Multiple SSIDs with WDS, custom DHCP addresses, & Web interface
I just bought an Aiport Extreme Base station along with an Aiport Express. So far, everything is great, but I had a few of things I would like configure a certain way, and I am having a little problem.
Just to let you know, I am using the base station as the main router/firewall (with my cable modem). I am using the express basically as a wireless bridge (via WDS).
The way Apple takes care of things with WDS, is by assiging the same SSID to both the base station and express for seamless roaming. However, I would like them both to have their own SSID. I cannot seem to get this working, and I know that some other vendors allow this (Buffalo, Linksys).
The other issue is regarding DHCP on the LAN side. I want to for example hand out IP addresses 192.168.2.50-60 to my internal clients, and I want the base station to have an address of 192.168.2.1 and the express to have 192.168.2.5. It seems this also I am having problems with. It seems like the base station is very rigid on what options I have in this regard.
Lastly, I wondered if there is any other way to administer these guys (like a web browser). Sometimes I need to remotely make changes to the router, and don’t really want to install another app just for this purpose (especially at work, or some other remote location).
Thanks
Mac Mini 1.25 GHz Mac OS X (10.4.3) 1 Gig of RAM
The way Apple takes care of things with WDS, is by
assiging the same SSID to both the base station
and
express for seamless roaming. However, I would
like
them both to have their own SSID.
I don't know why you'd want that but if you are
extending the range of your wireless network with WDS
it isn't possible with Airports.
The other issue is regarding DHCP on the LAN side.
I
want to for example hand out IP addresses
192.168.2.50-60 to my internal clients, and I want
the base station to have an address of 192.168.2.1
and the express to have 192.168.2.5. It seems this
also I am having problems with.
You can set the DHCP range and then assign static
IP's to anything that conforms to that network as
long as it won't conflict with something
automatically assigned by DHCP. As a router NAT must
be enabled so if you want a unique range of numbers
only DHCP is used which won't work in your case.
In other words set the range at 192.168.1.1 and that
is the address of the base station. That can be used
for the statically IP'd device's router and DNS
entries as well like this:
Device 1 IP 192.168.1.101
Device 1 subnet 255.255.255.0
Device 1 router 192.168.1.1
Device 1 DNS 192.168.1.1
Device 2 IP 192.168.1.102
Device 2 subnet 255.255.255.0
Device 2 router 192.168.1.1
Device 2 DNS 192.168.1.1
etc...
Lastly, I wondered if there is any other way to
administer these guys (like a web browser).
Not that I'm aware of. Airport Admin Utility is all
there is. I have seen a java utility but it wasn't
very friendly.
Thanks for the answers. Despite these minor limitations, so far the Apple hardware is some of the best 802.11 stuff I have used (except for maybe a Cisco 1200).
Similar Messages
-
Multiple SSIDS with VLAN ACL seperation
Hi,
I have bought a 887W and I'm new to wireless on a router, I need advice about seperating multiple SSIDs with access list.
I have configured 2 SSIDs one for 'trusted' clients and one for 'guest' clients. I want to prevent the 'guest' SSID obtaining access to the other vlan/SSID using an ACL.
Each SSID is associated with a BVI, the BVI has the IP address, then it's linked to a seperated VLAN interface, then each VLAN.
Thanks if you can help...
DaveSolved my issue, I simply attached the ACLs to the BVI interfaces. Fairly obvious, but I read a Cisco webpage that said this could not be done, although this may have been a temporary bug that has been fixed.
-
Hi Surendra,
I was just given this task to see how i can configure a second ssid for guest access in our environment.
this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
My AP config is attached below.
Please tell me what am I doing wrong.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
Does the access point need to be aware of the voice vlan?
Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
I will greatly appreciate your urgent response.
Thanks in advanced.Hi,
As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
int vlan 20
ip helper-address 192.168.33.xxx
int vlan 60
ip helper-address 130.20.1.xxx
I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
Modify the AP config as below since you are using data vlan as the native vlan
interface Dot11Radio0.20
encapsulation dot1Q 20 native
interface FastEthernet0.20
encapsulation dot1Q 20 native
Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60
no ip route-cache
bridge-group 60
no bridge-group 60 source-learning
bridge-group 60 spanning-disabled
Hope this helps.
Regards
Najaf -
Multiple SSID with different Login Web authority pages
Our current setup is one Anchor control and then several WLC’s, I want to know if I can have multiple SSID and use different Web Auth pages form them, so I can have a SSID that requires a password to Authentication access and another SSID that requires pass through Authentication but they would have different web authentication pages and go to different pages once Authenticated.
Is this possible to ?Hi,
If you are running WLC software 4.2 and above then u can do this on per WLAN basis.. here is the link which tells on how to do it..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml#A1
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
Using multiple SSID with AP 1100 (standalone mode).
Hi, need to configure 2 SSID on the same 1100 AP: open authentication and WPA2. It's possible to configure these 2 SSID without configuring VLAN's ?
On CCO I've read the following:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a008009483e.shtml
Q. How many service set identifiers (SSIDs) can you have per VLAN?
A. You can have only one SSID per VLAN. The use of multiple SSIDs over a single VLAN is not supported with Aironet APs.
It's also true with the latest IOS release ?Hi Roberto,
Hopefully the attached docs will answer your question:
Cisco Aironet 1100 Series
Using VLANs with Cisco Aironet Wireless Equipment
Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current versions do not.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points, 12.2(15)JA
Configuring Multiple SSIDs
vlan vlan-id
(Optional) Assign the SSID to a VLAN on your network. Client devices that associate using the SSID are grouped into this VLAN. You can assign only one SSID to a VLAN.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802085c4.html
Hope this helps!
Rob
Please remember to rate helpful posts....... -
WLC 5760 multiple SSIDs with MAC filtering
Dear All,
I am implementing a wireless network with 5760 WLCs. The client requires a few SSIDs with MAC-based authentication. So I created different MAC filters using the commands "aaa authorization network MAC_FILTER01 local", "aaa authorization network MAC_FILTER02 local" etc
These filters are bound to different SSIDs using the commands "mac-filtering MAC_FILTER01" "mac-filtering MAC_FILTER02" etc. and users are added to their required MAC filters using the commands "username <mac-address> mac aaa attribute list MAC_FILTER01", "username <mac-address> mac aaa attribute list MAC_FILTER02" etc.
Now I am facing a serious issue - users belonging to any one MAC filter can connect to the all SSIDs. It seems like the MAC addresses added to the controller under different filter names are going to a common database, thereby providing access to users to all SSIDs irrespective of their MAC filter.
Is it a limitation of local database of 5760? Has anyone faced the same issue? How can I implement independent MAC filters bound to different SSIDs?
Thanks,
Arun JohnHi Arun,
this feature currently does not exist on the 5760. it is due to release in one of the MR's of 3.6
-Joseph -
Can the RV180W have multiple SSIDs with different security configurations?
I am trying to configure the RV180W with a guest network and regular wireless network. The regular wireless network is just a bridge to the wired network, using WPA2-Pers for authentication. I built and enabled another wireless SSID, using a different VLAN and no authentication. I can get both SSIDs to function at the same time if I turn off security. Once I turn on Security, the regular one no longer functions.
It is actually all in the manual:
SEE: PDF MANUAL
Page 63 of PDF and onwards
Do note that you need to assign multiple VLAN per SSID. Check the manual it is there :D
and based on the manual you need to enable multiple VLAN support: See page 34 of the manual: Configuring Virtual LAN (VLAN) Membership
Don't forget to rate and mark as answer helpful posts! :) -
Multiple SSIDs with Multiple (split) VLANs & GW ---- for shopping mall
Hi Experts,
I suppose to sell the shared infrastructure service. Now I'm holding a couple of 8500 (HA). With almost 450 APs.
I'm designing my actual WiFi service for this "Shopping Mall" to retails.
Each of retail shop should own his AP inside their own shop. The AP should ONLY broadcast his own SSID such "Starbucks-WIFI". Each shop sholud not be able to hook into the other shops network.
Problem are
If I have 100-500 customers/retail shops. Can I achieve my goal with a ginven WLC8500?
How many SSID can be actived at once?
How many AP group can be configured and turned on at once?
What would be the actual topology which is the best practice for? --- IMO, shop broadcast their own SSID >> access switch dedicated VLAN >> VRF (64VRF max @ CAT4500) or dedicated GW at Firewall >> dedicated internet link.
I found some relevant post but it not explitict to my env. Wireless Max SSID on WLC and AP | Getting Started with Wireless ...
Cheer & Br,
Nipat.pHow many SSID can be actived at once?
Go to WLAN > Advanced > AP Groups.
All APs fall into the default-group. Each AP can advertise a maximum of 16 SSIDs. If you are smart, you can create a number of AP Groups and individual APs can be assigned to a specific AP Group. One of the main selling point with AP Groups is the ability to assign specific SSIDs. So if you create an AP Group called Starsbuck and in the AP Group you assign only the Starsbuck SSID and then assign only one AP then this AP will ONLY advertise the specified SSID.
Good news is the 8500 can support up to 6K AP Groups (read THIS). -
Using multiple SSIDs with same name but different PSKs
I have a central WLC 2504 controller that is being used for remote site FlexConnect 1141 APs. They all advertise three different SSIDs. One SSID is a global SSID that is the same at every office. One is a hidden SSID using 802.1x machine auth.
The one I am trying to get working is the local office guest network. These SSIDs are all the same at each office but should have different PSKs. They are local to the office, therefore would only ever be applied to a specific FlexConnect group.
I understand why in theory this is generally not a good idea but given these are for remote sites I'd like it to be possible. I always get this message though:
"WLAN with duplicate SSID and L2 security policy found"
Is there a way around this? New WLC code that allows it maybe?I was able to configure three (more I think possible) WLANs with same SSID name and all are WPA2-AES-PSK on the same WLC and all are enabled at hte same time.
Note that you can not have any of those broadcasting on same AP group. Each WLAN can be only broadcasted on a separate AP group. For your sites, It will probably need you to define an AP group for each site to broadcast different WLANs on different sites.
You can do that if all your WLANs have an ID of 17 or higher. (the reason is, WLANs of 1-16 are by default broadcasted on the default AP group. and because those can not be on the same AP group - including the default one - then you can't have them with WLAN IDs 1-16. i.e on same - default - AP group)
HTH
Amjad
rating useful replies is more useful than saying "Thank you" -
SES Filter - Adding Multiple Filters with same custom attribute
Hi,
I have added custom search attributes and am able to add a filter to the doOracleSearch method.
filter[0] = new Filter(new Integer(100), "NUMBER", "equals", 10020);
Now I have to add another filter for same search attribute with or condition, how can I do that..
I tried following..
filter[0] = new Filter(new Integer(100), "NUMBER", "equals",10020);
filter[1] = new Filter(new Integer(100), "NUMBER", "equals", 10049);
But how do I specify it is or and the above code is not working.
Thank you.
Vasu.Here is an example of this using 11g. Note you will need to login programatically if data is secured.
// Create search service and set SOAP URL
OracleSearchService searchService = new OracleSearchService();
searchService.setSoapURL("http://myserver:7777/search/query/OracleSearch");
// Get data group to search
DataGroup dataGroup = new DataGroup();
dataGroup.setGroupName("MyGroup");
DataGroup[] dataGroups = new DataGroup[1];
dataGroups[0] = dataGroup;
// Get list of all attributes to fetch
Attribute[] attributesAll = searchService.getAllAttributes("en");
ArrayList<Integer> attributeIds = new ArrayList<Integer>();
for(Attribute a: attributesAll)
attributeIds.add(a.getId());
Integer attributeIdArrayAll[] = new Integer[attributeIds.size()];
attributeIdArrayAll = attributeIds.toArray(attributeIdArrayAll);
// Create filters (BE SURE THE FILTER ID IS CORRECT - I do not suggest you hard-code it but rather iterate through list of all attributes above and get ID that way)
Filter[] myFilters = new Filter[2];
myFilters[0] = new Filter(124, "Number", "EQUALS", "129224");
myFilters[1] = new Filter(124, "Number", "EQUALS", "123730");
// Query (BE SURE TO USE "or" as the operator between filters)
OracleSearchResult result = searchService.doOracleSearch("", 0, 50, false, false, dataGroups, "en", null, true, "or", myFilters, attributeIdArrayAll);
// Get count
int hits = result.getEstimatedHitCount().intValue();
// Print results
ResultElement[] resElements = result.getResultElements();
for(int i = 0; i < resElements.length; i++)
// Get document
ResultElement doc = resElements;
Hope this helps! -
Hello,
I am attempting to set up three Cisco 1242AG Wireless Access Points with multiple SSID's. I used the web interface and directions online to set up the two networks I want and at least one of the networks work wirelessly.
However, I have two problems:
The first, which is the most important, is that the "management" interface, BVI1, doesn't get an ip address from our DHCP server. I set the VLAN 60 (which you'll see in the documenation below) to be the native VLAN on the device as well as on the switch that the device is connected to as well as other settings in the configeration file below. Because of this, I can only manage the device via the console port which would be a huge pain once all of the devices are mounted.
The second problem is that I am not sure how to get both wireless networks broadcasting their SSID's. I have to manually type in the SSID for the second wireless network I have which I would prefer I don't have to. Anyway I can enable broadcasting on all of the SSID's?
Thank you for your time.
Regards,
Christopher Koeber
Using 7916 out of 32768 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP-18.wesleysem.edu
enable secret {Number Here} {Encrypted Password Here}
enable password {Number Here} {Encrypted Password Here}
aaa new-model
aaa session-id common
dot11 syslog
dot11 vlan-name Kresge vlan 20
dot11 vlan-name Library vlan 30
dot11 vlan-name Public vlan 60
dot11 vlan-name Secure_Public vlan 70
dot11 vlan-name Secure_Seminary vlan 80
dot11 vlan-name Server_Room vlan 1
dot11 vlan-name Straughn vlan 40
dot11 vlan-name Trott vlan 10
dot11 vlan-name Web_Room vlan 50
dot11 ssid (Secure) Wesley Campus
vlan 80
authentication open
authentication key-management wpa version 2
wpa-psk ascii {Number Here} {WPA Key Here}
dot11 ssid Public
vlan 60
authentication open
mobility network-id 60
username Cisco password {Number Here} {Encrypted Password Here}
username admin privilege 15 secret {Number Here} {Encrypted Password Here}!
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 80 mode ciphers aes-ccm
ssid (Secure) Campus
ssid Public
mbssid
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
interface Dot11Radio0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
bridge-group 70 spanning-disabled
interface Dot11Radio0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption vlan 80 mode ciphers aes-ccm
dfs band 3 block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
interface Dot11Radio1.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
bridge-group 40 spanning-disabled
interface Dot11Radio1.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio1.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
bridge-group 70 spanning-disabled
interface Dot11Radio1.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
interface FastEthernet0
ip dhcp client update dns
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
interface FastEthernet0.40
encapsulation dot1Q 40
no ip route-cache
bridge-group 40
no bridge-group 40 source-learning
bridge-group 40 spanning-disabled
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
no bridge-group 70 source-learning
bridge-group 70 spanning-disabled
interface FastEthernet0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
no bridge-group 80 source-learning
bridge-group 80 spanning-disabled
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
endI am using a third party DHCP server which is our Windows Domain Controller. I have the ip helper-address set for the native vlan of the Access Point through a layer 3 distribution switch (a Catalyst 4506) that the current switch connects to.
I didn't see any event on the logs for the AP.
Let me know if I need to do something else.
Thanks. -
WAP200 and .1x/radius authentication with multiple SSIDs
Apparently it's not possible to define more than a single radius server when using multiple SSIDs with WAP200. Unfortunately WAP200 doesn't add the name of the SSID as a radius attribute, so it's not possible to make distinction whether the user is trying to log in to SSID A or B. Does anyone have any ideas or workarounds for this limitation? Of course the best solution would be if Cisco/Linksys fixed the firmware so that the SSID of the logging in user would be sent to the radius server as an extra attribute or appended to the client mac address.
Security option for an SSID can be unique and can be configured when you configure a SSID or under VLAN . Note that each vlan is uniquely mapped to induvidual SSID.
-
Populate contact's Work address with customer's address
Hi,
The Work Address of a contact is not populating with the customer's address when the contact relationship is created.
Is this configured somewhere?
Thks,
WilliamHello!
Please check
[Note 1230259 - Standard address not preassigned in contact|https://service.sap.com/sap/support/notes/1230259]
[https://service.sap.com/sap/support/notes/1230259|https://service.sap.com/sap/support/notes/1230259]
I think this is exactly about the issue you have.
Best regards
Arno -
1142 Autonomous AP not passing DHCP address to clients
Hi there,
I do hope someone can help me out here because I am having a nightmare with a single AP.
Setup is as follows:
5 existing APs already on site, all working correctly plugged into a 48 port 2960, (non poe).
customer wants to add another AP to extend capacity.
Installed AP, (config attached) mirrored switchport settings, (below) and fired it up.
Outcome: if you are on a static IP or have received DHCP through another AP then everything works as it should. But DHCP requests are never fulfilled if connected through this AP. (this goes also for a laptop with an existing DHCP address if you go through the \release \renew process) DHCP is served by a server living on the switch.
The AP lives on VLAN 2, hence native .2 on both ends, and wireless clients should recieve a VLAN 1 address. All the other APs, (1131s) are working without a problem and this is driving me NUTS! Have been through configs and every screen of the GUI but cant find any difference in set up. Apart from different AP models the new one is on a pwrinj4 while the others are on pwrinj3's.
Switchport settings:
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
AP Config
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
aaa authorization network default local
aaa session-id common
dot11 vlan-name *** vlan 1
dot11 vlan-name *** vlan 2
dot11 ssid ***
vlan 1
authentication open
authentication key-management wpa optional
wpa-psk hex ***
username manager privilege 15 password ***
username user privilege 0 password ***
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
channel 1
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption key 2 size 128bit *** transmit-key
encryption mode ciphers tkip wep128
encryption vlan 1 key 2 size 128bit *** transmit-key
encryption vlan 1 mode ciphers tkip wep128
ssid ***
no dfs band block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio1.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
interface GigabitEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
interface dot11Radio 0
ssid ***
no shutdown
interface dot11Radio 1
ssid ***
no shutdown
power inline negotiation injector installed
interface BVI1
ip address 10.25.97.245 255.255.255.0
no ip route-cache
ip default-gateway 10.25.97.1Hi Scott,
Yes, the only difference is as this is a 1142 I was instructed to put it onto one fo the Gb ports. I tried the Ap on a known working port to rule out switch config to no effect.
Here is the extended switch config:
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
interface FastEthernet0/44
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/45
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/46
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/47
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface FastEthernet0/48
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/1
description Connect to wireless AP
switchport trunk native vlan 2
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
Not sure about the spanning tree settings on the others: I didnt set those up and am a great believer in the "if it aint broke, dont fix it" maxim! -
Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?
I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
thanksHi Don,
Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
Maybe you are looking for
-
Some math elements appear as question marks in equations - FM9/Win7Pro
Hello everyone, I am facing the issue that some math elements appear as question marks in equations; for example, the summation and angle symbols. The approximately equal or the alpha symbols, for example, appear correctly. The symbol font is install
-
How to get icon for hardrive(s) to show up?
Hi--How do I get the icons for hardrive(s) to show up? Odd. Thanks!
-
Time tracking in a work centre
Hi Experts, I am staging components for a process order using a posting change request, due to this I am unable use VAS order in a production work-center (VAS order is applicable only for inbound/outbound deliveries), But I would like to track time f
-
Maverick compatible with photoshop element 8
Does anyone know if Photoshop Element 8 is compatible with Maverick? Is there a list anywhere of software that would need to be upgraded? Would like to know before upgrading. Thank you!
-
Getting a server error when launching VI's dynamically from a llb
I have made a simple VI launcher which opens a reference to a VI and opens the Front Panel through a property node and run the VI by using a invoke node in order to be able to distribute the launcher without having any sub VI's included. When running