cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
544
Views
0
Helpful
4
Replies

Aironet - Two SSIDs, One with WPA, One Without

Anthony Holloway
Cisco Employee
Cisco Employee

I have an AP that I want to have two SSIDs on, let's say, "Admin" and "User."

The User SSID should be wide open, unsecure, etc.

The Admin SSID, should not be broadcasted, and be protected via a passwrd, preferably WPA pre-shared key.

Is this possible? If so, how?

So far I have both SSIDs working, in an open/unsecure mode. My VLANs are working great, and when I tried the suggestion in the help, it looks like it turned on WPA, but now I cannot see the SSID for Admin.

If you need a copy of the config, let me know.

Thanks,

Anthony

1 Accepted Solution

Accepted Solutions

try adding these to your config:

dot11 ssid faculty

vlan 100

authentication open

authentication key-management wpa

wpa-psk ascii 0

dot11radio 0

encryption vlan 400 mode ciphers tkip

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

Yes this will work. Please attach a copy of the config so I can see what you have configured and what needs to be added to make it work as you would like.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 $1$zH.z$lhh9AqT3HXXU2WxXSd2f20

!

ip subnet-zero

!

!

no aaa new-model

!

dot11 ssid faculty

vlan 100

authentication open

!

dot11 ssid students

vlan 400

authentication open

guest-mode

!

!

!

username x password x

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid faculty

!

ssid students

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

antenna receive right

antenna transmit right

!

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio0.400

encapsulation dot1Q 400 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

ssid students

!

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio1.400

encapsulation dot1Q 400 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

interface FastEthernet0.400

encapsulation dot1Q 400 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp client-id FastEthernet0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

transport preferred all

transport output all

line vty 0 4

login local

transport preferred all

transport input all

transport output all

line vty 5 15

login

transport preferred all

transport input all

transport output all

!

end

try adding these to your config:

dot11 ssid faculty

vlan 100

authentication open

authentication key-management wpa

wpa-psk ascii 0

dot11radio 0

encryption vlan 400 mode ciphers tkip

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

That worked perfectly.

I just modified this:

dot11radio 0

encryption vlan 400 mode ciphers tkip

to this:

dot11radio 0

encryption vlan 100 mode ciphers tkip

Thanks for the help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: