We help IT Professionals succeed at work.

Cisco Aironet 1140 two SSIDs

r3helpdesk
r3helpdesk used Ask the Experts™
on
Hello guys!

I have a Cisco Aironet 1140 with two SSIDs: the first one is SSID-private and the second one is SSID-public. Two VLANs (with 40bit WEP Encryption Mode): VLAN1 assigned to SSID-private and VLAN2 assigned to SSID-public, Multiple BSSID Beacon is enabled and at Infrastructure SSID Settings I enabled Multiple BSSID and at Set Infrastructure SSID field I chose SSID-private.

Both SSIDs are visible and I am able to connect to both of them using the correct wep key. Using the SSID-private I am able to see the wired network and use any available service but using the SSID-public, I can not access anything, event the DHCP does not work.

Any idea?

Thank thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Robert Sutton JrSenior Network Manager

Commented:
Exerpt from:
http://www.cisco.com/web/techdoc/wireless/access_points/online_help/eag/123-04.JA/1100/h_ap_howto_8.html

Line item 10:
In the Guest Mode/Infrastructure SSID Settings section, select Multiple BSSID.
Note: If multiple BSSID is enabled, reconfigure the client with a new access point MAC address and map the MAC address to all new SSIDs that are added.

Author

Commented:
Hi,
Ok, multiple BSSID is already enabled but I don't get it... what do you mean "reconfigure the client with a new access point MAC address"
Senior Network Manager
Commented:
Can you show us a sanitzed copy of your current running config? Basically, your Vlan2 "SSID-Public" is not properly mapped to your internal network. Therefore, you cannot obtain DHCP addresses nor view any internal resources.

Author

Commented:
Ok, here it is


Using 2705 out of 32768 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LabTestAP
!
enable secret 5 $1$3tFU$yoMliAiqI0qTpsA7/GhL8.
!
no aaa new-model
!
!
dot11 syslog
dot11 vlan-name VLAN-Private vlan 1
dot11 vlan-name VLAN-Public vlan 2
!
dot11 ssid SSID-Private
   vlan 1
   authentication open
   mbssid guest-mode
   infrastructure-ssid optional
!
dot11 ssid SSID-Public
   vlan 2
   authentication open
   guest-mode
   mbssid guest-mode
!
dot11 network-map
!
!
username Cisco password 7 047802150C2E
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 40bit 7 8EB318F89ADF transmit-key
 encryption mode wep mandatory
 !
 encryption vlan 1 key 1 size 40bit 7 04D7B24FBD92 transmit-key
 encryption vlan 1 mode wep mandatory
 !
 encryption vlan 2 key 1 size 40bit 7 C0F5EBCC3BB1 transmit-key
 encryption vlan 2 mode wep mandatory
 !
 ssid SSID-Private
 !
 ssid SSID-Public
 !
 antenna gain 0
 mbssid
 channel 2437
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 bridge-group 2 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 !
 encryption key 1 size 40bit 7 60F5EBCC3BB1 transmit-key
 encryption mode wep mandatory
 antenna gain 0
 no dfs band block
 mbssid
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 no bridge-group 2 source-learning
 bridge-group 2 spanning-disabled
!
interface BVI1
 ip address 192.168.0.201 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end

Open in new window

Author

Commented:
Any idea guys?
Thank you!

Commented:
bump...any updates to this as I am in the same boat