Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Standalone WAP Multiple SSIDs to a single VLAN

I have a AIR-AP1142N-A-K9 i use for my home wireless. I am trying to utilize the 2.4GHz and 5GHz radios so i can have SSID and SSID[5GHz] advertised. It seems like i am unable to set multiple SSIDs to use a single VLAN. I have looked for a doc or config guide with this topic but i have come up empty. The end config i am looking for is creating four SSIDs. One guest and private SSID per radio with the guest SSIDs on one VLAN and the private [encrypted] SSID on another VLAN. Any and all help is greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

Standalone WAP Multiple SSIDs to a single VLAN

Hi,

Pls check this doc..

https://supportforums.cisco.com/docs/DOC-16087

If you still dont get it to work, please paste the config.

Thanks !

Regards
Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
4 REPLIES

Standalone WAP Multiple SSIDs to a single VLAN

Hi,

Pls check this doc..

https://supportforums.cisco.com/docs/DOC-16087

If you still dont get it to work, please paste the config.

Thanks !

Regards
Victor V

*****Help out other by using the rating system and marking answered questions as *****Answered"*****

Regards Victor V *****Help out other by using the rating system and marking answered questions as *****Answered"*****
New Member

Re: Standalone WAP Multiple SSIDs to a single VLAN

So i rebuilt this from scratch. I seem to have the 2.4GHz spectrum working properly, but i cannot see the 5GHz SSIDs on my phone (which is 5GHz capable). Is there a way to show the advertised SSIDs?

Heres my config up until now:

AP1#sh run

Building configuration...

Current configuration : 6081 bytes

!

! Last configuration change at 22:07:30 PDT Sat Feb 22 2014

! NVRAM config last updated at 22:09:09 PDT Sat Feb 22 2014

! NVRAM config last updated at 22:09:09 PDT Sat Feb 22 2014

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP1

!

!

logging rate-limit console 9

enable secret 5 [SNIP]

!

aaa new-model

!

!

aaa group server tacacs+ [SNIP]

server [SNIP]

!

aaa authentication login default group [SNIP] group tacacs+ local

aaa authorization exec default group [SNIP] if-authenticated

aaa accounting update newinfo

aaa accounting exec default start-stop broadcast group tacacs+ group [SNIP]

aaa accounting commands 1 default start-stop broadcast group [SNIP]

aaa accounting commands 15 default start-stop broadcast group [SNIP]

!

!

!

!

!

aaa session-id common

clock timezone PDT -8

clock summer-time PDT recurring

clock save interval 8

no ip routing

no ip cef

ip domain name [SNIP]

ip name-server [SNIP]

ip name-server [SNIP]

ip name-server 4.2.2.2

!

!

!

!

dot11 syslog

!

dot11 ssid [Private SSID]

   vlan 40

   authentication open

   authentication key-management wpa version 2

   mbssid guest-mode

   wpa-psk ascii 7 [SNIP]

!

dot11 ssid [Public SSID]

   vlan 30

   authentication open

   mbssid guest-mode

!

dot11 ssid [Public 5GHz SSID]

   vlan 30

   authentication open

   mbssid guest-mode

!

dot11 ssid [Private 5GHz SSID]

   vlan 40

   authentication open

   authentication key-management wpa version 2

   mbssid guest-mode

   wpa-psk ascii 7 [SNIP]

!

!

dot11 guest

!

!

!

username admin secret 5 [SNIP]

!

!

ip ssh version 2

bridge irb

!

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 40 mode ciphers tkip

!

ssid [Private SSID]

!

ssid [Public SSID]

!

antenna gain 0

mbssid

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.30

description Public Wireless Radio Subinterface

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 spanning-disabled

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

!

interface Dot11Radio0.40

description Private Wireless Radio Subinterface

encapsulation dot1Q 40

no ip route-cache

bridge-group 40

bridge-group 40 subscriber-loop-control

bridge-group 40 spanning-disabled

bridge-group 40 block-unknown-source

no bridge-group 40 source-learning

no bridge-group 40 unicast-flooding

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 40 mode ciphers aes-ccm

!

ssid [Private 5GHz SSID]

!

ssid [Public 5GHz SSID]

!

antenna gain 0

peakdetect

dfs band 3 block

mbssid

channel dfs

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio1.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 spanning-disabled

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

!

interface Dot11Radio1.40

encapsulation dot1Q 40

no ip route-cache

bridge-group 40

bridge-group 40 subscriber-loop-control

bridge-group 40 spanning-disabled

bridge-group 40 block-unknown-source

no bridge-group 40 source-learning

no bridge-group 40 unicast-flooding

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface GigabitEthernet0.30

description Public Wireless Subinterface

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 spanning-disabled

no bridge-group 30 source-learning

!

interface GigabitEthernet0.40

description Private Wireless Subinterface

encapsulation dot1Q 40

no ip route-cache

bridge-group 40

bridge-group 40 spanning-disabled

no bridge-group 40 source-learning

!

interface BVI1

ip address [SNIP]

no ip route-cache

ipv6 address dhcp

ipv6 address autoconfig

ipv6 enable

!

ip default-gateway [SNIP]

ip forward-protocol nd

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip tacacs source-interface BVI1

!

logging source-interface BVI1

logging host [SNIP]

!

tacacs-server host [SNIP]

tacacs-server directed-request

tacacs-server key 7 [SNIP]

!

bridge 1 route ip

!

!

banner exec ^C

WARNING: Unauthorized access to this system is forbidden and will be

         prosecuted by law. By accessing this system, you agree that your

         actions may be monitored if unauthorized usage is suspected.

^C

banner login ^C

*************************************************************

WARNING - PRIVATE ELECTRONIC DEVICE - ACCESS PROHIBITED

This device is a private network device.  Access to this device is

not authorized.  Any attempt for unauthorized access will be logged

and appropriate legal action will be taken.

*************************************************************

^C

!

line con 0

logging synchronous

line vty 0 4

logging synchronous

transport input ssh

!

sntp server 174.36.223.159

sntp server 74.117.238.11

sntp server 69.64.72.238

sntp server 199.199.208.25

sntp server 128.10.19.24

sntp server 204.109.63.243

sntp server 216.66.0.142

sntp server 169.229.70.201

sntp server 69.65.40.29

sntp server 64.6.144.6

sntp server 38.101.77.21

sntp server 97.107.129.217

sntp server 205.196.146.72

sntp server 108.61.56.35

sntp server 199.4.29.166

sntp server 198.55.111.50

sntp source-interface BVI1

end

VIP Purple

Re: Standalone WAP Multiple SSIDs to a single VLAN

Hi,

Normall cisco recommands us:

No its not possible... its always 1:1 mapping between the SSID and the VLAN in autonomous infrastructure

But but but......If you want then you can do it:

***** SWITCH PORT CONFIG ****

interface GigabitEthernet1/0/10

description AP-1600

switchport access vlan 14

switchport mode access

spanning-tree portfast

***** AP CONFIG ****

hostname A1600

!

dot11 ssid ARH

   authentication open

!

dot11 ssid MRN

   authentication open

   guest-mode

!

interface Dot11Radio1

ssid ARH

ssid MRN

station-role root

bridge-group 1

no shutdown

!

interface GigabitEthernet0

bridge-group 1

!

interface BVI1

ip address dhcp

!

Regards

Dont forget to rate helpful posts

New Member

Standalone WAP Multiple SSIDs to a single VLAN

If you look closer this is basically what i have done. the issue is binding an SSID on the 5GHz antenna to the same vlan as an SSID on the 2.4GHz antenna. Heres a focused snip of my show run output:

interface Dot11Radio0

!

encryption vlan 40 mode ciphers tkip

!

ssid [Private SSID]

!

ssid [Public SSID]

!

mbssid

bridge-group 1

!

interface Dot11Radio0.30

description Public Wireless Radio Subinterface

encapsulation dot1Q 30

bridge-group 30

!

interface Dot11Radio0.40

description Private Wireless Radio Subinterface

encapsulation dot1Q 40

bridge-group 40

!

interface Dot11Radio1

!

encryption vlan 40 mode ciphers tkip

!

ssid [Private 5GHz SSID]

!

ssid [Public 5GHz SSID]

!

mbssid

!

interface Dot11Radio1.30

encapsulation dot1Q 30

bridge-group 30

!

interface Dot11Radio1.40

encapsulation dot1Q 40

bridge-group 40

!

interface GigabitEthernet0.30

encapsulation dot1Q 30

bridge-group 30

!

interface GigabitEthernet0.40

encapsulation dot1Q 40

bridge-group 40

392
Views
0
Helpful
4
Replies
CreatePlease login to create content