Configure an SSID with WPA2-PSK enabled on 2.4 ghz and 5 ghz bands on a Cisco autonomous wireless access point

Overview:
This guide shows how to configure a single SSID that is visible to wireless devices on both 2.4ghz and 5ghz frequencies. This should get you quickly up and running with a Cisco wireless network.

Pre-requisites:

1. A Cisco access point with the Autonomous mode loaded.
   I deployed this on a Cisco 3600i WAP with iOS 15.2
   • See: How To Convert a Cisco 3600 WAP from Lightweight IOS to Autonomous IOS
     
2. Autonomous access point is properly connected to the wired network and has an IP address and default gateway set on the BVI1 interface
   • The BVI1 interface bridges (or essentially “controls”) the ip address of the wired interface. By default BVI1 is set to DHCP. Configure BVI1 with a static IP/gateway if desired.
     e.g.
     (config)# interface BVI1
     (config-int)# ip address [IPAddress] [SubnetMask]
     (config-int)# ip default-gateway [RouterIPAddress]

Steps:

1. Create the SSID
2. Attach the SSID to the Radio interfaces: 2.4ghz & 5ghz
3. Optional: Enable “band-select” to make 5ghz band more desirable

Configuration Script – (Full Commentary)
Here is the configuration script with my full commentary. You may have to scroll to the right to see the full comment. The “uncommented” configuration script is shown in the next section below

!- Go into global Configuration mode
configure terminal

! 1. Create the SSID : MySSID
! ------------------------------------------------------
dot11 ssid MySSID
!- Allow any device to attempt a connection
authentication open
!- Specify WPA2 as the authentication type
authentication key-management wpa version 2
!- Enable SSID to be visible/broadcast
guest-mode
!- Specify the password
wpa-psk ascii TheSuperSecretP@55word

!- Jump out of (config-ssid)# back to (config)#
exit

! 2. Attach the SSID to Radio Interfaces
! ------------------------------------------------------
!- Configure 2.4ghz Radio : DotRadio 0 is typically 2.4ghz - to confirm run the command "show interface DotRadio 0" to get information on the hardware
interface Dot11Radio 0
!- Required to use WPA2 autentication
encryption mode ciphers aes-ccm
!- Attach the SSID to this radio
ssid MySSID
!- Enable the 2.4ghz radio
no shutdown

!- Configure 5 ghz Radio : DotRadio 1 is typically 5ghz
interface Dot11Radio 1
!- This setting is required to enable WPA2 authentication
encryption mode ciphers aes-ccm
!- Attach the SSID to this radio
ssid MySSID
!- Enable the 5ghz radio
no shutdown

!- Jump out of (config-if)# back to (config)#
exit

!- OPTIONAL: Enable band-select to make 5 ghz the preferred band (See "Further Considerations" section below)
!- OPTIONAL <Start Section> band-select
   dot11 ssid MySSID
   !- Enable band-select
   band-select
   !- Jump out of (config-ssid)# back to (config)#
   exit
!- OPTIONAL <End Section> band-select

!- Jump out of (config)# back to enable prompt>
exit
!- Save changes to startup-config
copy running-config startup-config

Configuration Script Only – (No Commentary)

!- Configure WAP with an SSID called: MySSID
!- with WPA2 encryption & Pass Key: TheSuperSecretP@55w0rd
!- enabled on 2.4ghz & 5ghz with "band-select" set

dot11 ssid MySSID
authentication open
authentication key-management wpa version 2
wpa-psk ascii TheSuperSecretP@55word
guest-mode
band-select
exit

interface Dot11Radio 0
encryption mode ciphers aes-ccm
ssid MySSID
no shutdown

interface Dot11Radio 1
encryption mode ciphers aes-ccm
ssid MySSID
no shutdown
exit

dot11 ssid MySSID
band-select
exit
exit

Result:

1. Your devices should now be able to see an SSID called MySSID and connect to it using the password: TheSuperSecretP@55w0rd

Further Considerations:

1. About “band-select” : With a single SSID brodacsting on both 2.4 and 5 ghz you typically, cannot explicitly force devices to use a specific band. So you may therefore have devices capable of both bands using the 2.4 ghz band instead of the less congested 5 ghz.
   
   Interesting fact: Microwave ovens use the 2.4ghz band so when you heat food your 2.4ghz wifi gets cutoff. Why? because the microwave oven at 1000 watts of power overwhelms your wifi which only uses milliwatts of energy… That means your 2.4ghz WAP only transmits at 1/1,000,000th the energy and so even a bit of microwave evenergy leakage will affect it. Read more about it here.
   
   Consider therefore to:
   • Only enable the 5ghz band. Obviously your 2.4 ghz devices will no longer be connected.
   • Force the device to prefer the 5ghz band by setting that preference on the wireless network card
     • See: Force 5 GHz Band on Windows Machines
   • Enable “band-select” on the SSID to make the 2.4 ghz band “less desirable” so wireless devices will “most likely” use the 5 ghz band. This only has an effect if you have both 2.4ghz & 5ghz radios enabled.
     • e.g. Enable band-select on MySSID using its default parameters
       • (config)# dot11 ssid MySSID
       • (config-ssid)# band-select
     • e.g. Display status/settings of band-select
       • > show band-select
     • See: Cisco documentation on Band-Select (for Autonomous Access Points)
   • Band-Select works by making the 2.4ghz radio respond to a connection request slower than the 5ghz radio.
   • Also it depends on your operating system. Windows 10 for example relies on the settings on the band preference of the wireless card itself. Setting this on the computer is a better guarantee that 5ghz will be selected.