Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WRVS4400N: Configuring multiple SSIDs for Public and Private Access


I've searched and searched and can't find the answer to this scenario:

  • Small Win2K8 domain with 10 workstations.
  • Domain controller supplies DNS to the workstations
  • Private SSID for the owner's laptop
    • Has access to the Win2K8 DC ( for DNS services and network shares, etc )
    • Can see the other workstations as well.

  • Public SSID for clients to use while waiting ( dental office )
    • Cannot see the Win2K8 domain for obvious reasons
    • Each wireless client on the Public SSID should see other clients on the same SSID
      • I think I have that figured out OK.
    • Users should only be allowed to access the Web.

My question is:

  • How do I configure the router to deliver DNS to the Public SSID but not the Private
  • the Private needs to retrieve DNS from the server in order to access all network resources
  • the Public ONLY needs Internet access...

Can this be done??

Thanks in advance!

Best regards,


rudy !@! trin!iti !.! ca!      remove all !

Everyone's tags (3)
New Member

Re: WRVS4400N: Configuring multiple SSIDs for Public and Priva

Yes it can be done, mate.

Configure the router with multiple vlans (router interface is configured as a 802.1q trunk interface with multiple sub-interfaces) and apply an ACL (that governs internet access and DHCP access if necessary to the internal network only) on the guest vlan sub-interface.

I am assuming you have a WINDOWS DC which you are setting up as a DHCP server, correct? If so, then configure multiple DHCP scope for the public and private vlans. Configure the private VLAN dhcp scope for an internal DNS server you would want to use for the users and configure the public VLAN DHCP scope for an external DNS server for the guests (you can use This way, both private and public users have different DNS servers resolving FQDNs.

Here is where it gets interesting:

Configure the AP for multiple VLANS which correspond to the vlans you configured on the router. VLAN 1 (native) has to be configured on both the AP and Router.Then assign VLAN 1 on AP an ip address which will serve as the management ip address for telnet/ssh/http access to AP.

Then configure the multiple SSIDs and map them to the VLANS you created on the AP. Make sure these SSIDs are configured as "guest SSIDS" otherwise the SSIDS will not be broadcasted. Afterwards you can now configure your encryption ciphers and authentication modes per SSID.

Note that by configuring multiple vlans and ssids, you have effectively turned the fast ethernet port on the ap into a 802.1q trunkport carrying multiple vlans.

So you would want to use a network cable to connect either via a switchport (which is also a 802.1q trunkport carrying all those configured vlans) to the router OR Connect directly to the router using a xover cable.

Hope that helped, matey!