Ironet 1600 is arranged for multiple SSid ?

Hi,
I want to buy nr. 2 aironet 1600 for my house (one at first floor, the other on the second floor). I want to turn off the wifi of the router and turn on only the signal of the cisco 1600. It's possible ? I have to set differents channels ? I want add a second router with another internet provider, can I set two SSid ?
Thank you in advance and sorry for my english.

never mind...
802.11a à these WLAN ids ended with F and counted downward
802.11b/g à these WLAN ids ended with 0 and counted upwards
For example:  AP with base MAC: c4:7d:4f:46:45:20
802.11a:
WLAN 1: c4:7d:4f:46:45:2F
WLAN 2: c4:7d:4f:46:45:2E
WLAN 3: c4:7d:4f:46:45:2D
802.11b/g:
WLAN 1: c4:7d:4f:46:45:20
WLAN 2: c4:7d:4f:46:45:21
WLAN 3: c4:7d:4f:46:45:22

Similar Messages

  • WLC 5508 Multiple Interfaces for Multiple SSIDs

    Hello guys,
    I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
    I have 2 questions:
    1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
    Port 1: Controller management only=> 192.168.x.x /24
    Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
    Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
    Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
    Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
    2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?

    Yes you can... but you have to disable LAG.  Each post will need to be connected to a dot1q trunk and you will only allow the vlan that is required for that port.  Also on the interface, you will define what port is primary and what is backup.  I'm guessing you will not be using the backup port.  For example... port 1 that connects to a trunk port will only allow the management vlan.  Here is a link to setup dhcp on the WLC
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Cisco 5508 HA - Webauth Bundle for multiple SSID/multiple web pages

    Hi Guys,
    I have 2* cisco 5508 WLC in HA mode . Both are running IOS 7.5.102.0 . Everything is working perfectly fine.
    I need to Creat 3 differnet SSID and Creat 3 different login Pages for them . Each user from respective SSID will get specified login Page. like
    I have few questions :
    1) I have downloaded webauth bundle from cisco Support Site and in that itself so many files are there. So based on my scenario , in which folder do i need to copy my login and logo file.
    2) i have used Picozip to convert the file in .tar format but its giving me following error "
    % Error: Webauth Bundle file transfer failed - No reply from the TFTP serve" but i can ping my tftp server easliy.
    3) As Controllers are in HA mode , so once i am successful in uploading webauth bundle then it will be replicated on secondary controller or do i have to turn off SSO and upload in both one by one.
    Please help me out in this.
    Cheers

    Hello Sandeep,
    i have uploaded the tar which you have sent to me. When i supply my username and pwd, after that it keeps on going and not showing any end result. so it stays on same page and nothing happening after that.
    Are there any more radius ACL's to be defined ? 10.10.13.x is wireless client network , 192.168.10.21 is Radius Server , 192.168.10.215 is proxy server. Is there any other ACL need to be defined ??
                           Source                         Destination                 Source Port  Dest Port
    Index  Dir       IP Address/Netmask               IP Address/Netmask       Prot    Range       Range    DSCP  Action      Counter
         1 Any      10.10.13.0/255.255.255.0     192.168.10.21/255.255.255.255  Any     0-65535     0-65535  Any Permit           0
         2 Any   192.168.10.21/255.255.255.255      10.10.13.0/255.255.255.0    Any     0-65535     0-65535  Any Permit           0
         3 Out      10.10.13.0/255.255.255.0           1.1.1.1/255.255.255.255  Any     0-65535     0-65535  Any Permit           0
         4  In         1.1.1.1/255.255.255.255      10.10.13.0/255.255.255.0    Any     0-65535     0-65535  Any Permit           0
         5 Any      10.10.13.0/255.255.255.0    192.168.10.215/255.255.255.255  Any     0-65535     0-65535  Any Permit          98
         6 Any  192.168.10.215/255.255.255.255      10.10.13.0/255.255.255.0    Any     0-65535     0-65535  Any Permit          98
    DenyCounter : 12

  • Authentication with Multiple SSIDs AP521G, using Autonomous

    I have an AP521G access point that I am trying to setup authentication for multiple SSIDs. One SSID is for domain users with WPA/TKIP authentication to a radius server and the other SSID is for guest to have access to Internet with no authentication. Is there a way to setup both SSIDs on the AP for this configuration?

    Security option for an SSID can be unique and can be configured when you configure a SSID or under VLAN . Note that each vlan is uniquely mapped to induvidual SSID.

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • 1242AG Wireless Access Point - Cannot Get DHCP IP for BVI1 interface - Multiple SSIDs...

    Hello,
    I am attempting to set up three Cisco 1242AG Wireless Access Points with multiple SSID's. I used the web interface and directions online to set up the two networks I want and at least one of the networks work wirelessly.
    However, I have two problems:
    The first, which is the most important, is that the "management" interface, BVI1, doesn't get an ip address from our DHCP server. I set the VLAN 60 (which you'll see in the documenation below) to be the native VLAN on the device as well as on the switch that the device is connected to as well as other settings in the configeration file below. Because of this, I can only manage the device via the console port which would be a huge pain once all of the devices are mounted.
    The second problem is that I am not sure how to get both wireless networks broadcasting their SSID's. I have to manually type in the SSID for the second wireless network I have which I would prefer I don't have to. Anyway I can enable broadcasting on all of the SSID's?
    Thank you for your time.
    Regards,
    Christopher Koeber
    Using 7916 out of 32768 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname AP-18.wesleysem.edu
    enable secret {Number Here} {Encrypted Password Here}
    enable password {Number Here} {Encrypted Password Here}
    aaa new-model
    aaa session-id common
    dot11 syslog
    dot11 vlan-name Kresge vlan 20
    dot11 vlan-name Library vlan 30
    dot11 vlan-name Public vlan 60
    dot11 vlan-name Secure_Public vlan 70
    dot11 vlan-name Secure_Seminary vlan 80
    dot11 vlan-name Server_Room vlan 1
    dot11 vlan-name Straughn vlan 40
    dot11 vlan-name Trott vlan 10
    dot11 vlan-name Web_Room vlan 50
    dot11 ssid (Secure) Wesley Campus
    vlan 80
    authentication open
    authentication key-management wpa version 2
    wpa-psk ascii {Number Here} {WPA Key Here}
    dot11 ssid Public
    vlan 60
    authentication open
    mobility network-id 60
    username Cisco password {Number Here} {Encrypted Password Here}
    username admin privilege 15 secret {Number Here} {Encrypted Password Here}!
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 80 mode ciphers aes-ccm
    ssid (Secure) Campus
    ssid Public
    mbssid
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 254
    bridge-group 254 block-unknown-source
    no bridge-group 254 source-learning
    no bridge-group 254 unicast-flooding
    bridge-group 254 spanning-disabled
    interface Dot11Radio0.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio0.30
    encapsulation dot1Q 30
    no ip route-cache
    bridge-group 30
    bridge-group 30 subscriber-loop-control
    bridge-group 30 block-unknown-source
    no bridge-group 30 source-learning
    no bridge-group 30 unicast-flooding
    bridge-group 30 spanning-disabled
    interface Dot11Radio0.40
    encapsulation dot1Q 40
    no ip route-cache
    bridge-group 40
    bridge-group 40 subscriber-loop-control
    bridge-group 40 block-unknown-source
    no bridge-group 40 source-learning
    no bridge-group 40 unicast-flooding
    bridge-group 40 spanning-disabled
    interface Dot11Radio0.50
    encapsulation dot1Q 50
    no ip route-cache
    bridge-group 50
    bridge-group 50 subscriber-loop-control
    bridge-group 50 block-unknown-source
    no bridge-group 50 source-learning
    no bridge-group 50 unicast-flooding
    bridge-group 50 spanning-disabled
    interface Dot11Radio0.60
    encapsulation dot1Q 60 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.70
    encapsulation dot1Q 70
    no ip route-cache
    bridge-group 70
    bridge-group 70 subscriber-loop-control
    bridge-group 70 block-unknown-source
    no bridge-group 70 source-learning
    no bridge-group 70 unicast-flooding
    bridge-group 70 spanning-disabled
    interface Dot11Radio0.80
    encapsulation dot1Q 80
    no ip route-cache
    bridge-group 80
    bridge-group 80 subscriber-loop-control
    bridge-group 80 block-unknown-source
    no bridge-group 80 source-learning
    no bridge-group 80 unicast-flooding
    bridge-group 80 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    encryption vlan 80 mode ciphers aes-ccm
    dfs band 3 block
    channel dfs
    station-role root
    interface Dot11Radio1.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 254
    bridge-group 254 block-unknown-source
    no bridge-group 254 source-learning
    no bridge-group 254 unicast-flooding
    bridge-group 254 spanning-disabled
    interface Dot11Radio1.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    bridge-group 10 spanning-disabled
    interface Dot11Radio1.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio1.30
    encapsulation dot1Q 30
    no ip route-cache
    bridge-group 30
    bridge-group 30 subscriber-loop-control
    bridge-group 30 block-unknown-source
    no bridge-group 30 source-learning
    no bridge-group 30 unicast-flooding
    bridge-group 30 spanning-disabled
    interface Dot11Radio1.40
    encapsulation dot1Q 40
    no ip route-cache
    bridge-group 40
    bridge-group 40 subscriber-loop-control
    bridge-group 40 block-unknown-source
    no bridge-group 40 source-learning
    no bridge-group 40 unicast-flooding
    bridge-group 40 spanning-disabled
    interface Dot11Radio1.50
    encapsulation dot1Q 50
    no ip route-cache
    bridge-group 50
    bridge-group 50 subscriber-loop-control
    bridge-group 50 block-unknown-source
    no bridge-group 50 source-learning
    no bridge-group 50 unicast-flooding
    bridge-group 50 spanning-disabled
    interface Dot11Radio1.60
    encapsulation dot1Q 60 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1.70
    encapsulation dot1Q 70
    no ip route-cache
    bridge-group 70
    bridge-group 70 subscriber-loop-control
    bridge-group 70 block-unknown-source
    no bridge-group 70 source-learning
    no bridge-group 70 unicast-flooding
    bridge-group 70 spanning-disabled
    interface Dot11Radio1.80
    encapsulation dot1Q 80
    no ip route-cache
    bridge-group 80
    bridge-group 80 subscriber-loop-control
    bridge-group 80 block-unknown-source
    no bridge-group 80 source-learning
    no bridge-group 80 unicast-flooding
    bridge-group 80 spanning-disabled
    interface FastEthernet0
    ip dhcp client update dns
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 254
    no bridge-group 254 source-learning
    bridge-group 254 spanning-disabled
    interface FastEthernet0.10
    encapsulation dot1Q 10
    no ip route-cache
    bridge-group 10
    no bridge-group 10 source-learning
    bridge-group 10 spanning-disabled
    interface FastEthernet0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.30
    encapsulation dot1Q 30
    no ip route-cache
    bridge-group 30
    no bridge-group 30 source-learning
    bridge-group 30 spanning-disabled
    interface FastEthernet0.40
    encapsulation dot1Q 40
    no ip route-cache
    bridge-group 40
    no bridge-group 40 source-learning
    bridge-group 40 spanning-disabled
    interface FastEthernet0.50
    encapsulation dot1Q 50
    no ip route-cache
    bridge-group 50
    no bridge-group 50 source-learning
    bridge-group 50 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface FastEthernet0.70
    encapsulation dot1Q 70
    no ip route-cache
    bridge-group 70
    no bridge-group 70 source-learning
    bridge-group 70 spanning-disabled
    interface FastEthernet0.80
    encapsulation dot1Q 80
    no ip route-cache
    bridge-group 80
    no bridge-group 80 source-learning
    bridge-group 80 spanning-disabled
    interface BVI1
    ip address dhcp client-id FastEthernet0
    no ip route-cache
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    line con 0
    line vty 0 4
    end

    I am using a third party DHCP server which is our Windows Domain Controller. I have the ip helper-address set for the native vlan of the Access Point through a layer 3 distribution switch (a Catalyst 4506) that the current switch connects to.
    I didn't see any event on the logs for the AP.
    Let me know if I need to do something else.
    Thanks.

  • Multiple AVC Profile for each SSID

    Hello,
    I know there is limitation on the number of ACLs in each AVC profile, but is there a way to build multiple profiles and link it to the same SSID?
    thanks,

    Hi Sandeep,
    thanks for your reply, I think Cisco should consider allowing provisioning multiple profile for each SSID as the number of applications that needs block are exceeding each profile..
    I do have Guest SSID and I want to block everything using AVC, due to it's limitation, this cannot be achieved.
    Thanks,

  • I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

    Hi team,
    I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
    I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

    http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
    I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
    waiting expert opinions.

  • AIR-AP1142N-A-K9 configuration issue for guest ssid

    I'm trying to get the guest ssid working.  I was frustrated so saved my old config and wiped out everything on this AP.  Now my bvi1 does not come online.
    ap#sh ip int bri
    Interface                  IP-Address      OK? Method Status                Protocol
    BVI1                       192.168.2.249   YES NVRAM  down                  down    
    Dot11Radio0                unassigned      YES NVRAM  up                    up      
    Dot11Radio0.50             unassigned      YES unset  up                    up      
    Dot11Radio0.51             unassigned      YES unset  up                    up      
    Dot11Radio1                unassigned      YES NVRAM  administratively down down    
    GigabitEthernet0           unassigned      YES NVRAM  up                    up      
    GigabitEthernet0.50        unassigned      YES unset  up                    up      
    GigabitEthernet0.51        unassigned      YES unset  up                    up      
    ap#
    ap#sh int bvi
    *May  6 15:05:24.611: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]1
    BVI1 is down, line protocol is down
      Hardware is BVI, address is 003a.99eb.8d00 (bia b862.1fe9.9af0)
      Internet address is 192.168.2.249/24
      MTU 1500 bytes, BW 54000 Kbit, DLY 5000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input never, output never, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes, 0 no buffer
         Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         3 packets output, 180 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    ap#
    I have a private vlan 50 and the public vlan 51.  The private ssid seems to work and allow connectivity to the internet but I don't understand with the same configuration the Public ssid doesn't seem to work.
    I get this output when trying to connect with my cell phone. 
    *May  6 15:00:37.288: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
    *May  6 15:00:38.432: %DOT11-6-ASSOC: Interface Dot11Radio0, Station TYLOR-NB 9c4e.3617.483c Reassociated KEY_MGMT[WPAv2 PSK]
    *May  6 15:00:42.935: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
    *May  6 15:00:54.320: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   2c44.01c3.70a6 Associated KEY_MGMT[WPAv2 PSK]
    *May  6 15:01:13.913: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
    *May  6 15:01:17.281: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
    *May  6 15:01:48.181: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
    *May  6 15:01:51.583: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
    *May  6 15:02:22.500: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
    *May  6 15:03:41.852: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
    SSID [PUBLIC] :
    MAC Address    IP address      Device        Name            Parent         State     
    847a.8835.4f22 0.0.0.0         ccx-client    -               self           Assoc    
    ap#
    ap#show run
    Building configuration...
    Current configuration : 2746 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname ap
    enable secret 5 $1$4jEJ$ajpjBvSx3DUhxyvLADj.91
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    dot11 syslog
    dot11 ssid PRIVATE
       vlan 50
       authentication open
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 01150F035E050E0A2D
    dot11 ssid PUBLIC
       vlan 51
       authentication open
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 045D02010A2F444B05
    username Admin privilege 15 password 7 0526071D3545175840
    bridge irb
    interface Dot11Radio0
     no ip address
     no ip route-cache
     encryption vlan 50 mode ciphers aes-ccm
     encryption vlan 51 mode ciphers aes-ccm
     encryption mode ciphers aes-ccm tkip
     ssid PRIVATE
     ssid PUBLIC
     antenna gain 0
     mbssid
     station-role root
    interface Dot11Radio0.50
     encapsulation dot1Q 50 native
     no ip route-cache
     bridge-group 50
     bridge-group 50 subscriber-loop-control
     bridge-group 50 block-unknown-source
     no bridge-group 50 source-learning
     no bridge-group 50 unicast-flooding
     bridge-group 50 spanning-disabled
    interface Dot11Radio0.51
     encapsulation dot1Q 51
     no ip route-cache
     bridge-group 51
     bridge-group 51 subscriber-loop-control
     bridge-group 51 block-unknown-source
     no bridge-group 51 source-learning
     no bridge-group 51 unicast-flooding
     bridge-group 51 spanning-disabled
    interface Dot11Radio1
     no ip address
     no ip route-cache
     shutdown
     antenna gain 0
     dfs band 3 block
     channel dfs
     station-role root
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
     bridge-group 1 spanning-disabled
    interface GigabitEthernet0
     no ip address
     no ip route-cache
     duplex auto
     speed auto
     no keepalive
    interface GigabitEthernet0.50
     encapsulation dot1Q 50 native
     no ip route-cache
     bridge-group 50
     no bridge-group 50 source-learning
     bridge-group 50 spanning-disabled
    interface GigabitEthernet0.51
     encapsulation dot1Q 51
     no ip route-cache
     bridge-group 51
     no bridge-group 51 source-learning
     bridge-group 51 spanning-disabled
    interface BVI1
     ip address 192.168.2.249 255.255.255.0
     no ip route-cache
    ip default-gateway 192.168.2.1
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    line con 0
    line vty 0 4
    end      
    switch config:
    interface FastEthernet1/0/46
     switchport trunk encapsulation dot1q
     switchport trunk native vlan 50
     switchport trunk allowed vlan 50,51
     switchport mode trunk

    Hi
    I know the bridge-group have to be identical to the sub interface number and vlan number
    This is true for all other vlans except for native vlan. For native vlan sub-interfaces bridge group number always should be 1. In your case, if vlan 50 is the native vlan (192.168.2.x/24 belong vlan) then configure bridge-group 1 under those .50 sub-interfaces. Then everything should work :)
    It is ideal if you could put AP management (BVI IP) into separate vlan & two user groups put vlan 50 & 51. Here is a sample configuration where vlan 110 is Mgmt & vlan 12,13 for user vlans.
    http://mrncciew.com/2012/10/24/multiple-ssid-config-on-autonomous-ap/
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Multiple SSID's on the same subnet?

    Can you have Multiple SSID's on the same subnet?
    SSID1 authenticates clients via radius.
    Our corporation bought printers with wireless cards that only support WPA-PSK so we created SSID2 for the printers. We can connect to both SSID's and ping from SSID1 to SSID2 but we can not perform other functions such as view the printer management interface with a browser. Should it be possibe to communicate between SSID1 and SSID2 on the same subnet?

    Yes you should have no issue, but the only thing is that you are using a lower security method... so either you put them on different subnets so you can control the traffic via acl's or might as well use the same security method to make it easier. The fact that you can ping sounds like you should be able to http to the device.

  • Single access point with multiple ssids and single channel possible?

    Hi everybody.
    I have this silly question.
    Let say we have three vlans, vlan1,2,3  and they are mapped to wlans as follows:
    Vlan 1  ssid1
    Vlan 2 ssid2
    Vlan3 ssid 3
                      AP --------trunk------Switchted network.
    Our Ap  has mobile devices in three wlans, i.e ssid1ssid2 and ssid3
    Since AP uses half duplex mode,  mobile devices need positive ack from ap  before they can send data,  therefore once channel let say channel 3( assuming 802.11b is used) can be shared by all mobile devices in three wlans.  
    Is  my understanding correct?
    Thanks and have a great weekend.

    Hii ,
    Yes ,that is pretty much possible as suggested by other experts on board. Depending on your access point you will have 1 (2.4 GHz) or  both 2.4 & 5GHz radios.
    You can configure multiple SSIDs (up to 16 ) known as MBSSID mode in autonomous environment. In Controller based architecture you can configure up to 512 WLAN (SSID) and transmit any 16 of them per AP (using AP group feature). However , it is recommended to keep multiple SSID count below 8 as for each SSID separate beacon will be sent on air which consumes more air time.
    Hope this helps
    Thanks
    Vinay

  • Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?

    I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
    The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
    thanks

    Hi Don,
    Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Multiple ssid's same key ?

    i am deploying (1) 1242ag as root-bridge with multiple vlans and ssids but have left the key the same for each ssid/vlan. the remote (4) 1242ag's will be configured as work-group bridges with 1 vlan & 1 ssid for each. The key will be the same on all devices.
    Is this recommended? how would it be better set up? or is it fine this way.

    Are you referring to the WEP key. Using this method is not scalable and also not secure. Use a authentication mechanism like EAP which will generate per session keys.

  • Feature request: Support for Multiple Libraries (like in iMovie)

    From the threads, I can tell this topic was raised by many for many years. I would like to propose support for multiple iPhoto libraries -- or more specifically, the ability to distribute media across different storage devices.
    There is a huge gap between my spacially limited MBP 250 GB SSD and my external 4 TB HDD. I am aware that I can juggle two separate libraries in iPhoto but it's just not practical and the moving of media between the libraries is not a simple drag and drop effort but involves exporting and importing with me having to clean up on one side or the other.
    iMovie has had support for several libraries for a long time presumably because the sheer size of media in the video realm gave the iMovie team little choice.
    I can't be the only one having this itch, right?

    Again, you need to clarify your terms
    Aperture can move master photos files around. With Aperture you can write additional metadata to the original file.
    You don't need multiple libraries to thematically arrange photos, though. A simple keywordign system will do that.
    So in Aperture I don't have to restart into different libraries?
    You can have all your photos in a sinble library with the master files stored off-disk easily. You can relocate them from disk to disk too. However, if you;re doing presentations that is probably not necessary if you generate good quality previews. I'd ask about these things on the Aperture forum for more.

  • Using multiple SSID with AP 1100 (standalone mode).

    Hi, need to configure 2 SSID on the same 1100 AP: open authentication and WPA2. It's possible to configure these 2 SSID without configuring VLAN's ?
    On CCO I've read the following:
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a008009483e.shtml
    Q. How many service set identifiers (SSIDs) can you have per VLAN?
    A. You can have only one SSID per VLAN. The use of multiple SSIDs over a single VLAN is not supported with Aironet APs.
    It's also true with the latest IOS release ?

    Hi Roberto,
    Hopefully the attached docs will answer your question:
    Cisco Aironet 1100 Series
    Using VLANs with Cisco Aironet Wireless Equipment
    Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
    Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
    Configuring Multiple SSIDs
    vlan vlan-id
    (Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
    Hope this helps!
    Rob
    Please remember to rate helpful posts.......

Maybe you are looking for

  • 12 month plan full advance payment for 10 month.

    Hello! Is anybody could help me with information regarding whether or not it is possible to pay full amount for 10 months in advance while the first two months of the 12 month plan were paid normally (i.e. once in a month). In short: is it possible t

  • Is The iPhone 5 Really Worth It?

    Hopefully I do not get bombarded by hardcore Apple fans but is the iPhone 5 really worth it. I used to have the iPhone 4S, but upgraded it to a Samsung Galaxy S3 and here is what I think of the iPhone 5. With phones like the Galaxy Note 2, Galaxy S3,

  • HT5312 how can i change my rescue email?

    How can iI change my rescue email? My original apple id email is no longer valid and I would like to change my apple id to what is currently my rescue email. I have a secondary email that I can change to my rescue email. However, because I could not

  • TableSorter with WD in NW7.1

    Hello Community, i'am testing with the table ui-component. now i want to realize sorting. for that i found here that one should use TableSorter.java as an utility-class for sorting. doing so far works fine, but i have some additionals problems and ma

  • Airwatch and byod app for corporate email/calendar

    I have corporate airwatch.  i had to get a replacement phone recently, moved the sim card to the new phone.  everything came back from cloud, but airwatch now says "user cannot be authenticated".  I deleted app from phone (still in cloud) and reinsta