Solved

Basic Cisco AP config using WPA

Posted on 2008-09-29
10
1,295 Views
Last Modified: 2013-11-09
Does anyone have a basic config for a Cisco 1131? I want to setup WPA on it, but am not familiar with setting up a Cisco AP, just the Linksys AP's.
0
Comment
Question by:judsoncollege
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22598214

To setup WPA with a preshared key, you need the following commands:
dot11 ssid <enter your ssid name here>
authentication open
authentication key-management wpa
wpa-psk ascii <enter your password here>
! generate keys for encryption
crypto rsa key generate mod 1024

! now tell your wireless interface X to use this ssid -
! replace X with your interface ID, usually 0
interface Dot11RadioX
ssid <enter your ssid name here>
encryption mode ciphers tkip

Let me know if that helps!

Note that the cipher is TKIP, not AES.
0
 

Author Comment

by:judsoncollege
ID: 22599242
I think I may not have given a good description of what I was looking for. This is awesome, but I also need the rest of the configuration to make it work on a network. So, since I am starting from scratch, what else do I need in the configuration to make the AP work on a network. Let's assume a class C network. Thanks.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599606
Ooooohhh... can you please post your current config?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:judsoncollege
ID: 22599637
No current config. Setting it up from scratch. I have never setup a wireless AP from Cisco before so I am not sure where to start. All I know is I want to use WPA on a class C network and might want to hide the SSID.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599659
Oh wow. Do you know to work other Cisco stuff just so I know how you stand on playing with IOS?
0
 

Author Comment

by:judsoncollege
ID: 22599676
Yes, I do have experience on a few of the Cisco switches.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599720
Good. that's all I wanted to know. Give me a little bit to come up with a config. Do you want the AP to have a static IP or a DHCP assigned one? I recommend static for easy management. Also, what's the default gateway the AP and clients will be using and what is the IP address range and subnet mask of the network. If you want the AP to have a static IP (recommended!) then let me know what you want that to be.
I assume you have no interest in VLANs because this is a small setup?
0
 

Author Comment

by:judsoncollege
ID: 22600187
Yes, static. Here is the rest of the info:

AP IP address: 192.168.120.5
Gateway: 192.168.120.1
IP Range: 192.168.120.40 - 100  (I would like to have my server hand out DHCP)
Subnet mask: 255.255.255.0
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22602442
I just asked for the IP range because I wanted to make sure I didn't create any conflicts with the DHCP scope.
Your config is attached! Be sure to RECORD ALL INFORMATION YOU REPLACE (AKA passwords, usernames, etc.)
Replace all values I have in  < > with your values.
I went ahea and configured time settings with Central time because that's where you are.
Use the info you provice in the username line to login with SSH, telnet, or by accessing the access point by https://192.168.120.5
This config sets up WPA security. You provide the password.
Let me know if this works! Enjoy!

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <enter unique hostname here>
!
logging buffered 8192 debugging
enable secret 0 <enable secret password>
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
ip domain name <enter domain name here - if you have an AD domain use it and add this device to it's DNS with the hostname used above>
!
!
aaa new-model
!
!
aaa authentication login eap_methods local
aaa authentication login mac_methods local
aaa authorization exec default local 
!
aaa session-id common
!
username <admin username> privilege 15 password 0 <admin password>
!
dot11 ssid <your SSID here>
   authentication open 
   authentication key-management wpa
   infrastructure-ssid optional
   wpa-psk ascii 0 <enter your password here>
!
dot11 network-map
dot11 phone
!
crypto rsa key generate mod 1024
!
bridge irb
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip  
 !
 ssid <your SSID used above goes here too>
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 packet retries 32
 fragment-threshold 2338
 station-role root access-point
 rts threshold 2339
 rts retries 32
 cca 75
 cdp enable
 infrastructure-client
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.120.5 255.255.255.0 
 no ip route-cache
!
ip default-gateway 192.168.120.1
no ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
no snmp-server community
no snmp-server enable
 
control-plane
bridge 1 route ip
!
line con 0
 terminal-type teletype
 transport preferred all
 transport output all
line vty 0 4
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
!
end

Open in new window

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question