10-23-2008 02:17 PM - edited 07-03-2021 04:40 PM
I dont think its possible but I vaguely recall seeing a document stating that it is poosible to have two SSIDs on a single VLAN.
If so can they also have two different authentication methods
01-05-2009 07:14 AM
Hi,
Thank you very much. I got it right now. Anyway, I could broadcast only 1 SSID. I have tried âmbssidâ but it did not work. I understand VLAN is needed for mbssid. Please let me know if you have any suggestions. The following is my configuration.
ap#sh run
Building configuration...
Current configuration : 1471 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
no logging console
enable secret 5 xxxxxxxxxx
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid test1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010703174F5A575D7218
!
dot11 ssid test2
authentication open
authentication key-management wpa
wpa-psk ascii 7 120D000406595D56797F
!
!
!
username xxxxx password 7 xxxxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid test1
!
ssid test2
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 80 in
!
interface BVI1
ip address 192.168.2.171 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
Thanks again,
Nitass
01-05-2009 01:57 PM
Good to know you got yours working!
I ran into a road block with mine because I want to run WEP-128 with one SSID and WPA2-PSK with AES-CCMP on the other SSID. I still have not figured out how to do this exactly. Someone mentioned in an earlier post that they thought it was possible, but I'm not sure how to do it. So, back to the drawing board for me.
I noticed that you're running WPA-PSK on both of your SSIDs.
01-06-2009 12:07 PM
I have never done WEP with one SSID and WPA2-PSK on the other SSID but I agree with someone you mentioned that it should be possible to do like that. Please let me know if I can do anything for you. Anyway, I am not an expert but I am willing to help if I can. :-)
Have a good day,
Nitass
01-21-2009 08:42 AM
Hi cdeeds,
I was just running some tests and confirmed that you can run differnet encryption schemes on the same ssid (no vlans)...if that is what your looking to do.
I wanted to run WEP-128 for legacy machines while putting on the newer machines on WPA-PSK with no issues.
Here's the step by step...you may need to remove existing encryption that you have as it may spit out some errors if not done in this order.
Encryption Manager ->select Cipher with TKIP + WEP128 bit
enter 128 bit encryption key (26 digits) in key#2 click o.k.
SSID Manager -->Create SSID ->Select interface to tie ssid to ->Client Authenitcated key management select optional -> enter the WPA key and check WPA...click open authentication ->then apply.
I confirmed i could now log onto the same ssid with either WPA-PSK or TKIP. The only issue i have found so far is that the client WEP key has to be set up as key#2 in the cisco AP. It will spit out an error if you try the same setup in Key#1 with the WEP key. That means the client key for WEP also needs to be sent on key2.
Hope this helps answer your question. I noticed that there are also settings for WPA2-PSK with AES-CCMP for your scenario.
Regards.
01-21-2009 10:10 AM
That's awesome news! I'm goint to play around with the settings you suggested in our lab. Thanks for posting!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: