Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple SSID's Cisco 1941w with different vlans

Hi guys, 

 

I've got the below config and need to create a guest SSID which only needs access to the Internet and no access to other subnets (LAN or other SSID).

What would be the best way to implement the additional SSID? I don't want to fiddle too much with the initial router config...

 

ROUTER CONFIG:

aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization console
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
clock timezone WAST 8 0
service-module wlan-ap 0 bootimage autonomous
!
ipv6 spd queue min-threshold 62
ipv6 spd queue max-threshold 63
no ipv6 cef
no ip source-route
!
!
!
!
!
ip flow-cache entries 10240
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
crypto pki certificate chain TP-self-signed-3892799103
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO1941W-N/K9 ************************
hw-module ism 0
!
!
redundancy
!
!
!
!
!
ip ssh version 2
!
class-map match-any shape-20Mb
 match any 
!
!
policy-map shape-20Mb-policy
 class shape-20Mb
  shape average 20000000
!

!
crypto isakmp policy 9
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ****************  
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set trans2 esp-3des esp-md5-hmac 
!
 set security-association lifetime seconds 3600
!
!
crypto map ********* 10 ipsec-isakmp 
 set peer *************
 set transform-set trans2 
 match address ****
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 no ip address
 ip flow ingress
 ip tcp adjust-mss 1452
 duplex full
 speed 1000
 bridge-group 1
 service-policy output shape-20Mb-policy
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip address 192.168.2.1 255.255.255.0
 arp timeout 0
 no mop enabled
 no mop sysid
!
interface GigabitEthernet0/1
 description === WAN ===
 bandwidth 20000
 no ip address
 ip flow ingress
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 service-policy output shape-20Mb-policy
!
interface Wlan-GigabitEthernet0/0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 dsl enable-training-log 
 hold-queue 224 in
!
interface Vlan1
 no ip address
 ip tcp adjust-mss 1432
 bridge-group 1
!
interface Dialer0
 bandwidth 20000
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 ip load-sharing per-packet
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 ppp authentication pap chap callin
 ppp chap hostname **********************
 ppp chap password **********************
 ppp pap sent-username ********************
 crypto map ***************
 crypto ipsec df-bit clear
!
interface Dialer2
 no ip address
!
interface BVI1
 description LAN - FW INSIDE
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1412
!
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 Dialer0

!
bridge 1 protocol ieee
bridge 1 route ip
!

 

 

 

ROUTER AP:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid ********
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii ***************************
!
!
!
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm tkip 
 !
 ssid *********
 !
 antenna gain 0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 antenna gain 0
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 description  the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 no ip address
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.2.1 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server

bridge 1 route ip

 

THANKS IN ADVANCE

3 REPLIES
New Member

Review the link :https:/

Review the link :

https://supportforums.cisco.com/discussion/12331466/multiple-ssids-cisco-1941w-different-vlans

 

Cisco Employee
Bronze

Please refer to the following

Please refer to the following link: https://supportforums.cisco.com/discussion/12361736/cisco-1941w-2-different-subnets-different-frequency-bands

Hope that helps.

222
Views
0
Helpful
3
Replies
CreatePlease login to create content