Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Dual SSID with different vlan and access list

Hello everone

i'm a new is cisco, i have a Ironet AP 1142N, and have some trouble with this, because i don't have much experience with cisco.

well i need to setup this with the next config:

need 2 SSID, one SSID Called ServiceRoom and other called Visitors, the ssid called visitor only with internet access and the ssid ServiceRoom access to internet and other net resources.

need 3 vlan , vlan 10 to ServiceRoom, vlan 20 to visitor and vlan 30 only for administration.

the ssid called visitor assign ips for DHCP with the range 192.168.10.160, and deny the next ip range: 192.168.1.1, 192.168.2.0, 192.168.3.0, 192.168.4.0, 192.168.5.0, 192.168.6.0.

the two SSID need encryption wep 40bits.

use both 2.4 and 5 GHz bands if the clients support it, depending on radio signal, etc.

note: sorry for my english xD

Thanks a lot

Best regards

Comments
New Member

ok, i'm back.

this is my config but i have a problem, the two SSID is created and show me but i can't connect , when he ask me a password don't connect.

this is my actual config.

somebody can help me and say me what is wrong with my config, please

thanks

Building configuration...

Current configuration : 2900 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP0001

!

enable secret 5 $1$9NC3$xBq9q.3vbURZFD2G2LlPQ/

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid AP_ServiceRoom

   vlan 10

   authentication open

   mbssid guest-mode

!

dot11 ssid AP_Visitors

   vlan 20

   authentication open

   mbssid guest-mode

!

!

!

username Cisco password 7 112A1016141D

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 key 1 size 40bit 7 8D0678EA90D3 transmit-key

encryption vlan 10 mode wep mandatory

!

encryption vlan 20 key 1 size 40bit 7 CA374880ECD8 transmit-key

encryption vlan 20 mode wep mandatory

!

ssid AP_ServiceRoom

!

ssid AP_Visitors

!

antenna gain 0

mbssid

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.20

encapsulation dot1Q 20

ip address 192.168.20.165 255.255.255.224

ip access-group visitors in

ip helper-address 10.100.10.60

no ip redirects

no ip unreachables

no ip route-cache

bridge-group 20

bridge-group 20 subscriber-loop-control

bridge-group 20 block-unknown-source

no bridge-group 20 source-learning

no bridge-group 20 unicast-flooding

bridge-group 20 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

antenna gain 0

dfs band 3 block

channel dfs

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

bridge-group 20 subscriber-loop-control

bridge-group 20 block-unknown-source

no bridge-group 20 source-learning

no bridge-group 20 unicast-flooding

bridge-group 20 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

no bridge-group 20 source-learning

bridge-group 20 spanning-disabled

!

interface BVI1

ip address 10.100.10.165 255.255.255.224

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

login local

!

end

816
Views
0
Helpful
1
Comments