User Guide
Table Of Contents
- Cisco Wireless ISR and HWIC Access Point Configuration Guide
- Contents
- Preface
- Overview
- Configuring Radio Settings
- Enabling the Radio Interface
- Roles in Radio Network
- Configuring Network or Fallback Role
- Universal Client Mode
- Configuring Universal Client Mode
- Configuring Radio Data Rates
- Configuring Radio Transmit Power
- Configuring Radio Channel Settings
- Enabling and Disabling World Mode
- Enabling and Disabling Short Radio Preambles
- Configuring Transmit and Receive Antennas
- Disabling and Enabling Access Point Extensions
- Configuring the Ethernet Encapsulation Transformation Method
- Enabling and Disabling Reliable Multicast to Workgroup Bridges
- Enabling and Disabling Public Secure Packet Forwarding
- Configuring Beacon Period and DTIM
- Configuring RTS Threshold and Retries
- Configuring Maximum Data Retries
- Configuring Fragmentation Threshold
- Enabling Short Slot Time for 802.11g Radios
- Performing a Carrier Busy Test
- Configuring Multiple SSIDs
- Configuring an Access Point as a Local Authenticator
- Understand Local Authentication
- Configure a Local Authenticator
- Guidelines for Local Authenticators
- Configuration Overview
- Configuring the Local Authenticator Access Point
- Configuring Other Access Points to Use the Local Authenticator
- Configuring EAP-FAST Settings
- Limiting the Local Authenticator to One Authentication Type
- Unblocking Locked Usernames
- Viewing Local Authenticator Statistics
- Using Debug Messages
- Configuring Encryption Types
- Configuring Authentication Types
- Configuring RADIUS Servers
- Configuring and Enabling RADIUS
- Understanding RADIUS
- RADIUS Operation
- Configuring RADIUS
- Default RADIUS Configuration
- Identifying the RADIUS Server Host
- Configuring RADIUS Login Authentication
- Defining AAA Server Groups
- Configuring RADIUS Authorization for User Privileged Access and Network Services
- Starting RADIUS Accounting
- Selecting the CSID Format
- Configuring Settings for All RADIUS Servers
- Configuring the Access Point to Use Vendor-Specific RADIUS Attributes
- Configuring the Access Point for Vendor-Proprietary RADIUS Server Communication
- Configuring WISPr RADIUS Attributes
- Displaying the RADIUS Configuration
- RADIUS Attributes Sent by the Access Point
- Configuring and Enabling RADIUS
- Configuring VLANs
- Configuring QoS
- Channel Settings
- Protocol Filters
- Supported MIBs
- Error and Event Messages
- Glossary
- Index
3-5
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 3 Configuring Multiple SSIDs
Configuring Multiple SSIDs
Viewing SSIDs Configured Globally
Use this command to view configuration details for SSIDs that are configured globally:
router# show running-config ssid ssid-string
Using Spaces in SSIDs
In Cisco IOS Release 12.4(15)T, you can include spaces in an SSID, but trailing spaces (spaces at the
end of an SSID) are invalid. However, any SSIDs created in previous versions having trailing spaces are
recognized. Trailing spaces make it appear that you have identical SSIDs configured on the same access
point. If you think identical SSIDs are on the access point, use the show dot11 associations privileged
EXEC command to check any SSIDs created in a previous release for trailing spaces.
For example, this sample output from a show configuration privileged EXEC command does not show
spaces in SSIDs:
ssid buffalo
vlan 77
authentication open
ssid buffalo
vlan 17
authentication open
ssid buffalo
vlan 7
authentication open
However, this sample output from a show dot11 associations privileged EXEC command shows the
spaces in the SSIDs:
SSID [buffalo] :
SSID [buffalo ] :
SSID [buffalo ] :
Using a RADIUS Server to Restrict SSIDs
To prevent client devices from associating to the access point using an unauthorized SSID, you can
create a list of authorized SSIDs that clients must use on your RADIUS authentication server.
The SSID authorization process consists of these steps:
1. A client device associates to the access point using any SSID configured on the access point.
2. The client begins RADIUS authentication.
3. The RADIUS server returns a list of SSIDs that the client is allowed to use. The access point checks
the list for a match of the SSID used by the client. There are three possible outcomes:
a. If the SSID that the client used to associate to the access point matches an entry in the allowed
list returned by the RADIUS server, the client is allowed network access after completing all
authentication requirements.
b. If the access point does not find a match for the client in the allowed list of SSIDs, the access
point disassociates the client.
c. If the RADIUS server does not return any SSIDs (no list) for the client, then the administrator
has not configured the list, and the client is allowed to associate and attempt to authenticate.