Chapter 3 Configuring Multiple SSIDs

Configuring Multiple SSIDs

Viewing SSIDs Configured Globally

Use this command to view configuration details for SSIDs that are configured globally:

router# show running-config ssid ssid-string

Using Spaces in SSIDs

In Cisco IOS Release 12.4(15)T, you can include spaces in an SSID, but trailing spaces (spaces at the end of an SSID) are invalid. However, any SSIDs created in previous versions having trailing spaces are recognized. Trailing spaces make it appear that you have identical SSIDs configured on the same access point. If you think identical SSIDs are on the access point, use the show dot11 associations privileged EXEC command to check any SSIDs created in a previous release for trailing spaces.

For example, this sample output from a show configuration privileged EXEC command does not show spaces in SSIDs:

ssid buffalo vlan 77 authentication open

ssid buffalo vlan 17 authentication open

ssid buffalo vlan 7 authentication open

However, this sample output from a show dot11 associations privileged EXEC command shows the spaces in the SSIDs:

SSID [buffalo] :

SSID [buffalo ] :

SSID [buffalo ] :

Using a RADIUS Server to Restrict SSIDs

To prevent client devices from associating to the access point using an unauthorized SSID, you can create a list of authorized SSIDs that clients must use on your RADIUS authentication server.

The SSID authorization process consists of these steps:

1.A client device associates to the access point using any SSID configured on the access point.

2.The client begins RADIUS authentication.

3.The RADIUS server returns a list of SSIDs that the client is allowed to use. The access point checks the list for a match of the SSID used by the client. There are three possible outcomes:

a.If the SSID that the client used to associate to the access point matches an entry in the allowed list returned by the RADIUS server, the client is allowed network access after completing all authentication requirements.

b.If the access point does not find a match for the client in the allowed list of SSIDs, the access point disassociates the client.

c.If the RADIUS server does not return any SSIDs (no list) for the client, then the administrator has not configured the list, and the client is allowed to associate and attempt to authenticate.

Cisco Wireless ISR and HWIC Access Point Configuration Guide

 

OL-6415-04

3-5

 

 

 

Page 59
Image 59
Cisco Systems OL-6415-04 Using a Radius Server to Restrict SSIDs, Viewing SSIDs Configured Globally, Using Spaces in SSIDs