Guest

Cisco Security Modules for Routers and Switches

SSID-on-Autonomous-AP-Configuration-Example

Techzone Article content

Document ID: 116586

Updated: Oct 16, 2013

Contributed by Salma Sulthana, Cisco TAC Engineer.

   Print

Introduction

This document describes the process to configure a service set identifier (SSID) with a single VLAN on Cisco IOS®

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

The SSID is a unique identifier that wireless network devices use to establish and maintain wireless connectivity. AP radios are disabled and no default SSID is assigned. This is done in order to prevent unauthorized users to access a customer's wireless network through an access point that has a default SSID and no security settings. You must create an SSID before you can enable the access point radio interfaces.

Multiple access points on a network or subnetwork can use the same SSIDs. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. Do not include spaces in your SSIDs.

The first character cannot contain any of these characters:

  • Exclamation point (!)
  • Pound sign (#)
  • Semicolon (;)

These characters are also invalid and cannot be used in an SSID:

  • Plus sign (+)
  • Right bracket (])
  • Front slash (/)
  • Quotation mark (")
  • Tab
  • Trailing spaces

You can configure up to sixteen SSIDs on your Cisco Aironet Access Point and assign different configuration settings to each SSID. On dual-radio wireless devices, the SSIDs that you create are enabled on both radio interfaces.  The client devices can associate to the access point with the use of any of the active SSIDs.

Configure

Configuration from the Switch Side

 en
conf t
int Gig 1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport trunk allowed vlan 1,50

Method 1: Configure the SSID on an AP with a GUI

  1. Create a VLAN for the SSID.

  2. Create an SSID and assign the VLAN.

  3. Broadcast the SSID.

Method 2: Configure the SSID on an AP with a CLI

  1. Configure the SSID and map it to a VLAN.
    Enable
    Conf ter
    Dot11 ssid Cisco
    Vlan 50
    Authentication open
    Guest-mode
    End
  2. Configure the Dot11 Radio 0 and Gigabit Ethernet interfaces.
    >Conf t
    interface Dot11Radio 0
    ssid Cisco
    Exit

    Interface Dot11Radio 0.50
    Encapsulation dot1Q 50 native
    Bridge-group 1
    Exit

    Interface GigabitEthernet 0
    Bridge-group 1

    Interface GigabitEthernet 0.50
    Encapsulation dot1Q 50 native
    Bridge-group 1

    Note: The Native VLAN should always be mapped to the bridge-group 1. If both the radios are active, then configure Radio 1 like Radio 0.

Verify

Use this section to confirm that your configuration works properly.

  • Ping from the AP to the VLAN interface of the switch, You should be able to ping.
  • On the AP, enter the show dot11 associations command. You must see the client associated to the SSID.
ap# show dot11 associations

802.11 Client Stations on Dot11Radio0
 SSID [Cisco] :
MAC Address        IP address        Device        Name        Parent        State
0811.967e.c384   192.168.50.4   ccx-client     ap              self           Assoc

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Updated: Oct 16, 2013
Document ID: 116586