Announcement

Collapse
No announcement yet.

Multiple BSSID Cisco 1100

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple BSSID Cisco 1100

    I am hoping I can get a little help here. We are finally making the move away from WEP and going towards WPA and EAP authentication as well as having guest access to wireless. We purchased several Cisco 1100 Series AP's

    I have configured the network authentication, group policies, WPA certificates, all that works well.

    I have also already configured guest access across a secondary VLAN to segment the network and that all works well.

    My problem comes into play when I try to do both of them at the same time.
    I set up my WPA/EAP/GPO/ and everything is fine. All I do is first set Multiple SSID check box, then select the Infrastructure SSID, then create a second SSID, configure it to run on a seperate VLAN, assign the WPA PSK-TKIP and set it as guest mode and hit apply.

    Once I do that my infrastructure SSID is no longer broadcasting, and I cannot connect to it anymore. Even if I treat it as just a non-broadcast SSID (remove the GPO which I set) and just create a wireless profile for a non-broadcast SSID it still doesnt work. If I take away the guest ssid then the infrastructure ssid comes back and it works like a charm.

    Am I missing something real obvious here.
    Config:
    Code:
    Building configuration...
    
    Current configuration : 3366 bytes
    !
    ! Last configuration change at 11:56:38 Eastern Fri Nov 20 2009 by Cisco
    ! NVRAM config last updated at 11:56:38 Eastern Fri Nov 20 2009 by Cisco
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname TrainingRoomAP
    !
    no logging console
    enable secret 5 $6845dfd465se/i.a54fes54f8es
    !
    clock timezone Eastern -5
    ip subnet-zero
    ip domain name tweddle.com
    ip name-server 10.0.3.9
    !
    !
    aaa new-model
    !
    !
    aaa group server radius rad_eap
     server 10.0.3.7 auth-port 1645 acct-port 1646
    !
    aaa group server radius rad_mac
    !
    aaa group server radius rad_acct
    !
    aaa group server radius rad_admin
    !
    aaa group server tacacs+ tac_admin
    !
    aaa group server radius rad_pmip
    !
    aaa group server radius dummy
    !
    aaa group server radius rad_eap1
     server 10.0.3.7 auth-port 1645 acct-port 1646
    !
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authentication login eap_methods1 group rad_eap1
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    dot11 vlan-name GUEST vlan 2
    dot11 vlan-name NET vlan 1
    !
    dot11 ssid GUEST
       vlan 2
       authentication open
       authentication key-management wpa
       mbssid guest-mode
       wpa-psk ascii 7 98645687464845484537853
       information-element ssidl
    !
    dot11 ssid NET
       vlan 1
       authentication open eap eap_methods1
       authentication key-management wpa
       information-element ssidl advertisement
    !
    !
    !
    username Cisco password 7 486435498564894654843545674
    !
    bridge irb
    !
    !
    interface Dot11Radio0
     no ip address
     no ip route-cache
     !
     encryption mode ciphers tkip
     !
     encryption vlan 1 mode ciphers tkip
     !
     encryption vlan 2 mode ciphers tkip
     !
     ssid GUEST
     !
     ssid NET
     !
     mbssid
     speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
     54.0
     station-role root
     no dot11 extension aironet
    !
    interface Dot11Radio0.1
     encapsulation dot1Q 1 native
     no ip route-cache
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
     bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.2
     encapsulation dot1Q 2
     no ip route-cache
     bridge-group 2
     bridge-group 2 subscriber-loop-control
     bridge-group 2 block-unknown-source
     no bridge-group 2 source-learning
     no bridge-group 2 unicast-flooding
     bridge-group 2 spanning-disabled
    !
    interface FastEthernet0
     no ip address
     no ip route-cache
     duplex auto
     speed auto
    !
    interface FastEthernet0.1
     encapsulation dot1Q 1 native
     no ip route-cache
     bridge-group 1
     no bridge-group 1 source-learning
     bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.2
     encapsulation dot1Q 2
     no ip route-cache
     bridge-group 2
     no bridge-group 2 source-learning
     bridge-group 2 spanning-disabled
    !
    interface BVI1
     ip address 10.0.6.125 255.0.0.0
     no ip route-cache
    !
    ip default-gateway 10.0.0.236
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    !
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 10.0.3.7 auth-port 1645 acct-port 1646 key 7 10454968543054545
    radius-server vsa send accounting
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    !
    end
    Thanks in advance.
    Last edited by ChiliFrei64; 20th November 2009, 22:04.
    Daniel Frei
    -Windows Operations Server Administrator
    -Exchange Guru
    -Cisco Fanatic
    -SharePoint Hippie
    -Volkswagen Enthusiast

    www.lazynetworkadmin.com
Working...
X