Cisco 3200 Series Wireless MIC Software Configuration Guide
Service Set Identifiers
Download this chapter
Service Set IdentifiersService Set Identifiers
Download the complete book
Cisco 3200 Series Rugged ISRCisco 3200 Series Rugged ISR (PDF - 6 MB)
give_us_feedback

Table Of Contents

Service Set Identifiers

Understanding SSIDs

Configuring the SSID

Creating an SSID

Configuring Any SSID

Configuring Multiple Basic SSIDs

Requirements for Configuring Multiple BSSIDs

Guidelines for Using Multiple BSSIDs

CLI Configuration Example

Displaying Configured BSSIDs


Service Set Identifiers

This document describes how to configure a service set identifier (SSID).

Understanding SSIDs

The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple bridges on a network or subnetwork can use the same SSID. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. Do not include spaces in your SSID.

When you configure an SSID you assign these configuration settings to the SSID:

VLAN

RADIUS accounting for traffic using the SSID

Encryption settings

Authentication method

Note For detailed information on client authentication types, see "Authentication Types".

If you want the WMIC to allow associations from bridges that do not specify an SSID in their configurations, you can include the SSID in the beacon. However, to keep your network secure, you should remove the SSID from the beacon. You can assign an authentication username and password to the SSID to allow the WMIC to authenticate to your network using the Extensible Authentication Protocol (EAP) authentication method.

Configuring the SSID

These sections contain configuration information for the SSID. By default, there is no SSID configured under dot11 interface and therefore, the dot11 interface remains down.

Creating an SSID

To create an SSID for a WMIC, follow these steps, beginning in privileged EXEC mode:

 
Command
Purpose

Step 1 

configure terminal

Enters global configuration mode.

Step 2 

dot11 ssid ssid-string

Creates an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive.

Note You can include spaces in an SSID, but do not add spaces at the end of the SSID.

Step 3 

accounting list-name

(Optional) Enables RADIUS accounting for this SSID. For list-name, specify the accounting method list. For more information on method lists, click this link: /en/US/docs/ios/12_2/security/configuration/guide/scfacct.html#xtocid2

Step 4 

vlan vlanid-or-name

(Optional) Assigns the SSID to a VLAN on your network using the VLAN ID or name.

Step 5 

end

Returns to privileged EXEC mode.

Use the no form of the command to disable the SSID.

Note Use the ssid authentication options to configure an authentication type for the SSID. See "Authentication Types" for instructions on configuring authentication types. Use the ssid encryption option to configure encryption settings for the SSID. See Cipher Suites and WEP for instructions on configuring encrypton settings. Use the ssid priority to configure priority for the SSID, See Setting Priority in 12.4(3)JK and Later Releases.

The following example shows how to

Name an SSID

Configure the SSID for RADIUS accounting

Assign the SSID to the native VLAN 

bridge# configure terminal

bridge(config)# dot11r ssid bridgeman

bridge(config-ssid)# accounting accounting-method-list

bridge(config-ssid)# vlan 1

bridge(config-ssid)# encryption mode cipher wep 128

bridge(config-ssid)# priority 10

bridge(config-ssid)# infrastructure-ssid

bridge(config-ssid)# end

Configuring Any SSID

When any of the configured SSID profiles match with the AP, the workgroup bridge and universal workgroup bridge associates to the AP. When the configured SSID profiles do not match with the AP, the workgroup bridge and universal workgroup bridge will fail to associate to the AP. Any SSID feature will enable the workgroup bridge and universal workgroup bridge to associate to guest-mode SSID configured on the AP. The workgroup bridge and universal workgroup bridge should have the compatible authentication and encryption settings under the profile named "any".

Note "Any SSID" feature requires guest-mode to be enabled on the Cisco access point. This feature is supported for 2.4-GHz, 4.9-GHz and 5.0-GHz WMIC.

To configure Any SSID, define a new SSID profile as "any", defining the authentication and encryption under Any SSID. Enable the Any SSID under the dot11radio interface.

This example shows the command output: 

dot11 ssid any

< authentication configurations>

< encryption configurations>

interface Dot11Radio0

ssid any

Note To allow the WMIC to associate with the root device by using any ssid, the root device must enable the guest mode. For Cisco wireless APs or WMICs, this can be done by configuring guest-mode (or mbssid guest-mode, if mbssid is configured) for the specific SSID. The priority of the "any" profile is least (default) and can not be configured.

Configuring Multiple Basic SSIDs

Cisco 3200 series WMICs now support up to 8 basic SSIDs (BSSIDs), which are similar to MAC addresses. This feature is support on all the WMICs. You use multiple BSSIDs to assign a unique Delivery Traffic Indication Message (DTIM) setting for each SSID and to broadcast more than one SSID in beacons. A large DTIM value increases battery life for power-save client devices that use an SSID; broadcasting multiple SSIDs makes your wireless LAN more accessible to guests.

Note Devices on your wireless LAN that are configured to associate to a specific access point based on the access point MAC address (for example, client devices, hot standby units, or workgroup bridges) might lose their association when you add or delete a multiple BSSID. When you add or delete a multiple BSSID, check the association status of devices configured to associate to a specific access point. If necessary, reconfigure the disassociated device to use the new MAC address of the BSSID.

Requirements for Configuring Multiple BSSIDs

To configure multiple BSSIDs, your access points must meet these minimum requirements:

VLANs must be configured.

Access points must run Cisco IOS Release 12.3(4)JA or later.

Access points must contain a radio that supports multiple BSSIDs. To determine whether a radio supports multiple basic SSIDs, enter the show controllers radio_interface command. The radio supports multiple basic SSIDs if the results include this line: 

Number of supported simultaneous BSSID on radio_interface: 8

Guidelines for Using Multiple BSSIDs

Keep these guidelines in mind when configuring multiple BSSIDs:

RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs.

When you enable BSSIDs, the access point automatically maps a BSSID to each SSID. You cannot manually map a BSSID to a specific SSID.

When multiple BSSIDs are enabled on the access point, the Service Set Identification List information element (SSIDL IE) does not contain a list of SSIDs; it contains only extended capabilities.

Any Wi-Fi certified client device can associate to an access point using multiple BSSIDs.

You can enable multiple BSSIDs on access points that participate in WDS.

CLI Configuration Example

This example shows the commands that you can use on the command-line interface (CLI) to enable multiple BSSIDs on a radio interface, create an SSID called visitor, designate the SSID as a BSSID, specify that the BSSID is included in beacons, set a DTIM period for the BSSID, and assign the SSID visitor to the radio interface.

Use the dot11 mbssid command in global configuration mode to simultaneously enable multiple BSSIDs on all radio interfaces that support multiple BSSIDs. 

ap(config)# configure terminal

ap(config)# dot11 mbssid

ap(config)# dot11 ssid visitor

ap(config-ssid)# mbssid guest-mode dtim-period 75

ap(config-ssid)# exit

ap(config)# interface d0

ap(config-if)# ssid visitor

You can also use the mbssid command in configuration interface mode to enable multiple BSSIDs on an access point radio interface. This example shows how to enable multiple BSSIDs on a radio interface: 

ap(config)# interface d0

ap(config-if)# mbssid

ap(config-if)# exit

Displaying Configured BSSIDs

Use the show dot11 bssid command in privileged EXEC mode to display the relationship between SSIDs and BSSIDs or MAC addresses. This example shows the command output: 

AP1230# show dot11 bssid

Interface     BSSID           Guest  SSID

Dot11Radio1   0011.2161.b7c0  Yes  atlantic

Dot11Radio0   0005.9a3e.7c0f  Yes  WPA2-TLS-g