Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple SSIDs on a single VLAN

I dont think its possible but I vaguely recall seeing a document stating that it is poosible to have two SSIDs on a single VLAN.

If so can they also have two different authentication methods

19 REPLIES
Silver

Re: Multiple SSIDs on a single VLAN

Well, yes and no!

If you're running lightweight, then yes, you can have multiple SSIDs pointing to a single VLAN.

If you're running autonomous, the answer is no. You can only have one SSID mapped to each VLAN.

Re: Multiple SSIDs on a single VLAN

To answer your second question. Yes, you can have two different authentication methods. We often do this when we have older clients that don't support WPA2 being replace by newer devices that do support WPA2. Please remember not to go crazy with this as every SSID you create involves more RF broadcast traffic because the SSID is advertised. Of course you could just not broadcast the SSID which will reduce some of the traffic but not all.

New Member

Re: Multiple SSIDs on a single VLAN

Actually you can also do this on autonomous. Put the separate wireless sub-interfaces into the same bridge group.

We ran like this for a while whilst migrating from Dynamic-WEP to WPA. However it's not something I've seen documented anywhere, so it's not likely to be supported. But it did work.

New Member

Re: Multiple SSIDs on a single VLAN

I'm looking to implement a similar setup so we can migrate from our wep environment to wpa2. The catch is that I need to be able to keep running my wep ssid and setup the wpa2-psk ssid so my newer clients can connect to it, whilst letting my older clients still connect to the wep ssid.

Anyways, my question is; would you be so kind as to provide an example configuration of how you implemented your single vlan with multiple ssids?

New Member

Re: Multiple SSIDs on a single VLAN

Hi Everyone. I just wanted to add my experience with two ssids on the same vlan with autonomous AP's. I was able to use two ssids on one vlan, but they used the same encryption key (40bit wep). If the keys were different then it would not work. Also, I think the AP barks at you if vlan tagging is enabled. I remember doing this with the AP flat, so it had an ip address on the vlan out of the dhcp range and dot1q tagging disabled. This was typically really only for old school sites that didn't have vlans, so of course if you have the vlan support then I'd recommend to simply add another vlan to your switches if you need another ssid.

New Member

Re: Multiple SSIDs on a single VLAN

I have two SSID on one vlan. I actually have the same two SSID on different AP Groups with each AP group attached to an interface (vlan). One SSSID is using WPA2/WebAuth and the other just WebAuth authentication.

New Member

Re: Multiple SSIDs on a single VLAN

Hi All,

I am looking for how to configure multiple SSIDs on same VLAN. Would you mind explaining me more about it or could you please provide me an example of configuration?

Thank you very much,

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

I'm assuming you're referring to a non-autonomous via WLC configuration, correct?

New Member

Re: Multiple SSIDs on a single VLAN

Hi,

No, it's autonomous ap.

Thanks,

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

Interesting! Would you mind posting an example config of your AP on how you accomplished it?

thanks,

Chad

New Member

Re: Multiple SSIDs on a single VLAN

Hi,

Actually, I am looking for it too. Anyway, I have got some information from another conversation but I have not yet tested it. Hope it would be helpful for you.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&topicID=.ee6e8b8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc28760

Happy New Year :-)

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

Very good info! I will get to work on it in my lab and see if I can get it to work based on the example config from the forum link you posted. Thanks again for the info!

New Member

Re: Multiple SSIDs on a single VLAN

Welcome. Would you mind also updating me the testing result?

Thanks,

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

For sure. I will post my configuration if I can get it to work correctly.

New Member

Re: Multiple SSIDs on a single VLAN

Hi,

Thank you very much. I got it right now. Anyway, I could broadcast only 1 SSID. I have tried “mbssid” but it did not work. I understand VLAN is needed for mbssid. Please let me know if you have any suggestions. The following is my configuration.

ap#sh run

Building configuration...

Current configuration : 1471 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

no logging console

enable secret 5 xxxxxxxxxx

!

ip subnet-zero

!

!

no aaa new-model

!

dot11 ssid test1

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 010703174F5A575D7218

!

dot11 ssid test2

authentication open

authentication key-management wpa

wpa-psk ascii 7 120D000406595D56797F

!

!

!

username xxxxx password 7 xxxxxxxxxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid test1

!

ssid test2

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 80 in

!

interface BVI1

ip address 192.168.2.171 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

Thanks again,

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

Good to know you got yours working!

I ran into a road block with mine because I want to run WEP-128 with one SSID and WPA2-PSK with AES-CCMP on the other SSID. I still have not figured out how to do this exactly. Someone mentioned in an earlier post that they thought it was possible, but I'm not sure how to do it. So, back to the drawing board for me.

I noticed that you're running WPA-PSK on both of your SSIDs.

New Member

Re: Multiple SSIDs on a single VLAN

I have never done WEP with one SSID and WPA2-PSK on the other SSID but I agree with someone you mentioned that it should be possible to do like that. Please let me know if I can do anything for you. Anyway, I am not an expert but I am willing to help if I can. :-)

Have a good day,

Nitass

New Member

Re: Multiple SSIDs on a single VLAN

Hi cdeeds,

I was just running some tests and confirmed that you can run differnet encryption schemes on the same ssid (no vlans)...if that is what your looking to do.

I wanted to run WEP-128 for legacy machines while putting on the newer machines on WPA-PSK with no issues.

Here's the step by step...you may need to remove existing encryption that you have as it may spit out some errors if not done in this order.

Encryption Manager ->select Cipher with TKIP + WEP128 bit

enter 128 bit encryption key (26 digits) in key#2 click o.k.

SSID Manager -->Create SSID ->Select interface to tie ssid to ->Client Authenitcated key management select optional -> enter the WPA key and check WPA...click open authentication ->then apply.

I confirmed i could now log onto the same ssid with either WPA-PSK or TKIP. The only issue i have found so far is that the client WEP key has to be set up as key#2 in the cisco AP. It will spit out an error if you try the same setup in Key#1 with the WEP key. That means the client key for WEP also needs to be sent on key2.

Hope this helps answer your question. I noticed that there are also settings for WPA2-PSK with AES-CCMP for your scenario.

Regards.

New Member

Re: Multiple SSIDs on a single VLAN

That's awesome news! I'm goint to play around with the settings you suggested in our lab. Thanks for posting!

260
Views
5
Helpful
19
Replies
CreatePlease to create content