Wednesday, 2 July 2014

Multiple SSID's & Network addresses

Using the same layer 2 network I have been teaching myself with, I was finally able to create a multi-addressing scheme with more than one SSID being broadcasted.

In my test network, I created a connection between a router, switch and the wireless access point. Both router and access point were connected to the switch via a trunk-ed connection, which allows multiple network ranges to be transmitted over one connection. I then created 3 DHCP pools on the router, the first one for management connections (& native vlans),  and the second & third being the two test wireless networks that'll be allocated to different SSID's (Network10 & Network20).

The first step was to create an SSID, allocate a Vlan which it's use, along with setting it's authentication method and password.

 Dot11 ssid <NetworkName>
>Vlan <ID>
>Authentication open
>Authentication key-management wpa
>wpa-psk ascii <0/7> <password>
>Mbssid Guest-mode

 Next was to go on to the wireless interface, and apply the encryption used on each Vlan. Then the SSID's that'll be broadcasted via the wireless interface. Lastly "Mbssid" to tell the interface that there are to be multiple networks broadcasted.

 Interface dot11Radio <0/1>
>encryption vlan <ID> mode ciphers tkip
>ssid <NetworkName>
>Mbssid

 As there are all multiple wireless networks sharing single interfaces, I had to enable encapsulation. The "bridge-group" command binds the radio interface with the fastEthernet connection. I used the same numbers as what I used on the Vlans to avoid confusion.

Interface dot11Radio <0/1>.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>
Interface fastEthernet 0.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>

 The last commands I needed to apply was "bridge irb", because the access point doesn't do routing and finally to turn on the interface.

 bridge irb

 Interface dot11Radio <0/1>
>no shutdown

 Next I did the testing.


When scanning for wireless connections, both of my networks "Network10" & "Network20" came up with authentication. Like what I set above, the security was "WPA PSK". 

As shown, when I've connected to each of the wireless networks it allocated different IP addresses and default gateways.
Above is a screenshot from the router, showing the addresses that had been given via DHCP. You can see the two different addresses that my phone was allocated, as it has the same MAC address. 

Next step will be to get the same idea working over a layer 3 network.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)