We have a secure ssid and a guest ssid. Is the a way to prompt for a single username and password and if that name is guest it will automatically connect to the guest ssid? If active directory user and password it will automatically use the secure ssid? we are using Microsoft NPS/Radius, 3502 ap's, and 5508 controller.
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
how i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?
i`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that
1) i`m not able to broadcast the both SSIDs in the same time from the Access point
2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
Netgear ProSafe Gigabit Router is my DHCP Server -- The entire home net work is on the same subnet (192.168.15.xxx) Linksys E4200 configured as an access point ONLY -- wired connection -- static IP assigned -- DHCP server turned off Linksys WRT610N configured as an access point ONLY -- wired connection -- static IP assigned -- DHCP server turned off
3 -- 5 port gigabit switches 1 -- 8 port gigabit switch
No more than two switches between any two wired devices Both Linksys access points have the same SSID and WPA2 security phrase -- total of 4 radios Nonoverlapping channels are selected on both the 2.4Ghz and 5.0Ghz radio to minimize interference All computers are running Windows 7 Professional 64bit with all the latest updates Two iPhones and one iPad also access the network All LAN and WAN connectivity is working as designed?
Problem:
guest SSID is turned on
password is established
All devices will connect to the guest SSID and the E4200 is assigning an ip address to the device in the 192.168.33.xxx range which is what it's supposed to do.When I open a web browser, I am not automatically redirected to the Cisco Login Page. If I enter 192.168.33.1 as the URL, the login screen is presented. I enter the password I have created in the guest admin page on the wireless guest tab. I then see a blank page and a URL of 192.168.33.1/guestnetwork.asp. THIS IS WHERE I GET STUCK. THE ONLY WAY TO EVER SEE THE LOGIN PAGE AGAIN IS TO REBOOT THE E4200, otherwise you just get unable to connect messages when opening web browsers and the wireless status icon in the system tray shows a yellow exclamation mark.
I successfully connect to the guest SSID but I do not get access to the internet. When I type ipconfig, I see that the DNS is set to 192.168.33.1 which does not exist on my network. I assume there's some internal NAT magic that is supposed to happen in the E4200 to bridge me over to my 192.168.15.xxx network but it doesn't seem to be happening.At the beginning of the call I specifically asked them if the E4200 must be the DHCP server in order for the guest SSID feature to work and they said no. 1.5 hours later they had no answers so they told me that it wasn't working because the E4200 was not the DHCP server. The documentation says nothing about a DHCP requirement for guest AP service. Linksys support further could not answer what you would do if you needed more than one AP with guest service enabled.It seems like this is a firmware issue but it may be the guest SSID service requires the E4200 to also act as the DHCP server. Whether this is a bug or if the router/AP is working as designed?
We just got a WAP4410n and cant seem to get multiple SSID's to show up when searching for them.Only SSID1 shows up in Kismet or any other type of Wifi detector software, is it supposed to be like this?I would imagine that it should display both SSID's
-Mynetwork1 -Mynetwork2
Instead of just Mynetwork1, I have tried everything i can think of to connect to the second one but nothing seems to work.
I have two WAP200's code level version 2.0.4.0 connected to two SFE2000 24port, one switch per building. I have 3 vlans that I want to bridge between those two switches. I know the trunks on the switch are setup correctly because I can connect them directly and test all vlans.
I am able to get the untagged Vlan 1 to work fine with the bridge, but I have issues with the tagged Vlans 2 and 3. I have checked that I have the correct SSID tied to the correct Vlan number. I cause the whole network to lock up when I try to add the other SSID MAC addresses to the AP Mode -> AP Mode -> Wireless Bridge -> "Remote Wireless Bridge's MAC Addresses:" section. The wireless lights and ethernet lights go solid.
Should I be adding the additional MACs there?Does the WAP200 even support multiple VLAN/SSID?
I am using a Aironet 1100 series access point (AIR-AP1142N-N-K9) with IOS version c1140-k9w7-tar.124-21a.JA1. I want to create two seperate SSID's on the access point with WEP encryption. There is no VLAN configured and i want it to be like it. Also I need to broadcast both the SSID's at the same time, so the some of my users need to login with the first SSID and the others to login through the other.
I have come across a new problem with our WAP4410N. I have set up multiple SSID's for various groups of people and guests at our company, the first and main SSID has set security properly at WPA2-Personal with a 63 character password. So I went ahead and setup the other 3 SSID's with the same security (just to initially get security going was planning on taking down one of them for guest account), but when I boot up my testing laptop, it shows that SSID's 2-4 have no security what-so-ever.
I have re-checked my settings in the Wireless Security tab and they are all still set with the passwords.
I am using: PID VID: WAP4410N-A V02Software Version: 2.0.4.2.
On a wlc 5508-7.0.116, can I set up 2 ssids that map to one wlan/vlan/subnet. I thought you could but I don't have the means to test without breaking production.
I have a Cisco AIR-AP1242AG-A-K9 Autonomous AP running firmware 12.4(25d)JA. I wish to set up multiple SSID's (2) each having their own separate security types. Both security types may end up being WPA2, but would have separate keys. I do not have a managed switch, the AP is connected to a "dumb" switch in an office environment, with no VLANS. Also this is only for 1 access point.
I have tried creating 2 SSID's, but my issue is that only one SSID will actually work at a time, meaning that only the native VLAN in the AP will actually allow wired traffic through it's SSID. How can I set up 2 different SSID's, with 2 independant security types and have them work simultaneously? Is this functionality supported by this AP?I feel that this is possible, as I can easily set this up on other access points from other manufacturers.
I currently have an 867vae router and a 1131ag ap setup with 2 vlans and 2 ssid's. I am in the process of baby proofing the house and would like to use the cisco plsk400 homeplug system to relocate my wap. I use 2 networks to seperate and filter the kids internet traffic from my own. It also allows me to shut the kids vlan when they shouldnt be on the internet.
As far as i can tell the plsk400 homeplug doesnt support 802.1q.... so is there any way i can keep the seperate networks/SSID's and the abilty to filter and turn off one of them at will without a trunked link to the router?
i' ve got 2 cisco 1130 AG AP's , i want both of them to broadcast 2 ssid's per AP, i've done so far but my clients cannot get a ip adress from the dhcp server.
I have two 1142n LWP ap converted into standalone, as client doesn't have any controller there. They just want to extend their network via wireless.
L3 switch (trunk port gig 1/48) -----> connected to AP1 L3 switch (trunk port 2/48) -----------> connected to AP2
client is looking for 3 vlans on the floor ( users might multiple vlans might associated same AP ). They have a dedicated DHCP/DNS server and he will be configuring 3 vlans on L3 switch with correct ip helper address on SVI interfaces.
I'm i allowed to created 3 SSID's on 1142n standalone AP ?
What would the various optiosn to achieve this requirement ? Is there any simplest way to achieve this ? Do i need to go for 802.1x ? I remember client told their users are authenticating by using AD for wired network. This is their first request for wireless environment
I have around 60 , 1142 N APs . As of now i have only management VLAN ( for IP ) & one user vlan 350 configured on the access point . All the users connect to VLAN 350 and they get IP as required.However in our new set up there are couple of requirements have come up were in SSID will be the same however we have created many VLANs for different kind of user group and all these VLANs should be mapped to this single SSID and pick the IPs from their respective VLANs .
We have done configuration on the RADIUS server side were in we have mapped the users in their respective VLANs and they are getting authenticated via AD . Now how do i map my these 4-5 VLANs in a single SSID in Access Point.
We have multiple Cisco Aironet 1131AG devices, all wired on one Cisco L2 switch(2560) who is connected to L3 switch (3550). We assigned one VLAN for access point in L3 switch who acts as vtp server (L2 switch is vtp client). All ap's will have static ip address and all will have same SSID and no security and they will be using multiple channels (ex. 1,6,11). They will operate in 3 floor building for roaming wireless client. We won't using any wireless controller.
How to configure APs-all the same with different ip's, can we use L3 switch to create dhcp server for access points VLAN (pool for clients, and the rest for static ip for ap's)?
I just bought a Linksys E2500, and I'm trying to configure multiple SSID's on it. The "guest mode" won't work for me because I want one SSID to use WPA and the other to use WEP, but the option to set different encryption based on the GHz frequency of the connection won't work for me because I only want the WEP one to be used by my Nintendo DS (which doesn't support WPA); I don't want to force ALL devices that don't support 5GHz to use the WEP one!
So My ssid is naular and it has password protection. However there is another ssid from my router called "linksys" which is unprotected. I tried to change it and messed it up bad. Everyime I sign on to "naular" it makes "Naular 2" then Naular 2 3 then Naular 2 3 4 etc. Then I only get local access. I look at my wireless thing and it says i'm connected to naular 2 3 4 5 when I signed onto Naular earlier.
I currently have mutiple computers at my place. Once the computer turned on i want the option of which login for the current computer to use, it can login it current computer or the mutiples computer with their content/data all inside. So more like an computer linked. Example, it can only to A or B, A is the current computer data, while B have all the data of the different computer monitor datas, and if i login B it will show that current computer info. And same goes to the B computer, i can login to A or B on the B computer. What makes this very good is that, both the computer logins are sort of connected, for example if im on actual computer A, but logined to computer B and downloaded/changed some files/data on the B login, once i login on computer B to login B, the changes will apply even tho the changes are done in computer A.
I currently have mutiple computers at my place. Once the computer turned on i want the option of which login for the current computer to use, it can login it current computer or the mutiples computer with their content/data all inside. So more like an computer linked. Example, it can only to A or B, A is the current computer data, while B have all the data of the different computer monitor datas, and if i login B it will show that current computer info. And same goes to the B computer, i can login to A or B on the B computer. What makes this very good is that, both the computer logins are sort of connected, for example if im on actual computer A, but logined to computer B and downloaded/changed some files/data on the B login, once i login on computer B to login B, the changes will apply even tho the changes are done in computer A.
Everytime I disable SSID Broadcasting 2 extra wireless connections appear available connections list. (See wirelessconnections.jpg) One is blank and one is labeled Other Network. They disappear when I enable SSID Broadcasting. I am not sure why this is happening.
I have two WAP200's code level version 2.0.4.0 connected to two SFE2000 24port, one switch per building. I have 3 vlans that I want to bridge between those two switches. I know the trunks on the switch are setup correctly because I can connect them directly and test all vlans.
I am able to get the untagged Vlan 1 to work fine with the bridge, but I have issues with the tagged Vlans 2 and 3. I have checked that I have the correct SSID tied to the correct Vlan number. I cause the whole network to lock up when I try to add the other SSID MAC addresses to the AP Mode -> AP Mode -> Wireless Bridge -> "Remote Wireless Bridge's MAC Addresses:" section. The wireless lights and ethernet lights go solid.Should I be adding the additional MACs there?
Whenever I try to login to the router, it fails to recognise the username and password for usually the first 5 or 6 attempts, then recognises them on the 6th or 7th. Not eactly a massive issue, but coupled with what seems to be a very unstable connection makes me wonder if it was a good move to buy cisco.
I have a facebook account for work and another one personal, and another one for my family, sometimes it's distrubing to log in into the 3 accounts at once, is there any solution how to log into the 3 accounts using a single Skype ID? or a chat webpage such as meebo before instant chat which acquired by google on the 11 of july 2012, I used to log in meebo using my 2 MSN accounts an 1 yahoo account at once, it was a great one indeed?
I have a Cisco Wireless LAN Controller AIR-CT5508-K9 running Software Version 7.0.98.218. This WLC has registered ten AP model 1240.Now I have configured fiive CAP3502 with static capwapp commands, when I connect the CAP-3502 in the network, in the WLC I see the status "downloading" then the CAP restart, and the console show the message *Mar 1 00:15:39.033: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER, and never the CAP3502 is registered in the WLC. [code]
i have 2504 controller with 7.0.116.0 software and some 3502 APs. I also using 5 APs now and few days ago I bought some additional 3502 APs and I can't get them connected to the controller. My company admins decided to using DNS controller discovery instead of using DHCP option 43. I'm connecting APs to access ports of Linksys switches and APs not in the same subnet as ap-manager interface of controller. AP succesfully get IP and DNS from DHCP and could ping cisco-capwap-controller. However, I have such messages.
*Mar 1 00:12:32.014: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.Not in Bound state. *Mar 1 00:12:40.533: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
I can succesfully ping controller from AP AP30f7.0d2e.9a58#ping cisco-capwap-controller Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.23.16.30, timeout is 2 seconds: