Solved

Basic Cisco AP config using WPA

Posted on 2008-09-29
10
1,288 Views
Last Modified: 2013-11-09
Does anyone have a basic config for a Cisco 1131? I want to setup WPA on it, but am not familiar with setting up a Cisco AP, just the Linksys AP's.
0
Comment
Question by:judsoncollege
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22598214

To setup WPA with a preshared key, you need the following commands:
dot11 ssid <enter your ssid name here>
authentication open
authentication key-management wpa
wpa-psk ascii <enter your password here>
! generate keys for encryption
crypto rsa key generate mod 1024

! now tell your wireless interface X to use this ssid -
! replace X with your interface ID, usually 0
interface Dot11RadioX
ssid <enter your ssid name here>
encryption mode ciphers tkip

Let me know if that helps!

Note that the cipher is TKIP, not AES.
0
 

Author Comment

by:judsoncollege
ID: 22599242
I think I may not have given a good description of what I was looking for. This is awesome, but I also need the rest of the configuration to make it work on a network. So, since I am starting from scratch, what else do I need in the configuration to make the AP work on a network. Let's assume a class C network. Thanks.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599606
Ooooohhh... can you please post your current config?
0
 

Author Comment

by:judsoncollege
ID: 22599637
No current config. Setting it up from scratch. I have never setup a wireless AP from Cisco before so I am not sure where to start. All I know is I want to use WPA on a class C network and might want to hide the SSID.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599659
Oh wow. Do you know to work other Cisco stuff just so I know how you stand on playing with IOS?
0
 

Author Comment

by:judsoncollege
ID: 22599676
Yes, I do have experience on a few of the Cisco switches.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599720
Good. that's all I wanted to know. Give me a little bit to come up with a config. Do you want the AP to have a static IP or a DHCP assigned one? I recommend static for easy management. Also, what's the default gateway the AP and clients will be using and what is the IP address range and subnet mask of the network. If you want the AP to have a static IP (recommended!) then let me know what you want that to be.
I assume you have no interest in VLANs because this is a small setup?
0
 

Author Comment

by:judsoncollege
ID: 22600187
Yes, static. Here is the rest of the info:

AP IP address: 192.168.120.5
Gateway: 192.168.120.1
IP Range: 192.168.120.40 - 100  (I would like to have my server hand out DHCP)
Subnet mask: 255.255.255.0
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22602442
I just asked for the IP range because I wanted to make sure I didn't create any conflicts with the DHCP scope.
Your config is attached! Be sure to RECORD ALL INFORMATION YOU REPLACE (AKA passwords, usernames, etc.)
Replace all values I have in  < > with your values.
I went ahea and configured time settings with Central time because that's where you are.
Use the info you provice in the username line to login with SSH, telnet, or by accessing the access point by https://192.168.120.5
This config sets up WPA security. You provide the password.
Let me know if this works! Enjoy!

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname <enter unique hostname here>

!

logging buffered 8192 debugging

enable secret 0 <enable secret password>

!

clock timezone CST -6

clock summer-time CDT recurring

ip subnet-zero

ip domain name <enter domain name here - if you have an AD domain use it and add this device to it's DNS with the hostname used above>

!

!

aaa new-model

!

!

aaa authentication login eap_methods local

aaa authentication login mac_methods local

aaa authorization exec default local 

!

aaa session-id common

!

username <admin username> privilege 15 password 0 <admin password>

!

dot11 ssid <your SSID here>

   authentication open 

   authentication key-management wpa

   infrastructure-ssid optional

   wpa-psk ascii 0 <enter your password here>

!

dot11 network-map

dot11 phone

!

crypto rsa key generate mod 1024

!

bridge irb

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip  

 !

 ssid <your SSID used above goes here too>

 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

 packet retries 32

 fragment-threshold 2338

 station-role root access-point

 rts threshold 2339

 rts retries 32

 cca 75

 cdp enable

 infrastructure-client

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

 bridge-group 1

 no bridge-group 1 source-learning

 bridge-group 1 spanning-disabled

!

interface BVI1

 ip address 192.168.120.5 255.255.255.0 

 no ip route-cache

!

ip default-gateway 192.168.120.1

no ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

no snmp-server community

no snmp-server enable
 

control-plane

bridge 1 route ip

!

line con 0

 terminal-type teletype

 transport preferred all

 transport output all

line vty 0 4

 terminal-type teletype

 transport preferred all

 transport input all

 transport output all

line vty 5 15

 terminal-type teletype

 transport preferred all

 transport input all

 transport output all

!

end

Open in new window

0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now