AP1131 multiple SSID issue
Hello,
Very new to Cisco wireless, trying to figure this out.
I have an ASA that will be handling the VLAN traffic.
VLAN1 = default internal VLAN.
VLAN10 = guest VLAN.
On my AP1131 I want to have "Staff" SSID associated with VLAN1,
and "Guest" SSID associated with VLAN10.
Interfaces 6 & 7 on the ASA are PoE so I think I'm good on that. I have those two ports on the ASA set as trunks with Vlan1 as native.
My biggest pain right now is that I can't seem to get "Guest" and "Staff" broadcasting at the same time!
I don't really need the "A" radio, so I'm just trying to get the two SSID's broadcasting on the "G" radio.
I'm configuring via the GUI, but frequently looking back at the CLI.
Is this a common issue? Something that someone can point to a common mistake?
Attached is running-config; though I'm still very much playing with it.
Hi Scott,
Check out these two excellent related threads
https://supportforums.cisco.com/message/1308205#1308205
https://supportforums.cisco.com/message/1286462#1286462
Cheers!
Rob
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com/docs/DOC-8727
Similar Messages
-
3850 WLC - 5760 Anchor: Multiple Guest SSIDs issue
Hi,
I have configured a 3850 Foreign WLC and a 5760 as anchor WLC in a DMZ behind an ASA FW. The Anchor Controller is configured to advertise 3 GUEST Wireless:
(INSIDE) ---- ASA FW (guest in interface) -------------------------- (Te1/0/1) 5760 ANCHOR (Te1/0/2) -------------------- L3 Link-------------------- (guest out interface) ASA FW ---- (OUTSIDE)
GUEST1: 10.9.65.0/24 – VLAN 11
GUEST2: 10.9.66.0/24 – VLAN 12
GUEST3: 10.9.67.0/24 – VLAN 13
Management VLAN 1: 10.8.252.1 (Anchor Management VLAN – Mobility)
The link between the WLC and the Guest OUT Interface on the ASA Firewall is a L3 Link, NOT a Trunk.
The 5760 WLC is also a DHCP server for the three client VLANs above. I have also configured 3 SVIs as default gateways for these VLANs:
Interface vlan 11 – 10.9.65.1
Interface vlan 12 – 10.9.66.1
Interface vlan 13 – 10.9.67.1
wgh-anchorwlc5760-primary#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.8.252.1 YES NVRAM up up
Vlan11 10.9.65.1 YES manual up up
Vlan12 10.9.66.1 YES manual up up
Vlan13 10.9.67.1 YES manual up up
GigabitEthernet0/0 10.8.252.85 YES NVRAM down down
Te1/0/1 unassigned YES unset up up
Te1/0/2 10.8.253.1 YES NVRAM up up
Capwap0 unassigned YES unset up up
If a client connects to GUEST1 SSID it gets an IP address in VLAN 11 and its default gateway is 10.9.65.1.
If a client connects to GUEST2 SSID it gets an IP address in VLAN 12 and its default gateway is 10.9.66.1.
If a client connects to GUEST3 SSID it gets an IP address in VLAN 13 and its default gateway is 10.9.67.1.
Mobility is UP and I can see clients connected to the Anchor WLC either in IPLEARN or WEBAUTH_PEND state. DHCP is working fine, clients get an IP and the right default gateway and DNS servers when connect, for example, to GUEST1.
anchorwlc5760-primary#show wireless client summary
Number of Local Clients : 3
MAC Address AP Name WLAN State Protocol
04f7.e482.b21c N/A 2 IPLEARN Mobile
bc3e.6d32.17f6 N/A 2 IPLEARN Mobile
a826.d5b3.5ae8 N/A 2 WEBAUTH_PEND Mobile
However, they are not able to ping the default gateway – SVI VLAN 11: 10.9.65.1, so I can not see any traffic leaving the Anchor WLC to continue with the Web Authentication Process (cwa) using ISE. I can see that the authorization policy (“unkown” and the URL to ISE) has been pushed to the clients but I am not redirected to ISE Web Authentication Portal when I open my web browser. I have done some captures on the FW interfaces but I cannot see any traffic coming from the clients.
I know that usually there is a Trunk (that allows client VLANs) between a WLC and L3 Switch when you configure multiples SSIDs and then configure the SVIs on the L3 Switch. However, I think this design with a L3 Link should work too because 5760 is a WLC+L3Switch.
My question is: Why clients are not able to ping their default gateway?
I hope it makes sense.
I appreciate any thoughts and help. Thanks in advance.
Joana.Hi,
I couldn't get it working (I doubt if it is really possible). I had to add a switch between the 5760 Anchor Controller and the ASA Firewall:
(INSIDE) ---- ASA FW (guest in interface) -------------------------- (Te1/0/1) 5760 ANCHOR (Te1/0/2) -------------------- SWITCH-------------------- (guest out interface) ASA FW ---- (OUTSIDE)
The link between the 5760 and the Switch is configured as a Trunk and it allows the 3 Guest SSIDs (VLANs). The link between the Switch and the ASA FW is configured as a Layer 3 link. I also set up the default gateways for the 3 GUEST VLANs in the Switch (3 vlan interfaces) and the 5760 as DHCP Server.
I hope it helps.
Joana. -
Multiple SSID's on the same subnet?
Can you have Multiple SSID's on the same subnet?
SSID1 authenticates clients via radius.
Our corporation bought printers with wireless cards that only support WPA-PSK so we created SSID2 for the printers. We can connect to both SSID's and ping from SSID1 to SSID2 but we can not perform other functions such as view the printer management interface with a browser. Should it be possibe to communicate between SSID1 and SSID2 on the same subnet?Yes you should have no issue, but the only thing is that you are using a lower security method... so either you put them on different subnets so you can control the traffic via acl's or might as well use the same security method to make it easier. The fact that you can ping sounds like you should be able to http to the device.
-
Multiple SSIDS with VLAN ACL seperation
Hi,
I have bought a 887W and I'm new to wireless on a router, I need advice about seperating multiple SSIDs with access list.
I have configured 2 SSIDs one for 'trusted' clients and one for 'guest' clients. I want to prevent the 'guest' SSID obtaining access to the other vlan/SSID using an ACL.
Each SSID is associated with a BVI, the BVI has the IP address, then it's linked to a seperated VLAN interface, then each VLAN.
Thanks if you can help...
DaveSolved my issue, I simply attached the ACLs to the BVI interfaces. Fairly obvious, but I read a Cisco webpage that said this could not be done, although this may have been a temporary bug that has been fixed.
-
Multiple SSIDS and disappearing
We have Cisco 3602i access points for the most part, all of which advertise multiple SSIDs.
Very occasionally we see an SSID completely disappear from view, even though others remain solid (I can't say it's all devices as the majority of people who raise the issue have apple devices, but there are the odd one or two who use Windows laptops).
Also, the RSSI seems to fluctuate wildly.
I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
I guess my question is how can an SSID just drop off the client view if others on the same AP are fine?
How does the AP deal with multiple SSIDs and does it prioritise?
I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.Hello,
See my comments:
Also, the RSSI seems to fluctuate wildly.
A: This is often how a device hears the frames. Sometimes in high interference you can epxect this to jump around. I normally like to see if all the devices are doing this or just a select few. Sometimes poor clients jump around more than others.
I should add that we have disabled up to 11mbps data rates on the controller and we're running 7.6.100.0 currently, but plan to upgrade to 7.6.110.0 tonight.
A: I dont think turning off lower rates are bad unless your WiFi cant support the design. Good call get on the latest.
I guess my question is how can an SSID just drop off the client view if others on the same AP are fine?
A: Again, its a client missing frames like beacons.
How does the AP deal with multiple SSIDs and does it prioritise?
A: This SSIDs are virtualized. I blogged how this is done:
http://www.my80211.com/home/2011/5/2/wlc-how-cisco-virtualizes-the-base-radio-mac-address-on-the.html
I have to add that I've never had this issue and I'm just using a company standard HP laptop with an Intel chipset.
A: Again I think if you search you might see this is more around specific devices. I would do a packet capture and see what is going on. Recently had to troubleshoot an Android only to find out it was just bad wifi client. Always sending NULL frames and scanning and not passing traffic -
Hello,
I like to run multiple SSIDs on the same terminal. As the dynamic assignment of VLANs does not work with MBSSID, I try to configure how SSIDL IE. I followed the doc Cisco (Chapter 7) Next, alas my config does not work (in fact, among the clients tested, only one client receives the correct SSID). I upgraded the terminal IOS 12.4 (21a)-JA1 without success. Thank you for your help.
you can find in the attach the configuration.
Could you please help me ?
Best regardsYou have alot of vlans and ssid's.. might cause you issue with older clients or handheld devices. You check your radius logs to see what the failure are. Make sure you set the radius attributes correct:
The RADIUS user attributes used for the VLAN ID assignment are:
IETF 64 (Tunnel Type)—Set this to VLAN.
IETF 65 (Tunnel Medium Type)—Set this to 802
IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID.
Scott -
Single access point with multiple ssids and single channel possible?
Hi everybody.
I have this silly question.
Let say we have three vlans, vlan1,2,3 and they are mapped to wlans as follows:
Vlan 1 ssid1
Vlan 2 ssid2
Vlan3 ssid 3
AP --------trunk------Switchted network.
Our Ap has mobile devices in three wlans, i.e ssid1ssid2 and ssid3
Since AP uses half duplex mode, mobile devices need positive ack from ap before they can send data, therefore once channel let say channel 3( assuming 802.11b is used) can be shared by all mobile devices in three wlans.
Is my understanding correct?
Thanks and have a great weekend.Hii ,
Yes ,that is pretty much possible as suggested by other experts on board. Depending on your access point you will have 1 (2.4 GHz) or both 2.4 & 5GHz radios.
You can configure multiple SSIDs (up to 16 ) known as MBSSID mode in autonomous environment. In Controller based architecture you can configure up to 512 WLAN (SSID) and transmit any 16 of them per AP (using AP group feature). However , it is recommended to keep multiple SSID count below 8 as for each SSID separate beacon will be sent on air which consumes more air time.
Hope this helps
Thanks
Vinay -
Multiple OS issues with Email set up; "People" ; Synching phone not working as advertised
Nokia Lumia 822
Purchased yesterday (2/10/13)
So far I have spent 14 hours attempting to resolve what feel like endless errors and bugs. If I can;t get these resolved in the next 48 hours the phone goes back. I am so disappointed I waited especially for this phone - heard great stuff. My experience is it sucks. Worst phone ever.
1) POP3 email accounts are non functional. I have attempted to set up and delete and re-set up now multiple times. Each time presents a fresh new nightmare.
Issue 1 - Email account receives email but will not send. Error message goes something like <" Problem sending message. Message failed to send. Problem with Files or Data on your device." >
Issue 2 - Tapping email + accounts sends me back to start screen cannot even set up account
Issue 3 - I get to add email account I enter my information but no account is created
Issue 4 - I set up an account and I get an error message stating my information cannot be found.
Issue 5 - trying to open email from start screen just resets to start screen over and over and over NEVER opens the account.
These are deal breaker issues. I have multiple email accounts on different platforms. If I cannot access my various emails AND send from those accounts this is NOT the phone for me.
2) PEOPLE does not function. ALSO multiple various issues and never the same one twice.
Issue 1 - I tap on a contact and get sent to the start screen over and over and over and over again.
Issue 2 I tap on a contact and the phone freezes and wont respond unless I pull the battery
Issue 3 I open a contact and make an edit, save the contact but the change is never reflected in the list
Issue 4 I try and search for a contact and the search freezes - only option is to return to start screen
3) Scrolling thru any APP randomly takes me back to start screen.
I dread attempting to synch Outlook calendar and contacts on my PC to hotmail - especially if I can't even set up email. And it seems like even holding it will jettison me out of anything I'm doing and back to start screen.
If I can't get these issues resolved. look like I'll be going back to my 3 year old Blackberry Bold which performed flawlessly. It may not be the most impressive phone out there but it did what I needed it to do with out any issues.Interesting Twitter conversation VZWSupport on Twitter. It was suggested to try a HARD reset - and if that doesn't work take the phone back.
Since I don;t have anything set up yet that's my solution.
I see a BlackBerry Z10 in my future -
Multiple SSID with different Login Web authority pages
Our current setup is one Anchor control and then several WLC’s, I want to know if I can have multiple SSID and use different Web Auth pages form them, so I can have a SSID that requires a password to Authentication access and another SSID that requires pass through Authentication but they would have different web authentication pages and go to different pages once Authenticated.
Is this possible to ?Hi,
If you are running WLC software 4.2 and above then u can do this on per WLAN basis.. here is the link which tells on how to do it..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml#A1
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?
I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
thanksHi Don,
Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
Using multiple SSID with AP 1100 (standalone mode).
Hi, need to configure 2 SSID on the same 1100 AP: open authentication and WPA2. It's possible to configure these 2 SSID without configuring VLAN's ?
On CCO I've read the following:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a008009483e.shtml
Q. How many service set identifiers (SSIDs) can you have per VLAN?
A. You can have only one SSID per VLAN. The use of multiple SSIDs over a single VLAN is not supported with Aironet APs.
It's also true with the latest IOS release ?Hi Roberto,
Hopefully the attached docs will answer your question:
Cisco Aironet 1100 Series
Using VLANs with Cisco Aironet Wireless Equipment
Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
Configuring Multiple SSIDs
vlan vlan-id
(Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
Hope this helps!
Rob
Please remember to rate helpful posts....... -
Hello,
I am attempting to set up three Cisco 1242AG Wireless Access Points with multiple SSID's. I used the web interface and directions online to set up the two networks I want and at least one of the networks work wirelessly.
However, I have two problems:
The first, which is the most important, is that the "management" interface, BVI1, doesn't get an ip address from our DHCP server. I set the VLAN 60 (which you'll see in the documenation below) to be the native VLAN on the device as well as on the switch that the device is connected to as well as other settings in the configeration file below. Because of this, I can only manage the device via the console port which would be a huge pain once all of the devices are mounted.
The second problem is that I am not sure how to get both wireless networks broadcasting their SSID's. I have to manually type in the SSID for the second wireless network I have which I would prefer I don't have to. Anyway I can enable broadcasting on all of the SSID's?
Thank you for your time.
Regards,
Christopher Koeber
Using 7916 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP-18.wesleysem.edu
enable secret {Number Here} {Encrypted Password Here}
enable password {Number Here} {Encrypted Password Here}
aaa new-model
aaa session-id common
dot11 syslog
dot11 vlan-name Kresge vlan 20
dot11 vlan-name Library vlan 30
dot11 vlan-name Public vlan 60
dot11 vlan-name Secure_Public vlan 70
dot11 vlan-name Secure_Seminary vlan 80
dot11 vlan-name Server_Room vlan 1
dot11 vlan-name Straughn vlan 40
dot11 vlan-name Trott vlan 10
dot11 vlan-name Web_Room vlan 50
dot11 ssid (Secure) Wesley Campus
vlan 80
authentication open
authentication key-management wpa version 2
wpa-psk ascii {Number Here} {WPA Key Here}
dot11 ssid Public
vlan 60
authentication open
mobility network-id 60
username Cisco password {Number Here} {Encrypted Password Here}
username admin privilege 15 secret {Number Here} {Encrypted Password Here}!
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 80 mode ciphers aes-ccm
ssid (Secure) Campus
ssid Public
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
bridge-group 70 spanning-disabled
interface Dot11Radio0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption vlan 80 mode ciphers aes-ccm
dfs band 3 block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio1.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
bridge-group 70 spanning-disabled
interface Dot11Radio1.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
interface FastEthernet0
ip dhcp client update dns
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
interface FastEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
no bridge-group 40 source-learning
bridge-group 40 spanning-disabled
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
no bridge-group 70 source-learning
bridge-group 70 spanning-disabled
interface FastEthernet0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
no bridge-group 80 source-learning
bridge-group 80 spanning-disabled
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
endI am using a third party DHCP server which is our Windows Domain Controller. I have the ip helper-address set for the native vlan of the Access Point through a layer 3 distribution switch (a Catalyst 4506) that the current switch connects to.
I didn't see any event on the logs for the AP.
Let me know if I need to do something else.
Thanks. -
WAP200 and .1x/radius authentication with multiple SSIDs
Apparently it's not possible to define more than a single radius server when using multiple SSIDs with WAP200. Unfortunately WAP200 doesn't add the name of the SSID as a radius attribute, so it's not possible to make distinction whether the user is trying to log in to SSID A or B. Does anyone have any ideas or workarounds for this limitation? Of course the best solution would be if Cisco/Linksys fixed the firmware so that the SSID of the logging in user would be sent to the radius server as an extra attribute or appended to the client mac address.
Security option for an SSID can be unique and can be configured when you configure a SSID or under VLAN . Note that each vlan is uniquely mapped to induvidual SSID.
-
Authentication with Multiple SSIDs AP521G, using Autonomous
I have an AP521G access point that I am trying to setup authentication for multiple SSIDs. One SSID is for domain users with WPA/TKIP authentication to a radius server and the other SSID is for guest to have access to Internet with no authentication. Is there a way to setup both SSIDs on the AP for this configuration?
Security option for an SSID can be unique and can be configured when you configure a SSID or under VLAN . Note that each vlan is uniquely mapped to induvidual SSID.
-
Multiple SSIDs/VLAN - NPS Authentication
I have recently set up a similar network using Ruckus equipment; however, need to do it now with Cisco...
I have a multiple SSIDs associated to different VLANs broadcasting. I would like to configure a single Radius server pointed to my NPS server and allow for authentication by group to each SSID.
With Ruckus I had to put in a vendor specific custom attribute and then use Roles to allow access by AD Security Group.
Does anyone know how to setup something similar with Cisco? I just need a single group to be able to autheticate to each SSID.
Josh PriceThis is pretty straightforward.
Just create a NPS policy for each SSID.
A simple policy could check 3 conditions.
Windows Groups = DOMAIN\GroupABC
Called Station ID = .*:SSIDNAME$
NAS Port ID = Wireless IEEE or Wireless Other
Just change SSIDNAME to whatever the specific SSID is, and obviously the group that you want mapped. The SSID condition uses regex.
Cheers
Peter
Maybe you are looking for
-
Transfer posting with Mov Type 311E in MIGO with reference to SC-PO
Hi, I am working with MTO scenario. I want to carry out transfer posting of material with movement type 311E against subcontracting Purchase Order which is sale order specific. However, system does not allow me to do the same. whenever transfer posti
-
Dear All, I am in need of reading an XML file data and to do some manupulation in Javascript. I am using "Microsoft.XMLDOM" parser and I have problem in accessing the child node. I am able to locate a node thru var x= xmlDoc.getElementsByTagName("nam
-
Is Photoshop Elements version 6 compatible with Windows 7 32 bit? 64bit?
Is Photoshop Elements version 6 compatible with Windows 7 32 bit? 64bit?
-
Car charger help??!?
Hello all, im having some difficulties with car chargers right now just bought 3 different kinds that all say apple certified on them I am using an apple certified cord that came with the device.. Basically I plug the car charger into the cigarette p
-
Delete 3KEH,3KEI for using periodic transfer PCA (1KEK) instead
Dear Sir, We want to delete 3KEH,3KEI for GL accounts (balance sheet adjustment revaluation) for using periodic transfer PCA (1KEK) instead. But there are a lot of open item in the source account (vendor & customer open item). If we block for posting