06-09-2014 07:59 PM - edited 07-05-2021 12:58 AM
I want to create a wireless network with 2 SSIDs. I am using 4 Cisco 1602 Model APs. I can get the password protected SSID to work. When I try to create the guest SSID I can get it to broadcast, but it keeps asking for a password even though I haven't set one. Here is my current config:
!
! Last configuration change at 00:18:42 UTC Mon Mar 1 1993
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AberdeenAP1
!
!
logging rate-limit console 9
enable secret 5 $1$gePP$q8Ny/Vk0xNkLq/w6mwwLP1
!
no aaa new-model
ip cef
!
!
!
dot11 syslog
!
dot11 ssid GS-Guest
vlan 2
authentication open
mbssid guest-mode
mobility network-id 2
!
dot11 ssid GS-Wireless
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 045C021403324F411C0D16051D0807567A7A70
!
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 106D000A0618
username admin privilege 15 password 7 096B5D0D115445415F
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid GS-Guest
!
ssid GS-Wireless
!
antenna gain 0
stbc
beamform ofdm
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid GS-Guest
!
ssid GS-Wireless
!
antenna gain 0
dfs band 3 block
stbc
beamform ofdm
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 spanning-disabled
no bridge-group 2 source-learning
!
interface BVI1
ip address 192.168.1.51 255.255.255.0
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip route 0.0.0.0 0.0.0.0 10.251.10.1
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end
06-10-2014 12:46 AM
Hi,
You are using vlan 2 as guest vlan and you are also applying encryption to it thats is the main reason you asked for a password.
Remove this line and try again:
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm tkip
! encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid GS-Guest
!
ssid GS-Wireless
!
antenna gain 0
stbc
beamform ofdm
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
Regards
Dont forget to rate helpful posts
06-10-2014 09:38 PM
Removing that line did not work and has locked up my AP. On another AP I was able to take encryption off of vlan 2 in the encryption manager of the GUI. When I take the encryption off of vlan 2 the SSID associated with that vlan no longer requires a password, but does not allow us to connect. It simply states "Unable to connect to GS-Guest" from an array of devices. Any other suggestions?
06-10-2014 10:00 PM
Hi,
You have to remove these and try again:
dot11 ssid GS-Guest
vlan 2
authentication open
mbssid guest-mode
mobility network-id 2
!
dot11 ssid GS-Wireless
vlan 1
authentication open
authentication key-management wpa guest-mode
mbssid guest-mode infrastructure-ssid optional
wpa-psk ascii 7 045C021403324F411C0D16051D0807567A7A70
interface Dot11Radio0
no ip address
! encryption mode ciphers aes-ccm tkip
! encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid GS-Guest
!
ssid GS-Wireless
!
interface Dot11Radio1
no ip address
! encryption mode ciphers aes-ccm tkip
! encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid GS-Guest
!
ssid GS-Wireless
!
antenna gain 0
dfs band 3 block
If you have any doubts then follow this blog:
http://rscciew.wordpress.com/2014/05/24/multiple-ssid-configurations-on-autonomous-ap/
Regards
Dont forget to rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: