11-25-2014 09:33 AM - edited 07-05-2021 02:01 AM
2) When I am ready to restrict LAN access of the guest network I will need to create a VLAN. Correct?
Thank you.
Solved! Go to Solution.
11-25-2014 03:14 PM
1) Can I create a second functional and visible SSID that does not require a fully functional VLAN through my switch and firewall? I realize this may allow the guest SSID to have access to my LAN.
No, you cannot create a second SSID in different subnet without creating vlans. In that case your AP connected switchport has to be configured as trunk port & allow required vlan. Always AP management has to be on native vlan on that trunk
HTH
Rasika
**** Pls rate all useful responses ****
11-25-2014 08:54 PM
I do not think you can do that. What type of switch you connect this AP, is it a managed switch ?
If I get a chance I'll try to see what you can do on this (at least one SSID visible & one without visible).
HTH
Rasika
**** Pls rate all useful responses ****
11-25-2014 03:14 PM
1) Can I create a second functional and visible SSID that does not require a fully functional VLAN through my switch and firewall? I realize this may allow the guest SSID to have access to my LAN.
No, you cannot create a second SSID in different subnet without creating vlans. In that case your AP connected switchport has to be configured as trunk port & allow required vlan. Always AP management has to be on native vlan on that trunk
HTH
Rasika
**** Pls rate all useful responses ****
11-25-2014 03:29 PM
It does help. Thank you.
Followup question: I know this is not recommended, but what if I create both SSID's and put them in the same subnet on the native vlan? Would both networks be visible and functional?
11-25-2014 08:54 PM
I do not think you can do that. What type of switch you connect this AP, is it a managed switch ?
If I get a chance I'll try to see what you can do on this (at least one SSID visible & one without visible).
HTH
Rasika
**** Pls rate all useful responses ****
11-26-2014 11:35 AM
Thank you for the guidance. I do have a managed switch. I'll see if I can get the second SSID setup on a vlan and separate subnet.
11-26-2014 12:25 PM
If you have a managed switch, then this is the way to do it. I assumed vlan 1 would be the native on the trunk port & having 192.168.100.0/24 subnet & used it for AP management. You need to define those L2 vlans & required DHCP pools on the switch (config not shown here)
You could configure your AP like this. Replace <SSID-1> & <SSID-2> with required SSID names & corresponding passwords.
dot11 ssid <SSID-1> vlan 10 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii <SSID_1_PASSWORD> ! dot11 ssid <SSID-2> vlan 20 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii <SSID_2_PASSWORD> ! interface Dot11Radio0 encryption vlan 10 mode ciphers aes-ccm encryption vlan 20 mode ciphers aes-ccm mbssid ssid <SSID-1> ssid <SSID-2> no shut ! interface Dot11Radio0.10 encapsulation dot1Q 10 bridge-group 10 ! interface Dot11Radio0.20 encapsulation dot1Q 20 bridge-group 20 ! interface Dot11Radio0.1 encapsulation dot1Q 1 native bridge-group 1 ! interface GigabitEthernet0.10 encapsulation dot1Q 10 bridge-group 10 ! interface GigabitEthernet0.20 encapsulation dot1Q 20 bridge-group 20 ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native bridge-group 1 ! interface BVI1 ip address 192.168.100.101 255.255.255.0 ip default-gateway 192.168.100.1 !
Then switchport should be configured as Trunk port & allow vlan 1, 10 & 20
int gx/x description AP-01 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 1 switchport trunk allow vlan 1, 10, 20
If you want to put some access restriction between vlan 10 & 20 you can do that on your switch (like ACL)
Let me know if you have any queries.
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide