Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
60354
Views
9
Helpful
0
Comments

What is guest SSID, and how is it configured?

TCC_2
Level 10
Level 10

‎06-22-2009 06:14 PM - edited ‎11-18-2020 02:46 AM

 

 

Introduction

What is guest SSID, and how is it configured?

Resolution

Service Set Identifier (SSID) is a unique identifier applied to the Access Point (AP) and the wireless client, which allows them to associate. The concept of broadcast SSID is referred to as guest mode in Cisco IOS  software. The AP can have one guest-mode SSID or none. The guest-mode SSID is used in beacon frames and response frames to probe requests that specify the empty or wildcard SSID. If no guest-mode SSID exists, the beacon contains no SSID, and probe requests with the wildcard SSID are ignored. Disabling the guest mode makes the networks slightly more secure. Enabling the guest mode helps clients that passively scan (do not transmit) associate with the AP. It also allows clients configured without an SSID to associate to AP.

Guest Mode SSID

The guest mode SSID is included in beacon frames, in responses to probe requests without an SSID that matches the other access point SSIDs, and in responses to probe requests with a wildcard SSID. Enabling guest mode for an SSID helps clients that passively scan (do not transmit probe requests) to associate with the access point. The access point can have one guest mode SSID or none at all. (See the "Multiple Basic SSIDs" section to see how to include multiple SSIDs in a beacon.)

If no guest mode SSID exists, the access point beacon contains no SSID, and probe requests with a wildcard SSID are ignored. Disabling the guest mode makes networks slightly more secure.

To enable a guest mode SSID, create the SSID and use the guest-mode command. For example:

 AP(config-if-ssid)# guest-mode 

To disable a guest mode SSID, use the no guest-mode command.

Note When you enable guest mode SSID for the 802.11g radio, you will enable guest mode for the 802.11b radio as well, because they both operate in the same 2.4-Ghz band.

Guest Mode SSID Configuration Example

This example shows how to:

  • •Name an SSID
  • •Configure the SSID for guest mode
  • •Assign the SSID to a radio interface
 AP# configure terminal
 AP(config)# dot11 ssid batman
 AP(config-ssid)# guest-mode
 AP(config-ssid)# exit
 AP(config)# interface dot11radio 0
 AP(config-if)# ssid batman
 AP(config-if)#end

More Information

The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or subnetwork can use the same SSIDs. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. Do not include spaces in your SSIDs.

You can configure up to 16 SSIDs on your Cisco Aironet 1200 Series Access Point and assign different configuration settings to each SSID. All the SSIDs are active at the same time; that is, client devices can associate to the access point using any of the SSIDs.

If you want the access point to allow associations from client devices that do not specify an SSID in their configurations, you can set up a guest SSID. The access point includes the guest SSID in its beacon. The access point's default SSID, tsunami, is set to guest mode. However, to keep your network secure, you should disable the guest mode SSID on most access points.

If your access point will be a repeater or will be a root access point that acts as a parent for a repeater, you can set up an SSID for use in repeater mode. You can assign an authentication username and password to the repeater-mode SSID to allow the repeater to authenticate to your network like a client device.

If your network uses VLANs, you can assign one SSID to a VLAN. Client devices that use the SSID are grouped in that VLAN.

Usage Guidelines

The access point can have one guest-mode SSID or none at all. The guest-mode SSID is used in beacon frames and response frames to probe requests that specify the empty or wildcard SSID. If no guest-mode SSID exists, the beacon contains no SSID and probe requests with the wildcard SSID are ignored. Disabling the guest mode makes the networks slightly more secure. Enabling the guest mode helps clients that passively scan (do not transmit) associate with the access point. It also allows clients configured without a SSID to associate.

Examples

This example shows how to set the wireless LAN for the specified SSID into guest mode:
AP(config-if-ssid)# guest-mode

This example shows how to reset the guest-mode parameter to default values:
AP(config-if-ssid)# no guest-mode

Related Commands

Command

 

Description

ssid

Specifies the SSID and enters the SSID configuration mode

show running-config

Displays the current access point operating configuration

 

Note : The default SSID for all Cisco Aironet products is tsunami.

Note: Starting IOS release 12.3(7)JA there is no default SSID configured on the AP. For more information read Default SSID Configuration

Problem Type

Definitions

Products

Access point

Security Options

SSID

Reference

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents