7-13
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter7 Configuring Multiple SSIDs
Including an SSID in an SSIDL IE
Including an SSID in an SSIDL IE
The access point beacon can advertise only one broadcast SSID. However, you can use SSIDL
information elements (SSIDL IEs) in the access point beacon to alert client devices of additional SSIDs
on the access point. When you designate an SSID to be included in an SSIDL IE, client devices detect
that the SSID is available, and they also detect the security settings required to associate using that SSID.
Note When multiple BSSIDs are enabled on the access point, the SSIDL IE does not contain a list of SSIDs;
it contains only extended capabilities.
Beginning in privileged EXEC mode, follow these steps to include an SSID in an SSIDL IE:
Use the no form of the command to disable SSIDL IEs.
NAC Support for MBSSID
Networks must be protected from security threats, such as viruses, worms, and spyware. These security
threats disrupt business, causing downtime and continual patching. Endpoint visibility and control is
needed to help ensure that all wired and wireless devices attempting to access a network meet corporate
security policies. Infected or vulnerable endpoints need to be automatically detected, isolated, and
cleaned.
NAC is designed specifically to help ensure that all wired and wireless endpoint devices (such as PCs,
laptops, servers, and PDAs) accessing network resources are adequately protected from security threats.
NAC allows organizations to analyze and control all devices coming into the network. By ensuring that
every endpoint device complies with corporate security policy and is running the latest and most relevant
security protections, organizations can significantly reduce or eliminate endpoint devices as a common
source of infection or network compromise.
WLANs need to be protected from security threats such as viruses, worms, and spyware. Both the NAC
Appliance and the NAC Framework provide security threat protection for WLANs by enforcing device
security policy compliance when WLAN clients attempt to access the network. These solutions
quarantine non-compliant WLAN clients and provide remediation services to help ensure compliance.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface.
Step3 ssid ssid-string Enter configuration mode for a specific SSID.
Step4 information-element ssidl
[advertisement] [wps]
Include an SSIDL IE in the access point beacon that advertises
the access point’s extended capabilities, such as 802.1x and
support for Microsoft Wireless Provisioning Services (WPS).
Use the advertisement option to include the SSID name and
capabilities in the SSIDL IE. Use the wps option to set the WPS
capability flag in the SSIDL IE.