Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
850
Views
0
Helpful
3
Replies

Access Point Question

Go to solution
msisko527
Level 1
Level 1

‎01-28-2013 01:16 PM - edited ‎03-04-2019 06:52 PM

hello,

          I have a Cisco Aironet 1240AG Access Point and I am trying to set up a guest network that is secure and limited in bandwidth utilization. I see an option under security > SSID Manager on the web interface to select an interface of Radio0-802.11G, Radio1-802.11A or both. Can I put the guest network on the Radio1-802.11A and make it more secure/bandwidth limited or does this option not matter? Has anyone had any experience with setting up a guest network on a AP like this?

Michael

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎01-28-2013 01:55 PM

I've not had experience with the web management piece. Is this access point controlled by a WLC or is it configured on the access point directly? Generally, you cannot run multiple SSIDs on the same vlan. You'll need to create a vlan for each ssid that you want. You can do this through the gui, but I wouldn't be able to help you with that. The cli is configured in the following manner:

dot11 sside PrimaryNetwork

   vlan 1

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7

dot11 ssid GuestNetwork

  vlan 2

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7

int d0

encryption vlan 1 mode ciphers tkip

!

encryption vlan 2 mode ciphers tkip

!

ssid PrimaryNetwork

!

ssid GuestNetwork

!

mbssid

int d0.1

encapsulation dot1q 1 native

bridge-group 1

int d0.2

encapsulation dot1q 2

bridge-group 2

int f0.1

encapsulation dot1q 1 native

bridge-group 1

int d0.2

encapsulation dot1q 2

bridge-group 2

int bvi1

ip address 192.168.1.1 255.255.255.0

You'd trunk the port that the AP connects to and allow vlans 1 and 2 over the trunk. Then you would configure a router or L3 switch to route for this vlan.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎01-28-2013 01:55 PM

I've not had experience with the web management piece. Is this access point controlled by a WLC or is it configured on the access point directly? Generally, you cannot run multiple SSIDs on the same vlan. You'll need to create a vlan for each ssid that you want. You can do this through the gui, but I wouldn't be able to help you with that. The cli is configured in the following manner:

dot11 sside PrimaryNetwork

   vlan 1

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7

dot11 ssid GuestNetwork

  vlan 2

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7

int d0

encryption vlan 1 mode ciphers tkip

!

encryption vlan 2 mode ciphers tkip

!

ssid PrimaryNetwork

!

ssid GuestNetwork

!

mbssid

int d0.1

encapsulation dot1q 1 native

bridge-group 1

int d0.2

encapsulation dot1q 2

bridge-group 2

int f0.1

encapsulation dot1q 1 native

bridge-group 1

int d0.2

encapsulation dot1q 2

bridge-group 2

int bvi1

ip address 192.168.1.1 255.255.255.0

You'd trunk the port that the AP connects to and allow vlans 1 and 2 over the trunk. Then you would configure a router or L3 switch to route for this vlan.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
msisko527
Level 1
Level 1
In response to John Blakley

‎01-29-2013 09:10 AM

Hi John,

This would be configured on the access point directly. I don't have a WLC.

So only using VLAN's will allow me to adjust bandwidth for a second SSID? For security reasons does anyone put a guest network (second network) on the same AP?

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to msisko527

‎01-29-2013 09:23 AM

Sure...I have them in our company. You control with firewall acls, wireless acls, etc. on where the user can go. I'm sure it depends on what sector you're working in if it's seen as an extreme security risk though. Technically, real secure companies won't have wireless access at all. You would only be able to use separate vlans to support more than one ssid. If you try to put a second ssid in the same vlan, it will tell you that it's not able to do it.

From here:

http://www.cisco.com/en/US/docs/wireless/access_point/12.3_7_JA/configuration/guide/s37ssid.html

Step 5 

vlan vlan-id

(Optional) Assign the SSID to a VLAN on your network. Client devices  that associate using the SSID are grouped into this VLAN. You can assign  only one SSID to a VLAN.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents