10-03-2006 08:18 AM - edited 07-04-2021 01:12 PM
I have an AP that I want to have two SSIDs on, let's say, "Admin" and "User."
The User SSID should be wide open, unsecure, etc.
The Admin SSID, should not be broadcasted, and be protected via a passwrd, preferably WPA pre-shared key.
Is this possible? If so, how?
So far I have both SSIDs working, in an open/unsecure mode. My VLANs are working great, and when I tried the suggestion in the help, it looks like it turned on WPA, but now I cannot see the SSID for Admin.
If you need a copy of the config, let me know.
Thanks,
Anthony
Solved! Go to Solution.
10-03-2006 02:08 PM
try adding these to your config:
dot11 ssid faculty
vlan 100
authentication open
authentication key-management wpa
wpa-psk ascii 0
dot11radio 0
encryption vlan 400 mode ciphers tkip
10-03-2006 11:59 AM
Yes this will work. Please attach a copy of the config so I can see what you have configured and what needs to be added to make it work as you would like.
10-03-2006 02:00 PM
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret 5 $1$zH.z$lhh9AqT3HXXU2WxXSd2f20
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid faculty
vlan 100
authentication open
!
dot11 ssid students
vlan 400
authentication open
guest-mode
!
!
!
username x password x
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid faculty
!
ssid students
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit right
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
ssid students
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.400
encapsulation dot1Q 400 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
!
end
10-03-2006 02:08 PM
try adding these to your config:
dot11 ssid faculty
vlan 100
authentication open
authentication key-management wpa
wpa-psk ascii 0
dot11radio 0
encryption vlan 400 mode ciphers tkip
10-04-2006 06:13 AM
That worked perfectly.
I just modified this:
dot11radio 0
encryption vlan 400 mode ciphers tkip
to this:
dot11radio 0
encryption vlan 100 mode ciphers tkip
Thanks for the help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: