Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
5
Helpful
1
Replies

adding security to wireless network

Ed Lo
Level 1
Level 1

‎10-26-2017 11:33 AM - edited ‎03-05-2019 09:22 AM

Hello,

I have 2 wireless networks and want to add a password to 1 of them. I've tried doing it on my own and when I try to connect it says 'cannot connect to network'. Below is how I've been doing this, what am I doing wrong?

 


dot11 ssid test1
vlan 2
authentication key-management wpa
wpa-psk ascii 7 pass33


interface dot11 0
encryption vlan 2 mode ciphers tkip

 

 

thank you

Labels:
0 Helpful
1 Reply 1

Dean Romanelli
Level 4
Level 4

‎10-26-2017 11:48 AM - edited ‎10-26-2017 12:00 PM

Hi,

If you are using vlan 2 and vlan 1 is your native vlan and the vlan where the other wireless network is configured on, then you need to create subinterfaces on the radio and ethernet interfaces on the AP, trunk the port on the switch connecting to your AP and allow vlan 1 & 2 over it, and add the SSID's to the radio interface configs.  Also, if this AP is broadcasting multiple SSID's, you need the mbssid command under radio interface, as well as under both SSID's. Make sure you are permitting vlan 2 over all trunk links to your gateway as well.

See below example and pay close notes to bold sections: (Note: Converting to sub-interfaces can cause service interruptions. Plan maintenance window or set scheduled reload if you hose the AP)

dot11 ssid test1
   vlan 2
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii pass33   <--- make sure you enter this command WITHOUT the 7 before the PW
!
dot11 ssid otherwifi
   vlan 1
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii <what-ever-the-working-one-is>

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode ciphers tkip
 !
 encryption vlan 2 mode ciphers tkip
 !
 ssid otherwifi
 !
 ssid test1
 !
 antenna gain 0
 stbc
 mbssid
 station-role root
 no cdp enable
 no shut
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 no shut

interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
 no shut

interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no shut
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
 no shut
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 spanning-disabled
 no bridge-group 2 source-learning
 no shut

 

Switchport connecting to this AP:

switchport mode trunk

switchport trunk allowed vlan all

switchport trunk encapsulation dot1q

switchport trunk native vlan 1

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card