Cisco Aironet 1042 guest access

T2E
T2E used Ask the Experts™
on
I just purchased a Cisco Aironet 1042 (dual radio). I can get the SSIDs to broadcast only when I check  "Set SSID as Guest Mode", but only the Native VLAN get's an IP.

Any thoughts would be appreciated.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$.eEl$7JgsoJaG5XG8IfrPQIYlF0
!
no aaa new-model
ip domain name BCC
!
!
dot11 syslog
!
dot11 ssid BCC
   vlan 1
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   infrastructure-ssid optional
   wpa-psk ascii 7 120B3D45411248456B
   information-element ssidl
!
dot11 ssid BCC-guest
   vlan 4
   authentication open
   authentication key-management wpa
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 083745401D18021253
!
!
!
username Cisco password 7 106D000A0618
!
!
ip ssh version 1
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 4 mode ciphers tkip
 !
 encryption vlan 5 mode ciphers tkip
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid BCC
 !
 ssid BCC-guest
 !
 antenna gain 0
 station-role root
 beacon privacy guest-mode
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio0.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 4 mode ciphers tkip
 !
 encryption vlan 5 mode ciphers tkip
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid BCC
 !
 antenna gain 0
 dfs band 3 block
 mbssid
 channel dfs
 station-role root
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio1.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 no bridge-group 4 source-learning
 bridge-group 4 spanning-disabled
!
interface GigabitEthernet0.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 no bridge-group 5 source-learning
 bridge-group 5 spanning-disabled
!
interface BVI1
 ip address dhcp client-id GigabitEthernet0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
!
!
!
line con 0
 access-class 111 in
line vty 0 4
 access-class 111 in
 login local
!
end
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Network Consultant
Commented:
That is normal operation.  The guest-mode command on the autonomous APs are what tells the AP to broadcast the SSID.  By default you can only have one broadcast SSID.  If you want to broadcast both SSID that you have then you will need to configure MBSSID on the radio interface and then under both SSIDs you would need to configure MBSSID guest-mode.

As far as the IP address goes - the AP only needs 1 IP address for management.  That IP address is configured on the BVI interface.  The BVI interface will be on whichever vlan has the command bridge-group 1.  Bridge group 1 ties the radio and ethernet interface that are on bridge group1 to the BVI interface which is BVI1.  So the AP would reside on the vlan that is associated with bridge group 1.  That is all it needs an ip address for.
T2E

Author

Commented:
Thanks,

That makes a lot of sense.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial