Single SSID w/ 1000+ Clients

Similar Messages

• ISE Single SSID BYOD - Windows Endpoint user experience

  We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine with these endpoints. We are having issues with Windows clients. On Windows client, when the user selects the SSID, it is prompting for userid/password, but never gets a pop-up for server certificate. We are using a third party public wildcard certificate on ISE for HTTP/EAP authentication.  On ISE, we are getting: 12511 Unexpectedly received TLS alert message; treating as a rejection by the client.                

  12511
  EAP
  Unexpectedly   received TLS alert message; treating as a rejection by the client
  While trying to   negotiate a TLS handshake with the client, ISE received an unexpected TLS   alert message. This might be due to the supplicant not trusting the ISE   server certificate for some reason. ISE treated the unexpected message as a   sign that the client rejected the tunnel establishment.
  Warn

• Dynamic vlan assignment with single SSID

  Hi All,
  I have 300 APs deployed  and  concurrent client associations that number 3000+ daily
  at the moment I have a single subnet for all users, there is no authentication just a click through
  page with email entry to gain access.
  The APs are assigned to groups based upon the building zone they are in, is it possible to
  assign a vlan based upon the AP the user is associated to but still only broadcast a single SSID.
  TIA

  You can assign dynamic vlan for 802.1X authentication using aaa override from RADIUS server.
  In your case, since it is webconsent ssid you can use AP groups to put clients on differnt vlans per the AP group
  Sent from Cisco Technical Support iPhone App

• Single SSID & DHCP

  If possible, how would a Single SSID on a Aironet AP be able to provide LAN access to two different subnets?
  I beleive a routing (router) needs to be present to route between two subnets.
  In example,
       SSID "Visitor" can send IPv4 mobile devices to either subnet 192.168.1.0 or to subnet 10.0.0.0
  Thank you!                  

  yes its is possible using dynamic VLAN assignment using ISE or ACS. 
  Plus that mode normally works if you want to group multiple APs (placed in different places) and you want that when ever client move to any locaiton SSID remain same but behind the scene VLAN changes, even the security can be same.
  Hope this helps.

• Multiple Passphrases for a Single SSID ?

  We are getting ready to deploy a special SSID for handheld devices to be used on.
  Is there any way to have multiple passphrases for a single SSID ?  The reason I am looking at this is that we may have users who come into one of our offices and may not have gotten/received the email advising of the passphrase change.  My hope would be that we could implement Passphrase A when we initially deploy the new SSID and then in say 3 months, change the password.  We would like to leave the Passphrase A active for about a week which should be sufficient time for them to change it and then we could delete Passphrase A, leaving only Passphrase B active.  In WEP there was something like this but I dont see this as an option in WPA2.  Unfortunately with some of the devices that I have looked at, WPA2 Enterprise isnt an option, so that is why I am looking at things from this perspective.
  Any suggestions would be appreciated.
  Ron

  Hello Ronald,
  No you cannot have multiple passphrase or WPA-PresharedKey for the same SSID.
  Thank you,
  Serge

• Cisco ISE 1.1.1 - Single SSID

  I'm working on our ISE implementation and these are my two goals.
  1.  Single SSID for BYOD users and corporate managed systems.
  Login to the NAC agent if not part of the domain (EX: windows laptop not part of the domain joins the SSID, goes through the self service portal, downloads NAC agent, must login to NAC agent whenever joining network with AD credentials)
  AD login required to join this SSID, no guests allowed
  2.  Guest SSID
  Guest login only - requires sponsor
  web agent required for windows machine
  AV required
  Current AV definitions required
  Are these goals attainable or am I better to go in a different direction is my first question.
  Second, using the Cisco BYOD Smart Solution Guide (link at bottom of post) it mentions the single SSID as not being a complicated component but it only runs through the dual SSID solution, what settings are needed for a single SSID? I'm using Open + MAC Filtering but when the supplicant attempts to connect it doesn't work because it's looking for a WPA2 network with the same SSID name.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
  Single SSID is specifically mentioned here:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp504735

  David,
  What the documentation did was that it created a condition which does the check for the ssid in the access-request:
  Guest_Authz is a user-defined simple authorization condition for guests  accessing the Internet via Web authentication through the WLAN  corresponding to the open guest SSID. It matches the following RADIUS AV  pair from the Airespace dictionary:
       Airespace-Wlan-Id - [1] EQUALS 1
  So that when the user connects to the network they are connecting through the guest ssid in which this has the wlan id of 1. Either you can do that in your authorization rule right in the screenshot or you can create this condition under the policy elements tab.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ISE and Selfservice with single SSID

  Hi, i have:
  WLAN 2504 Controller with 7.2 Software
  ISE 1.1.2
  A single SSID with 802.1x Authentication
  Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.
  - The user connects to the single SSID
  - The user configures peap authentication on his device
  - The user authenticates to a ldap directory with username and password
  - After successfull authentication the user will be redirected to the mydevices portal
  - he logs in with his ldap credentials
  - the mac address of his current device is listed in the mydevice portal
  - user adds his device to the known devices list
  - manual reconnect to my ssid
  Is this possible with ISE? Is there a howto out there with exact this scenario?
  Kind regards

  Hello Andreas,
  WLC 2504 supports CWA, CoA & dACL.
  This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.
  For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html
  Regards,
  Ashok

• Tuxedo 8.1 single context multithreaded workstation client

  We just moved to Tuxedo 8.1 from Tuxedo 7.1. One of our appications has started to fail. This particular application is a single context multithreaded workstation client. All Tuxedo operations are performed from the same child thread. The BEA documentation is a little confusing on this topic. Are we required to use the multi context flag?

  It should not be necessary to use the TPMULTICONTEXTS flag for a
  single-context client, even if it is multithreaded. What is the nature of
  the failure that you are seeing?
  <Jacque Cole> wrote in message news:[email protected]..
  We just moved to Tuxedo 8.1 from Tuxedo 7.1. One of our appications has
  started to fail. This particular application is a single context
  multithreaded workstation client. All Tuxedo operations are performed
  from the same child thread. The BEA documentation is a little confusing
  on this topic. Are we required to use the multi context flag?

• Large Subnet for single SSID

  I am looking for a design guide to help me split up a large subnet for a Cisco Wireless network.  We have a Campus with a centralised Wsim and a single SSID.  We are hoping to be able to keep the single SSID but split the subnet as it is now quite large and we would like to reduce the broadcast domain to a manageable size.  I have found a number which have different SSID but we would like to keep only 1 as it simplifies the user experience. 

  Adding to Scotts post.  If you are doing 802.1x you can use dynamic VLAN assignment to achieve the results as well.
  AAA returns attributes 64/65/81 to the WLC, to change the VLAN the user gets put into.  You do still need to create the dynamic interfaces on the WLC.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Binding multiple VLANs to single SSID on WLC

  I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.

  the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
  Here are a couple of links tha might help.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html

• I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

  Hi team,
  I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
  I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

  http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
  I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
  waiting expert opinions.

• Single SSID and ACS

  Hi,
  I would like your help in the following scenario, we currently have a setup of CAS CAM, LDAP, WISM and ACS,
  The main point I'm focusing on is the ACS and WISM.
  Users are to obtain wireless access using a single SSID, and upon validation of credentials, they should gain access to one of 3 vlans, guest, data and voice, the use of separate SSID per vlan was highly discouraged by customer.
  Would appreciate your advice on the best feasible way to implement this.
  Regards,

  Hi,
  You can have single SSID in your setup. You need to set up feature called Dynamic VLAN Assignment.
  Check out this link,
  http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml
  Regards,
  ~JG
  Please rate if that helps !

• Mixed H-REAP on a single SSID

  Can I have a single SSID assigned to H-REAP sites and to my HQ site? The HQ site would not need H-REAP and runs mainly 1230 APs so it's not even possible.
  --Patrick

  Nope.... Your WLAN SSID's is either locally switched or centrally switched.... unless you have all traffic back to the WLC.

• WLC 2504 client only connects at 5.5Mbps for Single SSID

  Hi,
  I have a WLC2504 with three SSIDs configured and I have noticed that when my laptop connects to the main one it will only connect at 5.5Mbs. When I connect to the other two I get the full 72Mbps that my wireless card will allow. I have checked the SSID configuration but I cannot see anything that would cause this behaviour. Do you have any ideas/suggestions?
  Thanks.
  Gerry.

  Hi,
  Sometime it also happen due to co-channel interference, try by using setting up any other channel on 1st SSID and then check the connection speed.

• Single user mode or client install?

  Finally got my mini server ordered again (long story maybe later) I will be using it as my main computer and am wondering what is the easiest set up, boot up in single user mode or install SL client?
  JJ

  Ok So maybe word it a bit different, what is the easiest way to transfer all my stuff from my MBP to have the mini set up exactly as my MBP?
  JJ