when you lived in an appartment where some resident can capture the network for his own internet connectivity.
Not so here. So, a single wep must be sufficient.




0
 

Author Comment

by:ZooyorQ
ID: 24150113
The only reason being is we have 5 wireless access points in the house and currently all the computers (macs) are setup with the SSID using WPA.   Some are apple express's, some are linksys, some are cisco, etc.  Theres only one part in the house where a nintendo ds needs to connect using WEP.  My thought was create the secondary SSID using WEP on the Aironet thats near the area and use WEP to secure it.

I could switch all the AP's over to WEP but I hate handing out WEP passwords to guests etc.. its a pain :\
0
 
LVL 10

Expert Comment

by:atlas_shuddered
ID: 24153949
You can set up multiple SSIDs.  I'm posting a document that will at least get you started and give you more information than is realistic to try and post here.  Take a look and if you run into a hitch, post back I we can go from there.

http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15ssid.html

Cheers
0
 

Author Comment

by:ZooyorQ
ID: 24162522
Ok, just to be clear it looks like each SSID needs its own VLAN?  I can't have them on the same VLAN?

My ultimate problem is i'd like to support older devices (even if the SSID isn't broadcast) that require WEP.  While the primary way with a broadcast SSID using WPA.  Its also acceptable if necessary for me to have the unbroadcast SSID have no security at all.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 10

Accepted Solution

by:
atlas_shuddered earned 500 total points
ID: 24162727
Your understanding is correct.  Each SSID has to be on a seperate VLAN.  When you get down to brass tacks, an SSID is a VLAN (a seperate logical segment of the network).  The Cisco IOS is will force you to pair only one SSID to each VLAN and vice versa.

The issue of the WEP I will have to think about for a bit.  I'm pretty sure that you won't be able to set up both WPA and WEP on the same device, however, you may be able to set up one SSID with and one without, however, there are a couple of things that you would need to be aware of.

I'll post back in a bit.
0
 
LVL 10

Expert Comment

by:atlas_shuddered
ID: 24170381
Zoo

Okay, I've been able to think this through a bit and have come down to this for you.

You should be able to run both WEP and WPA on your APs (there may be a limitation to this by model but overall it is doable).  However, the problem that you are going to run into is the issue of setting up your network with multiple SSIDs.  This equates to multiple VLANs which in turn means that you will be running differing broadcast domains.  Essentially, this means two differing subnets.  In order to actually get everything up and running correctly, with connectivity between the differing VLANs or for the differing VLANs connecting out to the internet, you will need a layer three device, either a layer 3 switch or a router with multiple interfaces or capable of inter-vlan routing.

This making sense?
0
 
LVL 10

Expert Comment

by:ampranti
ID: 24179912
to make ssid hidden:

conf t
dot11 ssid nintendo
no mbssid guest-mode
exit
exit

Each ssid must be in different vlan.
To see which SSID are active use the command:

"sh dot11 bsiid"
0
 

Author Comment

by:ZooyorQ
ID: 24189260
Atlas,

Yup thats what I figured, I do have a Cisco 1600 router but it may be easier to just go out and buy a linksys wap for like 50 bucks and make it a hidden ssid with wep rather then get into all this reconfiguring. :\
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now