Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mutiple SSID's and multiple Vlans

Status
Not open for further replies.
NetworkDOC

NetworkDOC

MIS
May 19, 2004
212
US
I have a need to have a single access point that can provide two ssid's to separate VLANS. One vlan would go to a DMZ that allowed for example vendors Internet access (vlan 2). The second SSID would be part of the inter VLAN vlan 1(this site only has a flat network, although they have a 515e with a 4 port DMS card). My thoughts are I could setup trunking to the switch port to listen for the multiple subnets, then have a cable connected to the DMZ2 vlan 2 and traffic could flow out that way. This could connect to the same switch that has van already defined and vlan 1 traffic flows as normal.

Does this sound feasible? Any caveats? Any thoughts?
 
Sort by date Sort by votes
I dont believe that is possible due to the access point going into the same spot on the router. I think you will need to implement two Acess Points.
 
Upvote 0 Downvote
I called Cisco's sales center. It is doable. They recommend using ACL to determine who gets what access. I believe I can grant these by setting up multiple SSID's and they distribute the corect password/ssid info to whom I want to give access. I will try implementing this within the next month or so.
 
Upvote 0 Downvote
Network Doc,

Let me know how it went. I am intrigued. Thanks.
 
Upvote 0 Downvote
Will do.

Here are the (cisco) answers to my questions. BTW I had a typo in the previous post. It is ACS instead of ACL.

Q:
Can this be done with SSIDs on the same AP (see original post)?

A:
Using multiple SSIDs this can be accomplished. Boradcast a public SSID and a private SSID, and you will need to use a ACS server to control who has access and the type of access.

CSACS-3.3-WIN-K9 Cisco Secure ACS 3.3 for Windows.
CSACSE-1112-K9 Cisco Secure ACS 3.3 Solution; includes HW & SW.

Q:
Do I need to have an internal router for this to work?

A:
No the AP itself will support the multiple SSIDs.

I have put into place access points with multiple SSID's and multiple VLAN's in place before. Implemented a Voice over IP solution and had voice on vlan 2, Data on vlan 1. Used a device to perform DHCP (I believe it was the call center box (a 3700 series router). If you connected with a 7920 (kinda like a cell phone from cisco) you got one range of IPS (SSID driven) and if you were walking around with a laptop you got a different IP range.
 
Upvote 0 Downvote
Please let us know.
The CISCO responses you detail only discuss the opportunities for using multiple SSIDs, other than the mention "... you will need to use a ACS server to control who has access and the type of access."

At that point the claim:

Q:
Do I need to have an internal router for this to work?

A:
No the AP itself will support the multiple SSIDs.

becomes rather dubious as to the simplicity and cost of this approach. The ACS server essentially is handling your VLAN traffic by its assignment of DHCP IPs. The AP is doing nothing more than passing to the ACS server two SSIDs of traffic for authentication.


 
Upvote 0 Downvote
Note the above is not a criticism of the approach. It is just a literal answer to the question of how much the AP itself can do.

The answer is that it can host multiple SSIDs. All the rest of the magic needs to come from another resource.
 
Upvote 0 Downvote
I agree. However, my thoughts are this. If I assign a wep key to ssid1 and give that to people whom need access only to the Internet, I create a second SSID and a different wep key, and give that to people whom I would grant anything else. When a user connects they have to input the wep key.

The wiring part.... I plug the access point into a switch that has two vlans defined on it. The port it receives is a trunk port. Then when traffic is destined for vlan 1 it hits the switch, and out to port say 22 which is connected to a DMZ with that same subnet. I may need a DHCP source though for vlan 1. Vlan2 can use the internal DHCP source.

If needed I could even assign static IP's to the vlan1 users. Hmmmm... Just thought about this, the PIX can do DHCP, not sure if it can separate out by DMZ which is which though....
 
Upvote 0 Downvote
Network Doc you are right. You do need to create a trunk port on the switch. You can define several ssid's and assign them to different vlans. You can decide to have one ssid broadcasted, the other one have wep, another one leap enabled. You have to make sure though that the management vlan is the same on the ap and switch. Its not so difficult to configure, especially not through the webinterface (ap1200)


CCNA, CCNP..partly ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hipath4k
  • Locked
  • Question
WIFI router with inbuilt multiple user login and password
Replies
0
Views
152
hipath4k
hipath4k
goombawaho
  • Locked
  • Question
Multiple MAC per Comcast Gateway
Replies
0
Views
71
goombawaho
goombawaho
Jontu Kontar
  • Locked
  • Question
HP Wireless: Problems with more than 2 VSC (aka SSID's)...
Replies
1
Views
116
Jontu Kontar
Jontu Kontar
insureme
  • Locked
  • Question
Cisco 1252 with multiple SSIDs not broadcasting any SSIDs 1
Replies
1
Views
122
ADB100
ADB100
scorney
  • Locked
  • Question
WiFi Router and antenna `Long range` - Recommendations
Replies
0
Views
105
scorney
scorney

Part and Inventory Search

Sponsor

Back
Top