Cisco Wireless | 1 Access Point with 2 Bandwidth Frequencies ( 2.4Ghz and 5 Ghz ) and both with the same SSID

Few weeks ago I was able to configure my cisco AP 1131 AG. I wanted to configure this device with 2 channel frequencies. 1 at 2.4Ghz and 1 at 5Ghz, both frequencies had to be in the same SSID. I created on my device 2 SSID’s 1 for my personal usage and 1 for my guests.
After configuring this setup ( included my router with 2 VLAN’s on it.) Was there a period of testing well only 1 said I could test because the other one I didn’t use yet.
There for I wanted to share a sample configuration if you wanted to create one for your self or business too.
version 12.4
no service pad
service timestamps debug datetime localtime year
service timestamps log datetime localtime year
service password-encryption
!
hostname <YOUR WIFI NAME>
!
enable secret <YOUR INCREDIBLE SECRET PASSWORD>
!
aaa new-model
!
!
aaa group server radius rad_mac
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization network default local
!
aaa session-id common
clock timezone GMT+1 1
clock summer-time GMT+1 recurring last Sun Mar 2:00 last Sun Oct 3:00
ip domain name <YOUR LOCAL DOMAIN NAME>
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
dot11 mbssid
dot11 syslog
dot11 vlan-name norther vlan 1
dot11 vlan-name norther-guests vlan 2
!
dot11 ssid <YOUR SSID 1>
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii <YOUR WPA CODE>
!
dot11 ssid <YOUR-guests SSID>
vlan 2
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii <WPA CODE>
!
dot11 arp-cache
!
!
username <YOUR USERNAME> privilege 15 view root secret <YOUR PASSWORD>
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid <YOUR SSID 1>
!
ssid <YOUR-guests SSID>
!
station-role root access-point
infrastructure-client
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
ssid <YOUR SSID 1>
!
ssid <YOUR-guests SSID>
!
no dfs band block
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address <YOUR IP ADDRESS + Subnetmask>
no ip route-cache
!
ip default-gateway <YOUR GATEWAY>
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
privilege level 15
line vty 0 4
exec-timeout 0 0
privilege level 15
password <Your Password>
transport input telnet ssh
!
sntp server <NTP SERVER >
sntp broadcast client
End
Download the example configuration click here.

4 thoughts on “Cisco Wireless | 1 Access Point with 2 Bandwidth Frequencies ( 2.4Ghz and 5 Ghz ) and both with the same SSID”

  1. If you want to disallow devices communicating with each other on the same wireless network you can use the
    bridge-group port-protected
    command per dot11radio interface (and subinterface). This may be interesting for public Wi-Fi networks such as hotels, etc…

  2. Hmm wordpress filtered out my greater than and smaller than signs, the correct syntax is:
    bridge-group [bgroupnr] port-protected
    For example
    bridge-group 2 port-protected

  3. And maybe another note, most devices will connect via 2,4 GHz even if they detect both 2,4 and 5 GHz. Cisco WLAN controllers have a feature which will make the 5 GHz band more “attractive” by delaying the response times on the 2,4 GHz band, hoping the connecting device will associate using 5 GHz because it detected the 2,4 as “lower signal strength” due to the delayed responses.
    If you can choose:
    * 2,4 GHz = better range
    * 5 GHz = less crowded

  4. I run at home both frequencies. And i noticed that my apple notebook connects directly to the 5Ghz while my Windows notebook and IPhone connecting to the 2.4Ghz. Even with the configuration I’ve a complete signal in my home which. When i leave my home out side i loose my signal which i think is good for me. Because no one will see the SSID.
    However both attention notes are good to know for every one.

Leave a Reply to glennmatthysCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.