Single SSID network composed of 4 wired WAP321 for hotel

Similar Messages

• Dynamic vlan assignment with single SSID

  Hi All,
  I have 300 APs deployed  and  concurrent client associations that number 3000+ daily
  at the moment I have a single subnet for all users, there is no authentication just a click through
  page with email entry to gain access.
  The APs are assigned to groups based upon the building zone they are in, is it possible to
  assign a vlan based upon the AP the user is associated to but still only broadcast a single SSID.
  TIA

  You can assign dynamic vlan for 802.1X authentication using aaa override from RADIUS server.
  In your case, since it is webconsent ssid you can use AP groups to put clients on differnt vlans per the AP group
  Sent from Cisco Technical Support iPhone App

• Cisco ISE 1.1.1 - Single SSID

  I'm working on our ISE implementation and these are my two goals.
  1.  Single SSID for BYOD users and corporate managed systems.
  Login to the NAC agent if not part of the domain (EX: windows laptop not part of the domain joins the SSID, goes through the self service portal, downloads NAC agent, must login to NAC agent whenever joining network with AD credentials)
  AD login required to join this SSID, no guests allowed
  2.  Guest SSID
  Guest login only - requires sponsor
  web agent required for windows machine
  AV required
  Current AV definitions required
  Are these goals attainable or am I better to go in a different direction is my first question.
  Second, using the Cisco BYOD Smart Solution Guide (link at bottom of post) it mentions the single SSID as not being a complicated component but it only runs through the dual SSID solution, what settings are needed for a single SSID? I'm using Open + MAC Filtering but when the supplicant attempts to connect it doesn't work because it's looking for a WPA2 network with the same SSID name.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
  Single SSID is specifically mentioned here:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp504735

  David,
  What the documentation did was that it created a condition which does the check for the ssid in the access-request:
  Guest_Authz is a user-defined simple authorization condition for guests  accessing the Internet via Web authentication through the WLAN  corresponding to the open guest SSID. It matches the following RADIUS AV  pair from the Airespace dictionary:
       Airespace-Wlan-Id - [1] EQUALS 1
  So that when the user connects to the network they are connecting through the guest ssid in which this has the wlan id of 1. Either you can do that in your authorization rule right in the screenshot or you can create this condition under the policy elements tab.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ISE and Selfservice with single SSID

  Hi, i have:
  WLAN 2504 Controller with 7.2 Software
  ISE 1.1.2
  A single SSID with 802.1x Authentication
  Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.
  - The user connects to the single SSID
  - The user configures peap authentication on his device
  - The user authenticates to a ldap directory with username and password
  - After successfull authentication the user will be redirected to the mydevices portal
  - he logs in with his ldap credentials
  - the mac address of his current device is listed in the mydevice portal
  - user adds his device to the known devices list
  - manual reconnect to my ssid
  Is this possible with ISE? Is there a howto out there with exact this scenario?
  Kind regards

  Hello Andreas,
  WLC 2504 supports CWA, CoA & dACL.
  This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.
  For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html
  Regards,
  Ashok

• Large Subnet for single SSID

  I am looking for a design guide to help me split up a large subnet for a Cisco Wireless network.  We have a Campus with a centralised Wsim and a single SSID.  We are hoping to be able to keep the single SSID but split the subnet as it is now quite large and we would like to reduce the broadcast domain to a manageable size.  I have found a number which have different SSID but we would like to keep only 1 as it simplifies the user experience. 

  Adding to Scotts post.  If you are doing 802.1x you can use dynamic VLAN assignment to achieve the results as well.
  AAA returns attributes 64/65/81 to the WLC, to change the VLAN the user gets put into.  You do still need to create the dynamic interfaces on the WLC.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Can multiple Airport Expresses be connected via ethernet to an Airport Extreme to extend a single WiFi Network?

  I am a big fan of both the Airport Extreme and Airport Express.  In my work environment, I need to create a good quality single wireless network around 2 large aircraft hangars and some offices at the perimeters.  We have a good quality wired Cat5e ethernet network extended between the buildings and offices now.  Is this possible and does it seem like a good practical solution?  I think that 4 or 5 Airport expresses would easily provide good wireless coverage in the needed areas. 

  Can multiple AirPort Expresses be connected via ethernet to an AirPort Extreme to extend a single WiFi Network?
  Yes, this will work just fine as long as any individual Ethernet cable run will not exceed much over 330 feet or about 100 meters.

• Multiple Passphrases for a Single SSID ?

  We are getting ready to deploy a special SSID for handheld devices to be used on.
  Is there any way to have multiple passphrases for a single SSID ?  The reason I am looking at this is that we may have users who come into one of our offices and may not have gotten/received the email advising of the passphrase change.  My hope would be that we could implement Passphrase A when we initially deploy the new SSID and then in say 3 months, change the password.  We would like to leave the Passphrase A active for about a week which should be sufficient time for them to change it and then we could delete Passphrase A, leaving only Passphrase B active.  In WEP there was something like this but I dont see this as an option in WPA2.  Unfortunately with some of the devices that I have looked at, WPA2 Enterprise isnt an option, so that is why I am looking at things from this perspective.
  Any suggestions would be appreciated.
  Ron

  Hello Ronald,
  No you cannot have multiple passphrase or WPA-PresharedKey for the same SSID.
  Thank you,
  Serge

• Network drivers no internet wired or wireless

  I have a T60 type 2007 and model BE6. I recently have been unable to use my wired or wireless internet on my laptop. I thought it might be a problem with my drivers then. I tried uninstalling them and rolling them back but whenever I click uninstall or rollback driver the window freezes then.
  I tried updating my driver then to the latest ones which I got from the website for my wireless and network, and when I updated the drivers it would just keep on going in that window and eventually freeze, and then after I close it, the driver details showed it to be the new driver even though it froze. With the new drivers installed the local area connection would be disabled, and when I try to enable it, it would say connection failed.
  When I tried to rollback the drivers it would freeze, but after I opened it up again it would show my old driver information. With the old drivers, my local area connection would be enabled, but still when I try to connect to internet, it says the specified destination is not reachable. Also when I try disabling the wireless or local area connection it doesnt do anything, and when i do repair it freezes.
  Also for the drivers when i try to go into the resource tab, that window just freezes.
  I do not know if my drivers are updating correctly or not, because it freezes and such. Any help is greatly appreciated.
  thanks.

  Hi mishink7,
  Welcome to the Lenovo forum 
  Because you are having networking problems with both wired and wireless, it seems likely that the problems are caused not by the network device drivers, but by something higher in the network "stack". Did you install or update a firewall, Access Connections, or any other software just before you started having network problems?
  Best regards,
  Frank
  Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.
  Did someone help you?
  Say thanks! with a kudo.
  Even better: Pay it forward, help someone else.

• Wirelss networking macbook to a wired PC?

  Sorry if this has been asked a thousand times before (kindly point me to the correct place, please!). I did do a quick search but was fruitless (didnt really understand much)
  I am a bit of newb at this and not even sure if it is possible with my setup. I want to create a home network. Currently I have a cable modem connected to a Netgear Range Max MIMO WPN824 router (802.11g), which is in turn wired into my desktop XP-based machine.
  Now I was thinking that it must be possible to create a home network which allows my macbook core due to "speak" to my pc over via the wireless connection. I think I have all the necessary options on my macbook switched off preventing this from happening.
  All I really want is an idiots guide telling me how to get this network up and running. Does anyone know of any useful sites/guides dealing with this kind of enquiry?
  Did I mention that I was a newb? I'm not 100% sure how to set up a home network so any advice you can give/point me too will be gratefully received.

  Well, since you only actually have one other system currently on the same connecttion which you want your "network" to be, and the one you wish to add is a Mac to a Windows Network, it gets a bit more complicated. I have found 2 different ways to connect my macs to my windows home network (which is already set up fully and working), though I have not actually taken the time to attempt using these procedures to do so (I have many other things I have been doing lately).
  I have sucessfully connected my windows machines (tested with using just one PC desktop in one case and 1 laptop in the other case). I got my Dell Windows XP MCE 2005 to connect to my Mac iBook G3 this way, and then when trying to add my new MacBook to my home network, got it to connect to my Win XP Home Desktop. Each time this was done and I "explored the files" on the other system, it was with me using the Windows PC and exploring the Mac.
  It just seems a bit more difficult to do from the Mac side of things, and like I said, I have found how to add them to my home network using a different method which should have them visable and active as soon as they (the Macs) are turned on, just like a PC becomes "visable" once turned on.
  Others have tried to explain to many people over this forum of how to do this (which all seems strange and not as simple and easy as doing so through windows), but it also seems like there are fewer questions about this networking a Mac at all (even when not adding PCs into the mix) and it just always seems like it is people like me (windows pc users recently turned to mac and wanting to connect them to the same network) and I can't say I have seen one post describing how to connect or create a Mac network with 2+ Macs together, and only a handfull of useful replies on how to add Mac to Windows networks.
  I can get back to you more with the different ways (in a few days, need to find where I put the instructions) if others don't respond to your post first with them.
  As for the quick, simple connection (which you can "mount" onto your Windows PC just like any other Network location or Disk Drive), I will try and go through it again right now and then respond to my own post here with what steps I took.
  The first thing you will want to do is setup on your windows pc, a "home network" giving it a certain name (it usually defaults as "MS HOME" and I would always change it to "HOME", but anything you want to name it is fine). Normally, if you had other Win PCs that you wanted to add, you would just do the same thing with the Create network Wizard (naming the network the same for all PCs you want to be connected), you could probably have multiple "networks" actually, the only pcs that can connect to a certain one are ones that have had this "named" network created on their system. Actually, I think Home (and maybe MCE 2005) users can only have one Network (if you go to add another I think it just changes the previous one to the new network, or maybe it just takes that new network as your "default connect to" network... gets kinda fuzzy unless you know more about multiple networks running at the same time). Windows XP Pro (Professional) is the one that most likely has the best chance at doing this multiple networks thing as it was made for businesses and different "work" networks with more networking options built-in to the OS.
  After you have your Windows Home Network setup, then you will want to have both PC and Mac turned on and connected (to your router, they should both be able to access the internet). If you know the individual IP Addresses for each computer system, this could help, and should be found under the Details area of you LAN or WiFI connection (you most likely know how to see both of these in Windows and on your Mac, if not follow the way to your Internet ISP settings and you should stumble upon them).
  Will update with more soon...

• ISE Single SSID BYOD - Windows Endpoint user experience

  We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine with these endpoints. We are having issues with Windows clients. On Windows client, when the user selects the SSID, it is prompting for userid/password, but never gets a pop-up for server certificate. We are using a third party public wildcard certificate on ISE for HTTP/EAP authentication.  On ISE, we are getting: 12511 Unexpectedly received TLS alert message; treating as a rejection by the client.                

  12511
  EAP
  Unexpectedly   received TLS alert message; treating as a rejection by the client
  While trying to   negotiate a TLS handshake with the client, ISE received an unexpected TLS   alert message. This might be due to the supplicant not trusting the ISE   server certificate for some reason. ISE treated the unexpected message as a   sign that the client rejected the tunnel establishment.
  Warn

• Airport for Internet with Wired Ethernet for local network

  I'm trying to set up a small local network of 3 PC laptops connected via a router to a Mac which is acting as the central repository for the 3 PCs. The 3 PCs and the Mac are all connected by Ethernet cables to the router which is deliberately isolated from the Internet. However, I also want the Mac to use Airport to get access to the Internet via another router which does have Internet access and provides wireless support.
  What happens is that the wireless Internet access for the Mac works OK as long as I have the Mac disconnected from the small PCs+router network. As soon as I connect the Ethernet cable to the Mac, it loses Internet access.
  It seems that the Mac is preferring to try to use the wired connection over the wireless connection for Internet access.
  How can I force the Mac to use the wireless connection for Internet access and leave the wired connection for my small local network? That is, how can I change the priorities for the two network interfaces (similar to the interface metric setting in Windows XP)?

  http://docs.info.apple.com/article.html?path=Mac/10.6/en/8156.html
  read this and then look at this.. this is a screen shot of what you need to do..
  http://www.ofzenandcomputing.com/wp-content/uploads/2007/02/Picture%203.png
  if you share your wireless and tell it to share it THROUGH your ethernet you'll be okay..
  another thing that you may want to do is to access your routers settings and tell it to work as a switch rather then a router. however if you can get it to work using the article up top then you might not need to do that.

• Single SSID w/ 1000+ Clients

  I'm working on setting up a single guest access SSID on a Cisco 5508 WLAN controller for clients to use on our campus.  When dealing with 1000+ clients, there are segmenting options such a single large subnet (/21 or so), AP groups w/ smaller subnets, and interface groups with smaller subnets (VLAN Select feature).  Which method is considered best practice?  Is there a "magic" number of clients where you would want to start using multiple smaller subnets instead of single large one? 

  How it works is you have a single wlan. Today you select a single dynamic interface for that wlan. If you create an interface group you add multiple dynamic interfaces to the interface group. You then select the interface group to the wlan rather than the single dynamic interface you do today. As clients connect they round robin through the dynamic interfaces you selected for the WLAN.
  Make sense?
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Binding multiple VLANs to single SSID on WLC

  I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.

  the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
  Here are a couple of links tha might help.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html

• BEFW11S4: Windows XP will not recognize my SSID network

  I have a BEFW11S4 router with firmware version 1.5.10. I am using Windows XP Pro w/ SP2. I am using an IBM R52 laptop with a non Linksys wireless card.
  In the past, I was able to just do this:
  http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=3962&lid=7790878881B05
  and the SSID would show up. I'd enter the WEP key and bam! I'm online.
  I had to have my IBM reimaged, but when I went back to connect to the network, my SSID network name would not show up. I would see an unsecured network that a neighbor of mine had, but not my own. Reimaging is usually not a problem, as I've had my IBM reimaged many times before and I could still connect again.
  The weird thing is that as I type this post, I am on a Mac OSX and it is using my very own network, so I don't know how to get Windows XP to see my network.

  if your pc is seeing any other network in the area like your neighhor's network, then you have to recheck on the configurations of your own router. check first if the wireless-b on the front panel of the router is lit up, so as to insure that the wireless capability of the router is still functioning properly. get into the setup page of the router and recheck if the wireless broadcast is enabled and properly recheck your network name and if the network is secured or not.
  do reflashing of firmware on the router, it will always recommended to upgrade firmware of router.
  i do appreciate further feedback on your problem soon.

• I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

  Hi team,
  I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
  I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

  http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
  I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
  waiting expert opinions.