Support User Manuals

Cisco Systems OL-29225-01 Film Camera User Manual

Open as PDF

of 514

7-5

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-30644-01

Chapter 7 Configuring Multiple SSIDs

Configuring Multiple SSIDs

Note When you enable guest SSID mode for the 802.11g radio it applies to the 802.11b radio as well since

802.11b and 802.11g operate in the same 2.4Ghz band.

Use the no form of the command to disable the SSID or to disable SSID features.

This example shows how to:

• Name an SSID

• Configure the SSID for RADIUS accounting

• Set the maximum number of client devices that can associate using this SSID to 15

• Assign the SSID to a VLAN

• Assign the SSID to a radio interface

AP# configure terminal

AP(config)# dot11 ssid batman

AP(config-ssid)# accounting accounting-method-list

AP(config-ssid)# max-associations 15

AP(config-ssid)# vlan 3762

AP(config-ssid)# exit

AP(config)# interface dot11radio 0

AP(config-if)# ssid batman

AP(config-if)#end

Viewing SSIDs Configured Globally

Use this command to view configuration details for SSIDs that are configured globally:

AP# show running-config ssid ssid-string

Using a RADIUS Server to Restrict SSIDs

To prevent client devices from associating to the access point using an unauthorized SSID, you can

create a list of authorized SSIDs that clients must use on your RADIUS authentication server.

The SSID authorization process consists of these steps:

1. A client device associates to the access point using any SSID configured on the access point.

2. The client begins RADIUS authentication.

3. The RADIUS server returns a list of SSIDs that the client is allowed to use. The access point checks

the list for a match of the SSID used by the client. There are three possible outcomes:

a. If the SSID that the client used to associate to the access point matches an entry in the allowed

list returned by the RADIUS server, the client is allowed network access after completing all

authentication requirements.

b. If the access point does not find a match for the client in the allowed list of SSIDs, the access

point disassociates the client.

c. If the RADIUS server does not return any SSIDs (no list) for the client, then the administrator

has not configured the list, and the client is allowed to associate and attempt to authenticate.

The allowed list of SSIDs from the RADIUS server are in the form of Cisco VSAs. The Internet

Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific

information between the access point and the RADIUS server by using the vendor-specific attribute

previous next