05-11-2009 07:12 PM - edited 07-03-2021 05:34 PM
Hello, the 861-W specification say it can support 10 SSIDs, but only 2 VLANs. Can someone please explain how this is possible. I tried to assign the same VLAN to two different SSIDs, but received an error message saying this was not possible.
Here's my test config
Current configuration : 3264 bytes
!
! Last configuration change at 20:59:00 EDT Mon May 11 2009
! NVRAM config last updated at 21:01:52 EDT Mon May 11 2009
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 <hash>
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
!
!
dot11 mbssid
!
dot11 ssid <1>
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 <hash>
!
dot11 ssid <3>
vlan 3
authentication open
mbssid guest-mode
!
dot11 ssid <2>
vlan 2
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 <hash>
!
!
!
username Thomas privilege 15 secret 5 <hash>
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
ssid <1>
!
ssid <3>
!
ssid <2>
!
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m8. m9. m10. m11. m12. m13. m14. m15.
channel width 40-above
station-role root access-point
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 3 protocol ieee
!
!
!
line con 0
no activation-character
line vty 0 4
exec-timeout 120 0
login local
!
sntp server 64.90.182.55
end
05-12-2009 08:56 AM
Anybody?
05-13-2009 06:08 AM
I'm pretty sure you don't need the bridge protocol ieee used at the end of your config. Also, can you post your router config? This looks properly configured, but there may be an issue on your router.
Make sure your Gigabit interface to the AP is configured for trunking.
05-13-2009 06:45 AM
The official word from Cisco Tech Support is as follows:
"After looking further into this issue, I’ve been able to determine that the documentation is unclear. You can have a maximum of 2 vlans, and 10 SSIDs. If you do not map the SSIDs to VLANs, the ISR can hold a total of 10 SSIDs, with only one broadcasted. If you map them to VLANs, however, you will be unable to have more than 2 SSIDs enabled on your router. So the functionality to create more than 2 working WLANs on your AP is not there on the 861W. "
I think that you're right about the "bridge protocol ieee" command. However, I think that it's the defualt bridge protocol. If I try to execute "no bridge protocol ieee", the sub-interface is deleted.
In any case, here's the router config I had been using:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pa-router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
!
!
no ip source-route
no ip dhcp conflict logging
!
ip dhcp pool 0
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 209.198.87.24
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 209.198.87.24
domain-name voicesforvtkids.org
!
ip dhcp pool 2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 209.198.87.24
!
!
ip cef
ip domain name publicassets.org
ip name-server 209.198.87.24
!
!
!
!
username Thomas privilege 15 secret 5
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
switchport access vlan 2
no cdp enable
!
interface FastEthernet4
ip address 207.136.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0 secondary
ip address 207.136.xxx.xxx 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan3
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 207.136.xxx.xxx permanent
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface FastEthernet4 overload
!
ip access-list standard NAT
permit 192.168.0.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
!
no cdp run
!
05-13-2009 10:26 AM
That's crazy - I've never heard that before. Only 2 SSIDs? Have you tried just running 2 SSIDs? Does that work?
I don't see anything wrong with your config. What exactly happens with what you have configured? Do you see any of the SSIDs you have configured?
05-13-2009 10:53 AM
Yeah, and that fact that it has only two Vlans is not terribly well documented either.
I do see the three SSIDs; they are being broadcast and I can associate to all three. However, only two of them will pass data. Clients on the third one cannot connect to the DHCP server. The other two work fine.
05-14-2009 04:42 AM
Well, I guess the issue can't be fixed then, if Cisco is saying that 2 SSIDs is your max.
So weird... I've still never heard of that before.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: