cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
803
Views
5
Helpful
2
Replies
Highlighted
Beginner

AP Configuration Radio 0 and 1 Separate SSID's with same VLAN's

Hello,

I am configuring two AP's with about 20% overlap and the request was to utilize radio 0(2.4) and 1(5) with different SSID's in guest mode and clients could choose which one to connect. There is CORP and GUEST on radio 0 and CORP_5G and GUEST_5G on radio 1.  CORP and CORP_5G on both radios use the same vlan 1 and GUEST and GUEST_5G on both radios use the same vlan 192.  I believe this should work unless cannot use the same VLAN's with different SSID's name across radios.  When they implemented 2.4 connected fine but was super slow and suppose B rates need to be disabled.  However, I was told radio 1 SSID's were not showing in the list and cannot confirm since was not part of implementation or testing.  Below is the configuration that will be the same on both AP's and would like a second pair of eyes if this will work as I expect...:)

!
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXX
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no ip source-route
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid GRL_CORP
vlan 1
mbssid guest-mode
guest-mode
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 1322051B111608333C753A3639275743
!
dot11 ssid GRL_GUEST
vlan 192
mbssid guest-mode
guest-mode
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 096B5C00031F1B0B1C5D162F27216C77
!
dot11 ssid GRL_CORP_5G
vlan 1
mbssid guest-mode
guest-mode
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 1322051B111608333C753A3639275743
!
dot11 ssid GRL_GUEST_5G
vlan 192
mbssid guest-mode
guest-mode
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 096B5C00031F1B0B1C5D162F27216C77
!
!
bridge irb
!
!
!
interface Dot11Radio0
mbssid
!
ssid GRL_CORP
ssid GRL_GUEST
!
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 192 mode ciphers aes-ccm
!
!
interface dot11radio0.1
encapsulation dot1q 1 native
bridge-group 1
!
interface dot11radio0.192
encapsulation dot1q 192
bridge-group 192
!
interface Dot11Radio1
mbssid
!
!
ssid GRL_CORP_5G
ssid GRL_GUEST_5G
!
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 192 mode ciphers aes-ccm
!
!
interface dot11radio1.1
encapsulation dot1q 1 native
bridge-group 1
!
interface dot11radio1.192
encapsulation dot1q 192
bridge-group 192
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface gig0.1
encapsulation dot1q 1 native
bridge-group 1
!
interface gig0.192
encapsulation dot1q 192
bridge-group 192
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface BVI1
ip address 10.0.0.245 255.255.255.0
!
ip default-gateway 10.0.0.254
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
snmp-server community liability RO
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
end

Switchports connected to AP's is trunk with native vlan 1

Router on stick with trunk native vlan 1 to switch hosts DHCP for guest and ACL

DHCP for CORP is DHCP server on vlan 1 

Switch and router not the issue and  review of AP configuration above is needed as to me this should work unless 5G SSID's need a separate VLAN and DHCP scope since not the same name.

Let me know your thoughts, best practices, if this should work, or any changes....thanks

2 REPLIES 2
Highlighted
Rising star

I'd make two changes for the SSID specific config.

1) You've specified both guest-mode and mbssid guest-mode and the AP probably won't let you set multiple SSIDs per radio in that instance so remove the line "guest-mode" from all your SSID configs.

e.g.

dot11 ssid GRL_CORP
vlan 1
mbssid guest-mode
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 1322051B111608333C753A3639275743
!

2) Put the per-radio encryption lines above the ssid lines or (as I've just found out) the AP will spit the dummy because you haven't specified it first.

e.g.


interface Dot11Radio0
mbssid
!
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 192 mode ciphers aes-ccm

ssid GRL_CORP
ssid GRL_GUEST
!

!
!
interface dot11radio0.1
encapsulation dot1q 1 native
bridge-group 1
!
interface dot11radio0.192
encapsulation dot1q 192
bridge-group 192
!
interface Dot11Radio1
mbssid
!
!
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 192 mode ciphers aes-ccm

ssid GRL_CORP_5G
ssid GRL_GUEST_5G
!

!
!
interface dot11radio1.1
encapsulation dot1q 1 native
bridge-group 1
!
interface dot11radio1.192
encapsulation dot1q 192
bridge-group 192
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface gig0.1
encapsulation dot1q 1 native
bridge-group 1
!
interface gig0.192
encapsulation dot1q 192
bridge-group 192
!

Ric

 

-----------------------------
Please rate helpful / correct posts
Highlighted

Thanks for the reply and we will be testing tonight after hours and will update once complete and outcome. So using different SSID's on same VLAN on 2.4 and 5 should work as configured correct?  I am certain I have done before just cannot locate the client to check...thanks again

Content for Community-Ad