Hide SSID using WLC
Hello,
Is there a way to hide the SSID using the Cisco WLC
Its here!!
WLC GUI >> WLANs >> Select the WLAN >> Uncheck BROADCAST Check Box.
THis will do it!!
Please dont forget to mark this as answered if so!!
Regards
Surendra
Similar Messages
-
How to Hide SSID's on Windows 8?
hello
i wanna hide SSID of USB NIC wireless router on winndows 8.
more description:
i create a wireless router on my windows 8 by USB wireless adapter
and i want to hide the SSID of this wireless connection.It is not entirely clear to me what you are trying to configure.
in general 'hiding the SSID' of a wireless network is configuring the access point to not broadcast it's name, so it remains hidden for most users.
If you are using the builtin 'Hosted network' functionality to turn you windows pc in a virtual access point, you cannot configure these kind of details.
if you are using a third party software to do this, you shoyuld refer to the software manual/vendor or developer.
If you are using a hardware access point, refer to the documentation/vendor for assistance.
MCP/MCSA/MCTS/MCITP -
Integration with Third-Party using WLC logs
Hello everyone,
In my scenario, the WLC Controller is in a different part of my network, controlling APs that are all are running in FlexConnect mode.
Between APs and Controller I have WAN connections and a border firewall. I have locally PDC and AAA servers.
The problem is: My wired end users when go to outside zone (from LAN to internet), need do a captive portal authentication that is integrate with AAA server using Radius.
In WLAN network, I have a SSID using 802.1X that use the same VLAN as used by wired. Therefore, users that are using WLAN connections are needing to authenticate twice.
My idea to contour this situation depends the level of logs that WLC can provide me. I had looking for SNMP traps and Syslog (debug level), but neither one log user/IP/MAC. If I had this informations, I can integrate with my firewall border using XML API and bash scripts.
Anyone had this issue? Can help me with suggestion or other ways/ideias?
Kind Regards.Hello,
I understand that anyone that is using your VLAN (call it VLAN x) toward the internet will be interrupted by the firewall and is directed to a captive portal to provide the credentials.
For those who use WLAN with dot1x, they have to provide credentials twice, once when they authenticate to the WLAN and once when they try to browse internet.
Is that correct?
I think the best solution for you is to utilize a separate VLAN for your WLAN.
If you are looking for user MAC address via SNMP, that is exist AFAIK. What you may need to do is to enable that trap to be sent (not sure if its on or off by default). Go to SNMP config in GUI and then go to snmp trap controls page. There you may be able to allow traps for authenticated and associated clients.
HTH
Amjad -
ISE Guest Portal and one more SSID using internal accounts
Hi Guys,
I have two SSIDs on WLC, the first is related with ISE Guest Portal and the second is related with employee but i realize that the
Guest user can access the employee SSID and employee accounts can access the Guest portal page.
I guess this is happen because i cannot split these databases under "Internal Users" on Authentication Policy.
How can i restrict the access even if i am using the internal databse?
thanks a lotusing the Authorization policy is the right way. Match the corp ID store to the corp WLAN SSID ID in the AuthZ policy, for example (where Employee is your corp ID store and yyyy is the name of your corp SSID):
-
Hi,
just got a new Hub 3 but as I've got some legacy devices that connect wirelessly but can only use WEP I've had to switch from WPA2 to WEP and wish to hide my SSID. I found this post....
http://community.bt.com/t5/BB-Speed-Connection-Issues/how-to-hide-ssid-on-the-new-hub-3-0/m-p/217965...
which implies that hiding SSID is not available on Hub 3.
soooo I just want to confirm that this "useful security precaution" is no longer available at all with Hub 3 (as opposed to is not available with Hub 3 configured for WPA2).
Thanks.Is it possible to update the drivers or firmware for these devices?
You could simply add a separate wireless access point for these devices, that uses MAC filtering and can hide the SSID.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Binding multiple VLANs to single SSID on WLC
I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.
the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
Here are a couple of links tha might help.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html -
Hi there.
I need to hide SSID from broadcast from Cisco Prime.
I can do this easily on WLC by un-checking 'broadcast' under SSID on WLC but I have controller which I only have access through Cisco Prime.
So I would like to find out how I can disable broadcast on Cisco Prime please.
Thanks in advanceRefer : creating / adding templates
http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-3/configuration/guide/pi_13_cg/temp.html#20699 -
Which command in the Cisco AP1200 series will you use to broadcast the SSID using VLANs?
Folks,
Which command in the Cisco AP1200 series will you use to broadcast the SSID using VLANs?
ThanksIf you have enabled mbssid, "guest-mode" would be replaced by "mbssid guest-mode" this would also allow multiple ssid's to be broadcast
-Tim
Sent from Cisco Technical Support iPad App -
Use WLC's service interface IP when add WLC into WCS
Hi All,
Does anybody know if there's any limitations or bugs to use WLC's service interface IP when add WLC into WCS?
Another question is I remember there's a post previously says that there are a bug regarding to ARP if the WLC not using LAG but connect one port to one switch, connect another port to another switch, so that's why it is strongly suggested to use LAG, but I can't find it now, anybody know it? Thanks!The service port is controlled by the service-port interface and is reserved for out-of-band management of the controller and system recovery and maintenance in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The service port is not capable of carrying 802.1Q tags, so it must be connected to an access port on the neighbor switch.
If the service port is in use, the management interface must be on a different supernet from the service-port interface.
The service-port interface controls communications through and is statically mapped by the system to the service port. It must have an IP address on a different supernet from the management, AP-manager, and any dynamic interfaces, and it cannot be mapped to a backup port. This configuration enables you to manage the controller directly or through a dedicated operating system network, such as 10.1.2.x, which can ensure service access during network downtime.
The service port can obtain an IP address using DHCP, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service-port interface. Static routes can be defined through the controller for remote network access to the service port. -
CTS+ - How to hide "export using Filesystem" from PI tool?
Hi experts,
I have already implemented "How To Configure Enhanced CTS PI 7.1", now I wonder If it is possible to hide export using Filesystem since I would like to force people using "Export using CTS" from PI tools.
I have alredy surfing on internet without luck : (
Could you pleas help with this?
Thanks in advance.Hello Emili
The Exchange Profile parameters below control whether the "Transport Using File System" option is visible in the transport wizard. If you set the parameters to "false" (without the " and all in lower case) then this transport option will no longer be visible.
1) com.sap.aii.ibrep.core.transport.enableFileExport
2) com.sap.aii.ibdir.core.transport.enableFileExport
If these parameters do not already exist in the Exchange Profile, you can create them and set the value to false.
Regards
Mark -
Client looking to segment traffic via SSID using 2504
I have a client with a WLC 2504 that wants to route "guest" users through a gateway appliance "radiusgateway.com" and all others through the network. It appears to me this would require the use of two fa ports on the WLC. One directly connected to the radiusgateway (which is connected to a switchport) and the other fa interface connected directly to a switchport bypassing the proxy server.
My issue is, "how do you segment the ssid traffic via the WLC". The interfaces cia the gui aren't that intelligent, there's an enable and logging drop down. Via the command line, I didn't see any methods of routing traffic.
Please assist, Thanks in advance.The controller doesn't 'route' traffic, it will just send it out the VLAN/Port the interface is configured for.
So if you tell interface 'guest' to be linked to port 4, any WLAN that uses guest will be sent out port 4.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Mobility group same ssid multiple WLC
I have a 4400 and a 5508 WLC in the same location
We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
Do I only need to create a mobility group and add both WLC
then create only one WLAN on one of the controllers and it will be shared across bot WLC.
Or something else?Resolution :
Yes you are correct. Please follow this link for Mobility groups and Roaming :
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html -
WiFi network security: How do I create a hidden SSID using Time Capsule?
Hello. I'm having a security issue on my wireless network. I recently noticed (via a Finder window under "Shared" on the left side of the window) someone squatting on our wifi network which is WPA encrypted and is based on a Time Capsule plus 2 Airport Express boxes for streaming music. I have an external network drive connected to the Time Capsule which houses all my iTunes music and movies. I have a feeling they are breaking in to steal from that rather than merely using our internet connection. I immediately changed the password. The next day I found them on our network again. I changed the password again. Immediately after changing the password and refreshing the Finder window, they showed up on our network yet again. I then changed the name of our SSID/wifi network and the password for a 3rd time. So far they haven't showed up and I'd like to keep it that way. We live in an apartment building and I fear that they won't see our old network name in the lists of networks and will realize that the new network name is us and then they will break in yet again.
1. is there anything else I can do to stop them?
2. is it a good idea/solution to hide our SSID and if so, how do I do that on the Time Capsule?
I can't seem to find any info on creating a hidden SSID on the discussion boards so any help is appreciated. Thank you!If you have other devices on your network and have enabled file sharing on them, you will see an occasional device or two come and go. That is normal. Usually, you'll see something with some numbers. That's usually the last 6 digits of the MAC address of a device.
Any hacker who is smart enough to crack your network is not going to allow his identity or any trace of his computer to be displayed on your network.
If you are still convinced that someone is cracking your network, you can enable the "closed" network option, but there are plenty of free utilities on the Internet available that will reveal a "closed" network in seconds. Most 12 year old kids looking for free wireless know how to do this.
If you want to do this anyway, here is how:
Open AirPort Utility - click Manual Setup
Click the Wireless tab below the icons
Click the Wireless Options button
Enter a check mark next to "Create a closed network"
Click Done, then click Update and wait for the Time Capsule to restart
Message was edited by: Bob Timmons -
Wireless Max SSID on WLC and AP
Hi,
I'm using a NME-AIR-WLC6-K9, Software Version 7.0.235.3.
I have 6x Access Points AIR-LAP1142N.
The limitation on the WLC is only 16 SSIDs, I'm not sure what the AP is capable of max SSID broadcast. Does any one have this information?
My question, is there a way of expanding the controller to allow for more WLAN? Our floor would like to use another SSID on top of the 16 already configured.
ThanksThe limitation on the WLC is only 16 SSIDs,
Each AP can broadcast a maximum of 16 SSID and nothing more. You can configure a WLC with more than 16 SSID.
When you say AP/WLAN Groups would be a more efficient means of providing SSIDs per location, is there a Cisco document explaining this and how it will work. We provide services to our clients by providing SSID on a floor with roaming service any where within the Wifi coverage. Right now, due to the limitations of 16 SSIDs on a WLCM (SRE-710) we have ran into problems. I notice that other Cisco products such as Virtual Controller (small to mid scale) and Wireless Appliance Servers (mid to large scale) provides 512 WLANs.
Wow. Someone's over-complicated your WLAN network. That ain't going to be good at all.
How many clients do you provide WLAN service? Like what Eric said, with AP Groups you can do the following scenario:
Client A and B have three SSIDs each with the 3rd SSID as "Guest".
APs inside client A premises will broadcast SSID A1, A2 and A3.
APs inside cient B premises will broadcast SSID B1, B2 and B3.
In the foyer area, you can have an AP broadcasting only A3 and B3.
Very doable and this is what the main selling point of AP Groups.
With a newer WLC, like the 2504, 5508 and the WiSM-2, you can even specify the data rates for each AP groups. So you can say that A3 and B3 will only broadcast in 802.11 g. -
Restricting SSIDs using Win2008 Radius Servers
Hello All,
I have a customer that wants to restrict SSIDs that groups get based on their AD credentials. Currently, he is using Windows 2008 Radius Server and AD with Cisco 5508 WLCs. I found examples that shows this is possible but my question is if I have 2 user groups (teachers and students) in AD and apply a policy for the Radius to send SSID x to teachers and SSID y to students. Upon successfully authentication, would this deny teachers access to SSID y and students access to SSID x?
Thanks in advance for you help! Any suggestions, comments, or links to documents on how this can be done would be greatly appreciated as well!!From my recent memory, this would simply force the client to be placed in the appropriate WLAN ID. RADIUS will respond with WLAN ID the client should be "placed in", therefore if your "teacher policy (x)" authenticates a user, they will be pushed to WLAN ID , regardless if they connected to WLAN X or Y, presuming they're hitting the same NPS server/policies; and vice versa.
Bottom line is the network policy on the NPS is going to make the client move to the respective WLAN ID based on the "credentials" authenticated in the respective policy, regardless if they connect to WLAN X or Y. Make sure AAA override is enabled on each WLAN
List of VSAs supported on WLC
http://www.cisco.com/en/US/products/ps6307/products_tech_note09186a0080870334.shtml
WLAN ID
—When the WLAN-ID attribute is present in the RADIUS Access Accept, the system applies the WLAN-ID (SSID) to the client station after it authenticates. The WLAN ID is sent by the WLC in all instances of authentication except IPsec. In case of web authentication, if the WLC receives a WLAN-ID attribute in the authentication response from the AAA server, and it does not match the ID of the WLAN, authentication is rejected. Other types of security methods do not do this.
Taken from
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008082d5b5.shtml#C2
This is for IAS but the VSAs will all be the same when configured in NPS
For setting the WLAN-ID on a per-user basis:
Attribute Name—Airespace-WLAN-Id
Vendor-assigned attribute number—1
Attribute Format—Integer/Decimal
Value—WLAN-ID
Maybe you are looking for
-
How can I display the sidebar on my desktop?
I just migrated to Lion from Snow Leopard. I used to see a sidebar on my desktop – by "desktop" I mean the initial page that displays for "Finder" – the one with wallpaper. That way I had a list of shortcuts (in the sidebar) on the left side of the
-
why can not you thought of improving the design of power adapters for mac book pro from damage so easily?
-
Hi everyone. I have made a BPM. In some cases (if idocs have not been processed in R3) this BPM won't have end. I want to know if there is an option to 'kill' this BPM. Thanks.
-
install windows phone 8.0 sdk on win 10 error Windows Program Compatibility mode is on. Turn it off and then try Setup again.
-
Won't let me reset child index
I've got multiple images being loaded from an xml document and when they're created they add it to the stage and call a setIndex function to set it to 0. But when I try to the same object later on when they're called I get this compiler error: I mark