cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1003
Views
0
Helpful
4
Replies

Dynamic VLAN Assignment issues on AP 1140

b-ag.software
Level 1
Level 1

Hi Everybody,

 

I have a Problem with dynamic VLAN Assignment and a second SSID.

Our Hardware: 8x 1140 Aironet autonomous AP, SGE2000 Layer 3 Switch, Windows 2008R2 NPS + DHCP + AD

We have on SSID (Employee) and two vlans (Employee 100 and Developer 200). Everything is working as expected. The NPS returns the right vlan and the client obtains a correct IP Address.

So now we wanted to create a Guest WLAN and therefor we added a second SSID on the APs (Guest). And here the problem starts, users of the Developer Group (200) can no longer obtain a IP Address (also static IPs are no longer working). The Guests are working without any issues, also the Employee can work, since the employee vlan is the native vlan and the default assignment of the SSID Employee.

So here is my question: Is this a unsupported configuration? Can dynamic vlan assignment work together with multiple ssids on autonomous APs?

 

If it is helpfully I can post the not working config of the AP.

 

Thanks and best Regards

Chris

4 Replies 4

Ric Beeching
Level 7
Level 7

Please post the config and list the VLANs you want to map those SSIDs to. I believe the scenario you are asking for is achievable!

-----------------------------
Please rate helpful / correct posts

Great this was fast...

SSID: Employee (with WPA2-Enterprise)
VLAN: 2 and 5

SSID: Guest (with PSK)
VLAN: 20

I attachted the config.

Hi Ric,

I have new Informations. I Installed the latest Software (c1140-k9w7-tar.153-3.JBB4) on the ap and the dhcp issues were gone. But now I have a new strange problem.

I only once can connect to the ap, if I disconnect the wifi connection, i can no longer connect. On the AP i get the following error: Station [mymac] Authentication failed

I don't understand why it works only one time? If i reboot the ap I can connect again, but still only one time.

On the Radius Server (Microsoft NPS) I can see successfully authentications.

Do you have any tip for me?

 

Regards

Chris

b-ag.software
Level 1
Level 1

Okay, I found the issue. Regarding to this documentation:

  • Misuse or incorrect design of guest mode SSID designation

    When you define multiple SSIDs/VLANs on Cisco Aironet wireless equipment, one (1) SSID can be assigned as guest mode SSID with the SSID broadcast in 802.11 radio beacons. The other SSIDs are not broadcast. The client devices must indicate which SSID to connect.

and

Guidelines for Using Multiple BSSIDs

Keep these guidelines in mind when configuring multiple BSSIDs:

RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs.

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_7_JA/configuration/guide/i1237sc/s37ssid.html

 

This was my issue, I have two SSID broadcasted.

Review Cisco Networking for a $25 gift card