Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

2 SSID on same vlan for autonomous APs

Hi,

I've to configure 2 SSID that would be long to the same vlan on autonomous AP. is it possible to configure it? how to configure it?

Thanks in advance.

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello Gavin,I would like to

Hello Gavin,

I would like to inform you that You can configure up to 16 SSIDs on your Cisco Aironet 1200 Series Access Point and assign different configuration settings to each SSID. All the SSIDs are active at the same time; that is, client devices can associate to the access point using any of the SSIDs.

For further information, Please check the below link :

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/116118-configure-ap-ssid-ios.html

Please let me know If I have answered the query.

13 REPLIES

2 SSID on same vlan for autonomous APs

yes and no.  If you call the VLAN under the dot11 ssid config you can't do it without playing games on the LAN to bridge the VLAN together

Or just don't call the VLAN, and leave everything pointed to the default radios/bridge-groups there.

HTH,
Steve

-----------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: 2 SSID on same vlan for autonomous APs

On autonomous access points you can configure multiple SSIDs on your access point if you don’t have multiple VLANs configured already. If your access point supports several radios (802.11a and 802.11b/g) then you can configure an SSID linked to one radio, and then another SSID linked to the other radio.

Anyways having two SSIDs configured to have access to the same network (VLAN) using two different Keys would not make sense because it would be like having a door with a lock that can be opened with two different keys, I mean, the clients that have access to the network on any SSID will have access to the same VLAN and the same resources.

But to answer your question, yes, the access point let you configure this, you only have to be aware that you will have the same encryption for both SSIDs, you can use different keys but since the encryption is set per radio and you are not using different VLAN you cannot select multiple encryption methods (like TKIP for WPA on one SSID and AES for WPA2 or WEP for the other SSID). To configure this just go to the Security tab > SSID Manager and add the SSIDs that you want; if you want encryption for WPA or WPA2 make sure you configure that first on the Encryption manager page.

Now, if you have already configured multiple VLANs on your access point and you want to assign two SSIDs to the same VLAN, this cannot be done and it is not even supported; the access point will actually throw you a message letting you know that the SSID is already linked to that VLAN.

I hope this information answers your question.

Best regards,

Marco

Bronze

Re: 2 SSID on same vlan for autonomous APs

Hi Gavin,

When we state that we will work with several SSIDs it is becasue you will link each SSID to an specifc VLAN, each VLAN to an specific subnet or broadcast domain and on each SSID you will use a diufferent security method.

Now since you will be working with different SSIDs each linked to the same subnet it would not make sense becasue at the end both SSIDs are on the same subnet or broadcast domain which is the same as having one SSID.

The access point allows you to configure several SSIDs with out using VLANs but you will need to use the same security method on both, and this could be configured via the CLI but not the GUI since the GUI will give you an error saying that you need to work with VLANs and link each SSID to an specifc VLAN.

Check on the follwoing link to understand VLANS on access points.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

New Member

hi there,  if you really need

hi there, 

 

if you really need, its possible. you can just create dammy vlan and associate one SSID to it.

then change the bridge-group to the same as vlan you want to put. please note that GUI will not allow you to do this. 

New Member

Thanks, it works!

Thanks, it works!

New Member

Hi Yuji,

Hi Yuji,

Just wondering if you have implemented it in your network or in a lab environment. Only one question is that how would the AP handle packets with different VLAN headers in the same bridge group.

Let's say, you have a vlan 10 associated with ssid-10 via sub-interface dot11radio0.10 and this sub-interface is member of bridge group 10. The Ethernet interface0.10 is also member of bridge group 10.

so, now you create a dummy vlan 20 and associate it to ssid-20 via sub-interface dot11radio0.20 and make this sub-interface .20 be member of bridge-group 10.

So, in the bridge-group 10, it would be seen that packets with two different VLAN headers (vlan ID 10 and 20) exist while the Ethernet sub-interface has vlan tag of 10.  How would the bridge handle the situation.. just wondering if you have any example configuration.

Thank you

Kind Regards

--------------------------Feb/15/2016-------------------------------

I have implemented multiple SSIDs on autonomous APs, which maps to the same VLAN via creating a dummy vlan on radio interfaces and group them into the same bridge-group. it worked well. As long as the AP supports MBSSID, you should be able to create multiple SSIDs associated with the same VLAN on the LAN sides.

Just wanted to share it with others. 

New Member

Do you have a configuration

Do you have a configuration example? I've been trying to configure this on a Aironet 2602 and get an error when trying to put the second sub-interface in the same bridge-group.

New Member

Interface Dot11Radio0.30

Interface Dot11Radio0.30

 encapsulation dot1Q 30

 bridge-group 61          ( use the same bridge group of your existing radio interface)

Interface Dot11Radio0

mbssid

encryption vlan 30 mode ciphers aes-ccm

ssid my_ssid_to use

Hope this help.

Cisco Employee

Hello Gavin,I would like to

Hello Gavin,

I would like to inform you that You can configure up to 16 SSIDs on your Cisco Aironet 1200 Series Access Point and assign different configuration settings to each SSID. All the SSIDs are active at the same time; that is, client devices can associate to the access point using any of the SSIDs.

For further information, Please check the below link :

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/116118-configure-ap-ssid-ios.html

Please let me know If I have answered the query.

Hello Gavin,Yes it’s possible

Hello Gavin,

Yes it’s possible.

Please go through the below link for configuration steps for Ssids.

Here you go : http://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/116118-configure-ap-ssid-ios.html

Hello Gavin,Yes it’s possible

Hello Gavin,

Yes it’s possible.

Please go through the below link for configuration steps for Ssids.

Here you go : http://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/116118-configure-ap-ssid-ios.html

Hello Gavin,Yes it’s possible

Hello Gavin,

Yes it’s possible.

Please go through the below link for configuration steps for Ssids.

Here you go : http://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/116118-configure-ap-ssid-ios.html

New Member

It is most certainly possible

It is most certainly possible depending on the equipment being used. 
I have had this similar setup in a home office environment before it became an issue and we upgraded to the WLC. We used a router running DD-WRT and grouped the VLANS to bridge0. Then had a guest VLAN bridge and onward. The router failed and we upgraded to better Cisco equipment. This time adding a WLC into the game. 

Very few switches and routers support this as it is almost impossible to do it on the Autonomous AP.

I was able to accomplish this very easy using the WLC where we have 2 SSID's on the management VLAN and 2 on the Guest.

SSID1 is WPA2 Enterprise for Laptops (5GHz Only)
SSID2 is WPA2 Personal for client devices and Misc. (5GHz Only)

SSID's 3 and 4 are Guest internet for 2GHz and 5GHz wireless guest access.  

Again too it varies depending on the needs in the environment. 

9314
Views
20
Helpful
13
Replies
CreatePlease to create content