Configure Your Autonomous Cisco AP with multiple SSIDs

Introduction

Here is a quick roundup of the commands required to configure an autonomous Cisco AP with multiple SSIDs per radio.

Let us assume that the AP has already had the basic config applied, as described in this article, Configure Your Cisco AP for Survey via CLI.

The core information in this post originally came from mrncciew blog post
https://mrncciew.com/2012/10/24/multiple-ssid-config-on-autonomous-ap


The goal here is to configure an autonomous Cisco AP to broadcast two SSIDs on the 2.4 GHz radio and  a further two different SSIDs on the 5 GHz radio.


Create SSID “ONE”

The SSIDs will be protected with wpa-psk

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#dot11 ssid ONE
 SURVEY(config-ssid)#vlan 11
 SURVEY(config-ssid)#authentication open
 SURVEY(config-ssid)#authentication key-management wpa version 2
 SURVEY(config-ssid)#wpa-psk ascii 0 CiscoCisco
 SURVEY(config-ssid)#mbssid guest-mode
 SURVEY(config-ssid)#exit
 SURVEY(config)#

That is the first SSID created, assigned a vlan, set authentication to be open, laid the groundwork to protect the WLAN with wpa-psk and finally enabled Multiple BSSID guest mode, so that multiple SSIDs may be “visible”.

Create SSID “TWO”

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#dot11 ssid TWO
 SURVEY(config-ssid)#vlan 12
 SURVEY(config-ssid)#authentication open
 SURVEY(config-ssid)#authentication key-management wpa version 2
 SURVEY(config-ssid)#wpa-psk ascii 0 CiscoCisco
 SURVEY(config-ssid)#mbssid guest-mode
 SURVEY(config-ssid)#exit
 SURVEY(config)#

Create Ethernet sub-interface, assign Bridge-Group

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#interface gigabitEthernet 0.11
 SURVEY(config-subif)#encapsulation dot1Q 11
 SURVEY(config-subif)#bridge-group 11
 SURVEY(config-subif)#exit
 SURVEY(config)#

Create a second Ethernet sub-interface & assign Bridge-Group

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#interface gigabitEthernet 0.12
 SURVEY(config-subif)#encapsulation dot1Q 12
 SURVEY(config-subif)#bridge-group 12
 SURVEY(config-subif)#exit
 SURVEY(config)#

Create Radio sub-interface, assign Bridge-Group

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#int dot11Radio 0.11
 SURVEY(config-subif)#encapsulation dot1Q 11
 SURVEY(config-subif)#bridge-group 11
 SURVEY(config-subif)#exit
 SURVEY(config)#

Create a second Radio sub-interface & assign Bridge-Group

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#int dot11Radio 0.12
 SURVEY(config-subif)#encapsulation dot1Q 12
 SURVEY(config-subif)#bridge-group 12
 SURVEY(config-subif)#exit
 SURVEY(config)#

Assign these SSIDs to the 2.4 GHz radio

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#interface dot11Radio 0
 SURVEY(config-if)#mbssid
 SURVEY(config-if)#encryption vlan 11 mode ciphers aes-ccm
 SURVEY(config-if)#encryption vlan 12 mode ciphers aes-ccm
 SURVEY(config-if)#ssid ONE
 SURVEY(config-if)#no shut

SSID ONE should appear

 SURVEY(config-if)#ssid TWO
 SURVEY(config-if)#exit
 SURVEY(config)#

Next we configure two further SSIDs; THREE and FOUR, assign these to the 5 GHz interface in a similar way.


Creating and assigning SSIDs THREE and FOUR to the 5 GHz radio

 SURVEY#
 SURVEY#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 SURVEY(config)#dot11 ssid THREE
 SURVEY(config-ssid)#vlan 13
 SURVEY(config-ssid)#authentication open
 SURVEY(config-ssid)#authentication key-management wpa version 2
 SURVEY(config-ssid)#wpa-psk ascii 0 CiscoCisco
 SURVEY(config-ssid)#mbssid guest-mode
 SURVEY(config-ssid)#exit
 SURVEY(config)#
 SURVEY(config)#dot11 ssid FOUR
 SURVEY(config-ssid)#vlan 14
 SURVEY(config-ssid)#authentication open
 SURVEY(config-ssid)#authentication key-management wpa version 2
 SURVEY(config-ssid)#wpa-psk ascii 0 CiscoCisco
 SURVEY(config-ssid)#mbssid guest-mode
 SURVEY(config-ssid)#exit
 SURVEY(config)#
 SURVEY(config)#interface gigabitEthernet 0.13
 SURVEY(config-subif)#encapsulation dot1Q 13
 SURVEY(config-subif)#bridge-group 13
 SURVEY(config-subif)#exit
 SURVEY(config)#
 SURVEY(config)#interface gigabitEthernet 0.14
 SURVEY(config-subif)#encapsulation dot1Q 14
 SURVEY(config-subif)#bridge-group 14
 SURVEY(config-subif)#exit
 SURVEY(config)#
 SURVEY(config)#int dot11Radio 1.13
 SURVEY(config-subif)#encapsulation dot1Q 13
 SURVEY(config-subif)#bridge-group 13
 SURVEY(config-subif)#exit
 SURVEY(config)#
 SURVEY(config)#interface dot11Radio 1.14
 SURVEY(config-subif)#encapsulation dot1Q 14
 SURVEY(config-subif)#bridge-group 14
 SURVEY(config-subif)#exit
 SURVEY(config)#
 SURVEY(config)#interface dot11Radio 1
 SURVEY(config-if)#mbssid
 SURVEY(config-if)#encryption vlan 13 mode ciphers aes-ccm
 SURVEY(config-if)#encryption vlan 14 mode ciphers aes-ccm
 SURVEY(config-if)#ssid THREE
 SURVEY(config-if)#ssid FOUR
 SURVEY(config-if)#no shut 
 SURVEY(config-if)#end
 SURVEY#

Save the changes we have made

With a good old-fashioned copy run start

 SURVEY#
 SURVEY#copy running-config startup-config
 Destination filename [startup-config]?
 Building configuration...
 [OK]
 SURVEY#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s