Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

noob question

I have an 1142 AP that I am running multiple SSIDs on.  SSIDs TEST1 and TEST2 are running on the 2.4Ghz channel.  TEST1 is using WEP and TEST2 is using WPA2.  Neither are broadcasting their SSID.  TEST1 is also running on the 5.0Ghz channel.

When I create networks on my laptop, I set up the appropriate wireless networks for TEST1 and TEST2.  I am able to connect to both using the proper SSID / Key / Authentication method.  However, I see an "OTHER NETWORK" listed as an available network which is also WEP secured.  This is the 5.0Ghz channel broadcasting the same SSID.

First, does this make any sense?  Second, what am I doing wrong?


version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption

hostname XXXCCCCCXD

aaa new-model

aaa group server radius rad_eap

aaa group server radius rad_mac

aaa group server radius rad_acct

aaa group server radius rad_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache

aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache

aaa group server radius rad_pmip

aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
all

aaa session-id common
clock timezone CDT -6
clock summer-time CDT recurring

no dot11 syslog
dot11 vlan-name TEST1 vlan 18
dot11 vlan-name TEST2 vlan 181

dot11 ssid TEST2
   vlan 181
   authentication open
   authentication key-management wpa version 2
   mbssid dtim-period 1
   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXXXXXXXXX

dot11 ssid TEST1
   vlan 18
   authentication open

dot11 network-map

username netops privilege 15 password 7 XXXXXXXXXXXXXXXXXXXX

bridge irb

interface Dot11Radio0
no ip address
no ip route-cache

encryption vlan 181 mode ciphers aes-ccm

encryption vlan 18 key 2 size 128bit 7 XXXXXXXXXXXXXXXXXXXXXXXXX transmit-key
encryption vlan 18 mode wep mandatory

ssid TEST2

ssid TEST1

antenna gain 0
mbssid
speed  basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 14
power client 14
channel 2437
station-role root
beacon dtim-period 1

interface Dot11Radio0.18
encapsulation dot1Q 18 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

interface Dot11Radio0.181
encapsulation dot1Q 181
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled

interface Dot11Radio1
no ip address
no ip route-cache

encryption vlan 18 key 2 size 128bit 7 XXXXXXXXXXXXXXXXXXXXXXXXX transmit-key
encryption vlan 18 mode wep mandatory

ssid TEST1

antenna gain 0
dfs band 3 block
speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 (and all M channels)
channel dfs
station-role root

interface Dot11Radio1.18
encapsulation dot1Q 18 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
hold-queue 160 in

interface GigabitEthernet0.18
encapsulation dot1Q 18 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled

interface GigabitEthernet0.181
encapsulation dot1Q 181
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: noob question

Hi Michael,

I think the problem was taken the wrong way.

If I can summarize :

you have 2 SSIDs and one is broadcasted on 2 radios, the other on 1.

They work well.

You see the 5ghz ssid as "other network".

My analysis :

"Other network" is shown by clients like intel proset when they see an SSID that is not broadcasted, so that is all normal.

How do the 2 other SSIDs show ? They shouldn't show their name unless you already connected to them via a profile maybe.

So what is the exact problem with this setup ?

Nicolas

11 REPLIES
Cisco Employee

Re: noob question

You have not configured the broadcast on the SSID.. so the SSID are not getting broadcasted..

Try the below commands..

FROM CLI

==========

en

conf t

int dot11 0

mbssid

or

en

conf t

mbssid
end

en

conf t

dot11 ssid TEST2

mbssid guest-mode

end

en

conf t

dot11 ssid TEST1

mbssid guest-mode

end

FROM THE GUI

=============


Security >> SSID manager >> Select the SSID (TEST1)> Scroll down to the bottom >> Multiple BSSID Beacon Settings >> Check on Set SSID as Guest Mode >> Apply.

Do the same for TEST 2.. that is..

Security >> SSID manager >> Select the SSID (TEST2)> Scroll down to the bottom >> Multiple BSSID Beacon Settings >> Check on Set SSID as Guest Mode >> Apply.

Let me know how this works out for you!!

Regards

Surendra

New Member

Re: noob question

I do not want the SSIDs to be broadcast.  We configure each PC to be set-up with the correct information.

What I'm really looking for is why I'm seeing three networks broadcast when I only have two SSIDs in the config.

Cisco Employee

Re: noob question

ok... the third one "other network" may be coming from someother AP which is near by... to reconfirm.. could you please shut down the radio interface and verify if you are still able to see the third SSID???

The command to do it is..

int dot11 0

shut

int dot11 1

shut

End

See whether we are able to see any other SSID..

Regards

Surendra

Hall of Fame Super Gold

Re: noob question

Because broadcast is per radio.

How many SSIDs are broadcasted on 2.4Ghz?

How many SSIDs are broadcasted on 5.0Ghz?

New Member

Re: noob question

So what you're telling me is that I can't have the same SSID being broadcast out two different radios on the 1142?

Cisco Employee

Re: noob question

ok... the third one "other network" may be coming from someother AP which is near by... to reconfirm.. could you please shut down the radio interface and verify if you are still able to see the third SSID???

The command to do it is..

int dot11 0

shut

int dot11 1

shut

End

See whether we are able to see any other SSID..

Also if you dont wand to broadcast the SSID.. then use the below command....

int dot11 0

no mbssid

int dot11 1

no mbssid

dot11 ssid TEST 1

no mbssid guest-mode

dot11 ssid TEST2

no mbssid guest-mode

Let me know how this owrks out for you!!

Regards

Surendra

New Member

Re: noob question

I am not able to see the "Other Network" after shutting both interfaces. Furthermore, when I connect to

the "Other Network", I see the authentication take place on the Access Point (logged in via another laptop).

I guess I don't understand why when someone connects to the SSID whether it be on Radio0 or Radio1 why it just wouldn't negotiate the best rate and make the connection on that Radio.  From what I'm starting to understand, the SSID isn't "universal" to the AP, but to the interface or interfaces that it is configured on, so what I'm thinking is that I can have the legacy SSID on the 5.0Ghz channel and the new SSID on the 2.4GHz channel (since the devices connecting to this SSID only support 2.4Ghz) and not even worry about having them mix.

Cisco Employee

Re: noob question

Hi Michael,

I think the problem was taken the wrong way.

If I can summarize :

you have 2 SSIDs and one is broadcasted on 2 radios, the other on 1.

They work well.

You see the 5ghz ssid as "other network".

My analysis :

"Other network" is shown by clients like intel proset when they see an SSID that is not broadcasted, so that is all normal.

How do the 2 other SSIDs show ? They shouldn't show their name unless you already connected to them via a profile maybe.

So what is the exact problem with this setup ?

Nicolas

New Member

Re: noob question

I guess the problem is the lack of understanding on my part.  I thought that if the SSID was broadcast on two different channels that the client and the AP would negotiate the best rate and that would be that.  In other words, if the client could support N, it would use the 5.0 channel, if it couldn't, it would use the 2.4 channel.  My mistake.

What I'm going to do now is change the SSID on the 5.0 channel to be for N devices for future migration.

I was unaware that the intel proset reacted the way you describe.  That makes perfect sense now.

Thank you all for you bits of information.

Cisco Employee

Re: noob question

To what SSID the client connects to is a client decision so it may vary a lot.

11n is available on both 2.4 and 5ghz. The 5ghz band just allows for safer "channel bonding". So 300mbps instead of 144mbps.

It is in any case a smarter decision from client side to chose a 5ghz radio over a 2.4 because of less interference in that band. And if the 5ghz radio offers better data rates, there is even more reasons. But client drivers logic you know ... :-)

This is why the last WLC version came with a feature that influences the clients that are capable of 5ghz to chose the 5ghz radio over the 2.4ghz (by responding to the dual-band client only on 5ghz) but this feature is not available in IOS.

A good thing to remember is that when you don't "broadcast" the ssid, the SSID just send the same beacons as advertisements. The only difference is that it doesn't mention the SSID name in the beacons.

However, as soon as a client associates, the client mentions the SSID name in the association request. So this is why it's possible for smart tools (netstumbler & co) to learn the name of an SSID that is not broadcasted as long as there is activity around.

Regards,

Nicolas

Cisco Employee

Re: noob question

Awesome Nico!!!!

955
Views
5
Helpful
11
Replies
CreatePlease login to create content