12-12-2013 03:17 PM - edited 07-04-2021 01:25 AM
After configuring the AP (hopefully it's correct), I have multiple devices such as phones, laptops, touchapds that detect the same SSID twice.
For example, my ssid is CISCOCONNECT
the device will detect two identical ssid however one is an open network and the other is secure with WEP.
1. CISCOCONNECT (Open)
2. CISCOCONNECT (WEP)
I associated CISCOCONNECT to a VLAN with WEP encryption. I can connect to CISCOCONNECT (WEP) fine on all devices. Not sure why there is a second CISCOCONNECT (OPEN) and how can I disable it? It shouldnt even exist.
I am new with CISCO equipment so I appologize if this was discussed in the past.
12-13-2013 09:16 AM
Hi Martin,
If you could, console into this AP & post "show run" output.
That will help us to see how we can get it fixed
HTH
Rasika
12-13-2013 09:52 AM
Hi Martin,
If that is the case, you should be able to telnet to the AP using its IP address & get that output. If you haven't set a username/password by default cisco/Cisco should work for username/password.
Give it a try & see
Rasika
12-13-2013 10:16 AM
Rasika,
I believe this is what you are looking for: Thanks for your help in advance.
login as: admin
admin@10.243.0.15's password:
CORPAP1252_1#show run
Building configuration...
Current configuration : 4773 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname CORPAP1252
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone -0800 -8
clock summer-time -0700 recurring
ip domain name Test.com
!
!
no vlan accounting output
!
dot11 ssid WIRELESS A_GUEST
vlan 4
authentication open
!
dot11 ssid WIRELESS A
vlan 8
authentication open
guest-mode
!
dot11 network-map
power inline negotiation prestandard source
!
!
username admin privilege 15 password 7 02001264C043C003259C
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 8 key 1 size 128bit 7 56JUKLP098I87YCR6567UJ3EDFR5 transmit-key
encryption vlan 8 mode wep mandatory
!
encryption vlan 8 mode ciphers aes-ccm tkip
!
ssid WIRELESS A_GUEST
!
ssid WIRELESS A
!
packet retries 128 drop-packet
station-role root
!
interface Dot11Radio0.5
encapsulation dot1Q 5
no ip route-cache
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
!
interface Dot11Radio0.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
bridge-group 7 subscriber-loop-control
bridge-group 7 block-unknown-source
no bridge-group 7 source-learning
no bridge-group 7 unicast-flooding
bridge-group 7 spanning-disabled
!
interface Dot11Radio0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 8
bridge-group 8 subscriber-loop-control
bridge-group 8 block-unknown-source
no bridge-group 8 source-learning
no bridge-group 8 unicast-flooding
bridge-group 8 spanning-disabled
!
interface Dot11Radio0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 8 key 1 size 128bit 7 56JUKLP098I87YCR6567UJ3EDFR5 transmit-key
encryption vlan 8 mode wep mandatory
!
encryption vlan 8 mode ciphers aes-ccm tkip
!
ssid WIRELESS A
!
no dfs band block
channel dfs
station-role root
!
interface Dot11Radio1.5
encapsulation dot1Q 5
no ip route-cache
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
!
interface Dot11Radio1.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
bridge-group 7 subscriber-loop-control
bridge-group 7 block-unknown-source
no bridge-group 7 source-learning
no bridge-group 7 unicast-flooding
bridge-group 7 spanning-disabled
!
interface Dot11Radio1.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 8
bridge-group 8 subscriber-loop-control
bridge-group 8 block-unknown-source
no bridge-group 8 source-learning
no bridge-group 8 unicast-flooding
bridge-group 8 spanning-disabled
!
interface Dot11Radio1.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
ip address dhcp
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.5
encapsulation dot1Q 5
no ip route-cache
bridge-group 5
no bridge-group 5 source-learning
bridge-group 5 spanning-disabled
!
interface GigabitEthernet0.7
encapsulation dot1Q 7
no ip route-cache
bridge-group 7
no bridge-group 7 source-learning
bridge-group 7 spanning-disabled
!
interface GigabitEthernet0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 8
no bridge-group 8 source-learning
bridge-group 8 spanning-disabled
!
interface GigabitEthernet0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.243.0.15 255.255.252.0
no ip route-cache
!
ip default-gateway 10.243.0.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging history warnings
logging trap warnings
logging 10.243.0.10
snmp-server community lmfk12 RO
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
password 7 23WDD4765GHY8945HYJCD
!
sntp server 10.243.0.5
sntp broadcast client
end
12-13-2013 10:34 AM
Hi Martin,
Thanks for this, Yes that is what I have requested.
As you can see in the configuration your are advertising two SSIDs are "WIRELESS A_GUEST" & "WIRELESS A". In your mobile devices Full SSID name is not vissbile & you may think it is same SSID advertising twice. It is not the case
dot11 ssid WIRELESS A_GUEST
vlan 4
authentication open
!
dot11 ssid WIRELESS A
vlan 8
authentication open
guest-mode
!
If you do not want the WIRELESS A_GUEST SSID which is the Open Authentication, you can simply remove it form current configuration as below.
conf t
no dot11 ssid WIRELESS A_GUEST
int d0
no ssid WIRELESS A_GUEST
end
wr mem
HTH
Rasika
**** Pls rate all useful responses ****
12-13-2013 10:53 AM
Thanks for the quick reply.
I changed the SSID of WIRELESS A_GUEST to WIRELESS B_GUEST yet I still see the WIRELESS A twice on the phone. One as being open and the other WEP.
I beleive the GUEST SSID is already hidden since I'm unable to see it on the phone.
12-13-2013 11:13 AM
Yes, you are correct, I missed that point (Guest is not broadcasting its SSID). Anyway remove it if you are not using it.
Then I would suggest to try this.
dot11 ssid WIRELESS A
vlan 8
authentication open
no guest-mode
mbssid guest-mode
!
interface Dot11Radio0
mbssid
no encryption vlan 8 mode ciphers aes-ccm tkip
!
interface Dot11Radio1
mbssid
no encryption vlan 8 mode ciphers aes-ccm tkip
Here is a reference post for WEP configuration in Autonomous
http://mrncciew.com/2013/03/02/autonomous-ap-with-wep-security/
On a side note I should let you know WEP is very weak security mechanism & no body should use it. It is better if you could configure WPA2/AES with a PSK if all your client devices support it.
HTH
Rasika
**** Pls rate all useful responses ****
12-13-2013 11:18 AM
Hi Rasika,
What exactly is this changing? Again im very new to this
12-13-2013 11:23 AM
In the current configuration under radio interfaces you have configured different encryptions (WEP, AES, TKIP) since you are using only WEP, the given command will remove the otherone.
Also under SSID, it would allow you to create another SSID (for testing) with broadcast capability
HTH
Rasika
12-13-2013 12:29 PM
The problem is still there.
12-13-2013 12:57 PM
If you check this from a Laptop, do you see the SSID twice ?
Pls attach the current "show run" configuration to see the current status.
Are you ok to change this to WPA2/AES & check ?
Rasika
12-13-2013 01:20 PM
Ironically it does not happen on Windows laptop, just MACs and some phones.
12-13-2013 01:34 PM
Ok, those devices may not like WEP
Let's create a new SSID for WPA2/AES & see if that works, while keeping the existing one as it is. Will use vlan 7 (subinterfaces already there in your AP), assuming you have gateway created for this vlan on your switch where this AP connected.
Create a SSID called "TEST" as shown below & see what is the behaviour of that new SSID. Hopefully you will see this on all devices & you should be albe to connect with "Cisco123" password.
interface Dot11Radio0
vlan 7 encryption mode ciphers aes-ccm
ssid TEST
!
interface Dot11Radio1
vlan 7 encryption mode ciphers aes-ccm
ssid TEST
!
dot11 ssid TEST
vlan 7
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii Cisco123
Give it a try & let me know
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide