Cisco Wireless Two SSID's

I've got a cisco aironet and I'm trying to have two SSID's one with WPA security the other with wep (for our kids nintendo ds's).  Or if I must no security at all on the second SSID (nintendo) if it can't be done, but in that case i'd prefer the SSID was hidden.  Our neighborhood is very sparse so our neighbors would have to drive to the house and park outside to pick up the signal, so security isn't the hugest concern.

As it stands right now i can see/connect fine to the SSID 845 but cannot see or connect to the nintendo SSID.

Any ideas?
Kitchen_AP#show run
 
Building configuration...
 
Current configuration : 1634 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Kitchen_AP
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid 845
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 <OMITTED>
!
dot11 ssid nintendo
   authentication open
   mbssid guest-mode
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 broadcast-key change 900
 !
 !
 ssid 845
 !
 ssid nintendo
 !
 mbssid
 speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2462
 station-role root
 antenna gain 128
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 hold-queue 160 in
!
interface BVI1
 ip address 172.16.1.3 255.255.255.0
 no ip route-cache
!
ip default-gateway 172.16.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end
 
Kitchen_AP#

Open in new window

ZooyorQAsked:
Who is Participating?
 
atlas_shudderedConnect With a Mentor Sr. Network EngineerCommented:
Your understanding is correct.  Each SSID has to be on a seperate VLAN.  When you get down to brass tacks, an SSID is a VLAN (a seperate logical segment of the network).  The Cisco IOS is will force you to pair only one SSID to each VLAN and vice versa.

The issue of the WEP I will have to think about for a bit.  I'm pretty sure that you won't be able to set up both WPA and WEP on the same device, however, you may be able to set up one SSID with and one without, however, there are a couple of things that you would need to be aware of.

I'll post back in a bit.
0
 
engeltjeCommented:
As I know of, most of the aeronet models haven't support for multiple SSID.
Your cisco sees the first, skips the second.

Further: Why would you do this? The security of your network is as strong as the weakest point.
In your case I would secure the network WEP only. In a sparse environment like yours, who will do the effort of cracking your wep key?
There is nothing to win, there are many unsecured networks, in all neighborhoods.
Things would be different when you lived in an appartment where some resident can capture the network for his own internet connectivity.
Not so here. So, a single wep must be sufficient.




0
 
ZooyorQAuthor Commented:
The only reason being is we have 5 wireless access points in the house and currently all the computers (macs) are setup with the SSID using WPA.   Some are apple express's, some are linksys, some are cisco, etc.  Theres only one part in the house where a nintendo ds needs to connect using WEP.  My thought was create the secondary SSID using WEP on the Aironet thats near the area and use WEP to secure it.

I could switch all the AP's over to WEP but I hate handing out WEP passwords to guests etc.. its a pain :\
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
atlas_shudderedSr. Network EngineerCommented:
You can set up multiple SSIDs.  I'm posting a document that will at least get you started and give you more information than is realistic to try and post here.  Take a look and if you run into a hitch, post back I we can go from there.

http://www.cisco.com/en/US/docs/wireless/access_point/12.2_15_JA/configuration/guide/s15ssid.html

Cheers
0
 
ZooyorQAuthor Commented:
Ok, just to be clear it looks like each SSID needs its own VLAN?  I can't have them on the same VLAN?

My ultimate problem is i'd like to support older devices (even if the SSID isn't broadcast) that require WEP.  While the primary way with a broadcast SSID using WPA.  Its also acceptable if necessary for me to have the unbroadcast SSID have no security at all.
0
 
atlas_shudderedSr. Network EngineerCommented:
Zoo

Okay, I've been able to think this through a bit and have come down to this for you.

You should be able to run both WEP and WPA on your APs (there may be a limitation to this by model but overall it is doable).  However, the problem that you are going to run into is the issue of setting up your network with multiple SSIDs.  This equates to multiple VLANs which in turn means that you will be running differing broadcast domains.  Essentially, this means two differing subnets.  In order to actually get everything up and running correctly, with connectivity between the differing VLANs or for the differing VLANs connecting out to the internet, you will need a layer three device, either a layer 3 switch or a router with multiple interfaces or capable of inter-vlan routing.

This making sense?
0
 
amprantiCommented:
to make ssid hidden:

conf t
dot11 ssid nintendo
no mbssid guest-mode
exit
exit

Each ssid must be in different vlan.
To see which SSID are active use the command:

"sh dot11 bsiid"
0
 
ZooyorQAuthor Commented:
Atlas,

Yup thats what I figured, I do have a Cisco 1600 router but it may be easier to just go out and buy a linksys wap for like 50 bucks and make it a hidden ssid with wep rather then get into all this reconfiguring. :\
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.