Wireless Networking – Is It Possible to Set Up Multiple Networks on a Single Access Point

access-pointieee 802.11routingwireless

On my quest to understand what AP is and how it works, I came across article that says this:

Most often, there are different BSSIDs on an access point for each
WLAN configured on a radio. If you have an access point with 2 radios
and 32 WLANs configured on each, you would have 64 BSSIDs plus the
base access point BSSID. To accommodate the multiple BSSIDs, each
access point is assigned a unique block of 64 MAC addresses. Each
radio has 32 MAC addresses and supports up to 32 service set
identifiers (SSIDs), with one MAC address assigned to each SSID as a
basic service set identification (BSSID). All MAC addresses for an
access point are assigned based on the base MAC address of the access
point.

Source Link: https://www.juniper.net/techpubs/en_US/network-director1.5/topics/concept/wireless-ssid-bssid-essid.html#jd0e47

My Confusion:
I just cannot understand that.I thought each AP has one MAC address (BSSID), but above it says "each access point is assigned a unique block of 64 MAC addresses"? And what does radio mean in the above context?

Best Answer

As put in Cisco Networking for Dummies article on Multiple SSIDs with a Single Access Point (AP) (link)

The Service Set Identifier (SSID) defines what is thought of as the wireless network. So if you have an SSID that is called Apple and your neighbor’s SSID is called Orange, people can connect to either the Apple or Orange wireless network. You would expect that the Apple wireless network is not connected to the same wired network as the Orange wireless network.

So you can mistakenly think of those two SSIDs being associated with different physical networks.

In addition to multiple access points broadcasting or using the same SSID, a single access point can also use multiple SSIDs. Granted, using multiple SSIDs makes sense only if the AP allows you to map each one to a different network connection. This mapping would typically be accomplished through the use of VLAN tagging.

If the user’s device associates with a particular SSID, this traffic is then passed to the network switch destined for a specific VLAN. This switch allows each network to have a different set of security standards surrounding it.

For example, you may have a wireless network, CorpSSID, which uses certificate-based authentication via WPA2 and AES encryption while using the same APs to provide a second wireless network, GuestSSID, which uses only WEP.

Even though you are providing two wireless networks, you can isolate guest traffic from the rest of the corporate network and allow the guest devices to use only some services, such as allowing them through the firewall to get out to the Internet on ports 80 and 443.

Related Topic