cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2768
Views
0
Helpful
8
Replies

mutiple SSIDs using the same VLAN

JASON SIMMONS
Level 2
Level 2

Hi

Do any of you know if it is possible to configure mutiple SSIDs to use the same VLAN on a autonomous access point?

8 Replies 8

MATTHEW BALYUZI
Level 1
Level 1

I have done this in the distant past.

Don't think you can do it through the web interface, but from the CLI try putting the wireless sub-interfaces into the same bridge group.

Afraid it's so long since I did this that I don't have a configuration fragment for it, but I do recall it working.

thanks for the quick response.  I'll try it and report back.

No its not possible... its always 1:1 mapping between the SSID and the VLAN in autonomous infrastructure..

ITS ONLY POSSIBLE IF YOU HAVE DUAL RADIO AP AND YOU CONFIGURE 2 SSIDS, MAPPING EACH TO RESPECTIVE RADIOS AND THEN USING THE SAME ENCRYPTION TO SAME..

EX-

en

conf t

ssid one

ssid two

exit

int dot11 0

ssid one

guest-mode

end

int dot11 1

ssid two

guest-mode

end

ONLY THIS WILL WORK, THAT TOO IF YOU WANT YOUR CLIENTS TO GET THE IP IN TNE MANAGEMENT VLAN!! ELSE ITS NOT POSSIBLE.

Lemme know if this answered ur question and please dont forget to rate the usefull posts!!

Regards

Surendra

Regards
Surendra BG

Surendra BG wrote:

No its not possible... its always 1:1 mapping between the SSID and the VLAN in autonomous infrastructure..

I can assure you that it is possible - we ran with two ssids on the same radio with different securiy settings for about a year (whilst transitioning from WEP/802.1X to WPA-Enterprise). They were connected to the same (tagged) vlan on the ethernet interface.

Try this - create two ssids, mapped to two vlans as normal. Now edit the second radio subinterface to be in the same bridge group as the first (and delete the second subinterface from the ethernet interface).

Worked well for us on about 250 APs.

Matt, just because it works, does not mean that it is a supported configuration.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

This configuration should work if absolutely necessary -- effectively bridging two SSIDs into the same wired vlan/subinterface. However, as Stephen mentioned, there are some caveats to using this:

1. Best practices would typically place users of different security policies into separate VLANs.

2. This configuration cannot be built from the GUI, but must be modified afterwards on the CLI.

And just because it's not a supported configuration, doesn't mean it won't work... I never claimed it was "supported", whatever that means. (It's a perfectly valid bit of IOS config, just not implemented in the GUI, and our SE was aware of it at the time and we did some fairly extemsive testing before deployment).

The shouty statement that "ITS NOT POSSIBLE." from a Cisco employee is somewhat disapointing, maybe I would have expected better.

I certainly wouldn't have run with it as a permanent fix, but it was very useful for transitioning between two security settings (from WEP to WPA) without having to deploy a new vlan to 250+ APs spread over 20 sites.

But this was all long ago - we saw the light and went lightweight (as it were ).

Not supported means if you have an issue TAC may not help you until the config gets fixed.

As for the WEP to WPA. there is a configuration called migration mode that allowed multiple encryptions.

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: