Running a private and public wireless network off the same WAP?

I was curious if it was possible to run both a private and a public wireless network off of the same wireless access point without using VLANs? I know it may be considered bad form to not seperate the two networks across two WAPs but a client is specifically asking if this is a possible setup and other than security I can't see any reason why it wouldn't be. Any ideas?
LVL 1
TotecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mmartinez74Commented:
Yes!   Take a look at http://store.apple.com/us/product/MC340LL/A/AirPort-Extreme?mco=MTY3ODQ5OTY

Apple's Airport Extreme base station will do exactly what you want.
0
TotecAuthor Commented:
Sorry, didn't clarify...but we are a Cisco shop and running two Aironet 1140's to cover the building. The less elegant solution would be to just split the public and private across their respective WAPs but the client is very specific about wanting to share the WAPs between a public and private setup if possible.

Thanks.
0
sjimenez_73Commented:
Cisco 1100 Series access point can setup multiple ssids with different security without
having to setup a vlan
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

mmartinez74Commented:
You are going to need something like this:  http://www.ict-partner.net/en/US/prod/collateral/wireless/ps5678/ps6973/ps8382/prod_brochure0900aecd806b8a72.html   to work with your existing infrastructure.
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Yes it is very possible to do. I will post a config for you.

You need to have vlans or it's a waste of time because your traffic will all be on the same network. Now if you have a spare interface on your firewall, you could use that to separate the guest internet traffic from your private corp traffic.

Do you have radius auth available in your environement or do you want straight wpa-psk?
0
TotecAuthor Commented:
Yeah, I'd love to see a config. Right now I"m splitting the public and private SSIDs between the two internal antennae in the 1140 and hitting a wall with trying to separate the private and public traffic.

If it's just a limitation and VLANs need to be used I"m sure I can chill the client down on them, for some reason they are skeeved out by them.

Using straight WPA-PSK.

Thanks!
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
You NEED a way to separate the traffic.

I would recommend that RADIUS be used for the Private wireless' authentication.  if you don't want to use it, rip out the sections of this config that have RADIUS and just use the wpa-psk config from the public SSID.

After you have done testing, make sure to do

interface gig0
no ip address
no ip route-cache
duplex auto
speed auto
interface gig0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled

hostname EnterHostName
interface BVI1
ip address x.x.x.x x.x.x.x
ip default-gateway x.x.x.x

interface gig 0.300
encapsulation dot1Q 300
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled

aaa new-model
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key EnterPasswordHere
aaa group server radius rad_eap
server x.x.x.x auth-port 1812 acct-port 1813

aaa cache profile admin_cache
all
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication enable default group tacacs+ enable
aaa accounting network acct_methods start-stop group rad_acct

dot11 ssid PrivateSSID
vlan 1
authentication open eap eap_methods
authentication key-management wpa
mbssid guest-mode
infrastructure-ssid optional

dot11 ssid PublicSSID
vlan 300
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii

interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers tkip
encryption vlan 300 mode ciphers tkip
station-role root
interface Dot11Radio0.300
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.300
encapsulation dot1Q 300
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio0
mbssid
ssid PrivatSSID
ssid PublicSSID

no shut
copy run testConfig
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TotecAuthor Commented:
You sir, are a gentleman and a scholar. Thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.