04-21-2008 08:05 PM - edited 07-03-2021 03:45 PM
I'm new to Cisco AP's. I'm trying to setup security per VLAN on a new 1130ag.
I finally got the Guest VLAN configured for Open Authentication (I'll lock down VLAN access after I get AP setup, it's not live yet). Where is the option to broadcast SSID for this Guest access? I have to manually enter in the network...
But more importantly, I'm trying to setup an INT VLAN on the AP with security enabled. Looking through the SSID Management section, here is what I have:
INT should be the SSID name, and I'm wanting to broadcast this, but like the Guest VLAN, it's not showing up.
VLAN1
radio ag
Open Auth no addition
Key Mngmnt Mandatory
enable WPA WPAv2
WPA pre-shared key: cisco ASCII
These are the options I've enabled in hopes of requiring a client to type "cisco" to connect, and have WPA2 for encryption.
Am I doing something wrong? I manually enter the INT for the wireless network and get "Connection timed out", but am able to connect to the Open 'Guest' network.
And again, I see the "Broadcast SSID" in the Quick Security Setup option, but not in the SSID Management section.
Thanks for reading. And thanks for any advice/tips.
Be well.
04-22-2008 02:08 AM
I got this working in a test lab a long time ago with a AP1131AG, below is part of the config, I hope is relevant:-
!
dot11 ssid <
vlan 5
mbssid guest-mode
!
dot11 ssid <
vlan 10
mbssid guest-mode
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid <
!
ssid <
!
mbssid
!
interface Dot11Radio0.5
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
HTH.
04-30-2008 02:22 PM
Hello and thanks for the reply. I'm doing side-by-side comparison with my config and I'm not seeing much difference.
Here is a clip of mine:
!
dot11 vlan-name GUEST vlan 3
dot11 vlan-name SCHOOL vlan 2
!
dot11 ssid GUEST
vlan 3
authentication open
!
dot11 ssid INT
vlan 1
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 05giberish123
!
dot11 ssid SCHOOL
vlan 2
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 12giberish123
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
ssid GUEST
!
ssid INT
!
ssid SCHOOL
!
!
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
Pardon if this is too much info, not really sure which is vital.
Does this look correct for setting up WPA2? How about having the SSID's non-hidden?
04-30-2008 11:49 PM
A side-by-side comparison would have shown that you have missed:-
"mbssid guest-mode" in each of the dot11 ssid configurations i.e:-
dot11 ssid GUEST
mbssid guest-mode
"mbssid" is required under the dot11radio0 interface to actually indicate more than one ssid should be sent in the beacon i.e:-
interface Dot11Radio0
mbssid
Add the above and test, let me know of your results.
The WPA2 config looks ok.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide