8-4
Cisco Aironet 1100 Series Access Point Installation and Configuration Guide
OL-2851-01
Chapter 8 Configuring Multiple SSIDs
Configuring Multiple SSIDs
Note You use the ssid command’s authentication options to configure an authentication type for each SSID.
See Chapter 10, “Configuring Authentication Types,” for instructions on configuring authentication
types.
Use the no form of the command to disable the SSID or to disable SSID features.
This example shows how to:
• Name an SSID
• Configure the SSID for RADIUS accounting
• Set the maximum number of client devices that can associate using this SSID to 15
• Assign the SSID to a VLAN
ap1100# configure terminal
ap1100(config)# configure interface dot11radio 0
ap1100(config-if)# ssid batman
ap1100(config-ssid)# accounting accounting-method-list
ap1100(config-ssid)# max-associations 15
ap1100(config-ssid)# vlan 3762
ap1100(config-ssid)# end
Using a RADIUS Server to Restrict SSIDs
To prevent client devices from associating to the access point using an unauthorized SSID, you can
create a list of authorized SSIDs that clients must use on your RADIUS authentication server.
The SSID authorization process consists of these steps:
1. A client device associates to the access point using any SSID configured on the access point.
2. The client begins RADIUS authentication.
3. The RADIUS server returns a list of SSIDs that the client is allowed to use. The access point checks
the list for a match of the SSID used by the client. There are three possible outcomes:
a. If the SSID that the client used to associate to the access point matches an entry in the allowed
list returned by the RADIUS server, the client is allowed network access after completing all
authentication requirements.
b. If the access point does not find a match for the client in the allowed list of SSIDs, the access
point disassociates the client.
c. If the RADIUS server does not return any SSIDs (no list) for the client, then the administrator
has not configured the list, and the client is allowed to associate and attempt to authenticate.
The allowed list of SSIDs from the RADIUS server are in the form of Cisco VSAs. The Internet
Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific
information between the access point and the RADIUS server by using the vendor-specific attribute
(attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes
not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific option by
Step 9
end Return to privileged EXEC mode.
Step 10
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
To Next Page
Loading...
