AshridgeTechServices
asked on
Cisco Aironet 1200 Multiple visible SSID's
I'm trying to get a Cisco Aironet 1200 to show multiple visible SSID's. I have successfully created two, one of which is guest and connects users to VLAN 10 and is unauthenticated, the private one connects onto VLAN 1 and is using WEP (can be changed but needs to be secre). This works fine, but only in Vista/7 where I can connect to hidden SSID's. The XP Zero wlan config cannot see the ssid even if it's added manually. Is it possible to create two visible SSID's with this unit?
Current configuration : 2001 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 XXXXXXXXXXXXXXXXXX
!
username XXXXXXXXXXXXXXXXX
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 key 1 size 128bit 7 XXXXXXXXXXXXXXXXXXX 4 transmit-key
encryption vlan 1 mode wep mandatory
!
ssid Ashridge Private Wifi
vlan 1
authentication open
!
ssid Ashridge Public Wifi
vlan 10
authentication open
guest-mode
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 port-protected
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 172.16.33.230 255.255.224.0
no ip route-cache
!
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
bridge 1 route ip
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
ap#
Current configuration : 2001 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 XXXXXXXXXXXXXXXXXX
!
username XXXXXXXXXXXXXXXXX
ip subnet-zero
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 key 1 size 128bit 7 XXXXXXXXXXXXXXXXXXX 4 transmit-key
encryption vlan 1 mode wep mandatory
!
ssid Ashridge Private Wifi
vlan 1
authentication open
!
ssid Ashridge Public Wifi
vlan 10
authentication open
guest-mode
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 port-protected
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 172.16.33.230 255.255.224.0
no ip route-cache
!
ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip radius source-interface BVI1
bridge 1 route ip
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
ap#
ASKER
I have done all this, but I can only set one of the SSID's as a guest - even via CLI I can only set one of guest (which seems to translate into broadcasting the SSID)
Guest mode will only work on one SSID. Take a look:
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11ssid.html#wp1034609
This may help with your configuration
http://www.cisco.com/en/US/docs/wireless/access_point/12.2_11_JA/configuration/guide/s11ssid.html#wp1034609
This may help with your configuration
ASKER
That's a problem! Is there anyway to increase compatibilty with XP? It seems you cannot connect to hidden SSID's using the default XP wireless connector....
Use the wireless card software instead. Is it the Dell Wireless Utility or Intel Wireless Pro software?
ASKER
We have 100+ laptops mostly using the XP one, and a massive retraining issue to move...
Then maybe you should just broadcast all SSIDs. There are ways to get the SSID if it's not being broadcast and obviously not broadcasting it is causing problems.
ASKER
That is what my original question is asking! How can I make BOTH broadcast
Disable guest-mode and setup a separate SSID and VLAN for visitors. Leave it open and unsecure so they can connect to it.
Hello,
You cant have multiple SSIDs to broadcast from an AP.
You cant have multiple SSIDs to broadcast from an AP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to enable "Multiple BSSID" I think your wireless drivers are not showing you an SSID that is not broadcasted. I get that hit or miss a lot with Windows wireless management here.
You can absoutley set it up the way you are asking. I use Cisco WAPs and run multiple SSIDs. You can trunk the switchport your WAP is plugged into and then create your VLANs on your WAP and associate SSIDs.
I would suggest enabling "Secure Public Packet Forwarding" on your public SSID. That way you won't put your guests at risk from any random person browsing your guest VLAN and attacking their machine. "Secure Public Packet Forwarding" makes it seem like you are the only one on the network.
You can absoutley set it up the way you are asking. I use Cisco WAPs and run multiple SSIDs. You can trunk the switchport your WAP is plugged into and then create your VLANs on your WAP and associate SSIDs.
I would suggest enabling "Secure Public Packet Forwarding" on your public SSID. That way you won't put your guests at risk from any random person browsing your guest VLAN and attacking their machine. "Secure Public Packet Forwarding" makes it seem like you are the only one on the network.
http://172.16.33.230
Then you need your username and password for the WAP and then configure both SSIDs
Here are some different config examples
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_examples_list.html
I would upgrade the IOS version to the latest one for that model and use WPA or WPA2 as the encryption instead of WEP.