Solved

Basic Cisco AP config using WPA

Posted on 2008-09-29
10
1,286 Views
Last Modified: 2013-11-09
Does anyone have a basic config for a Cisco 1131? I want to setup WPA on it, but am not familiar with setting up a Cisco AP, just the Linksys AP's.
0
Comment
Question by:judsoncollege
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22598214

To setup WPA with a preshared key, you need the following commands:
dot11 ssid <enter your ssid name here>
authentication open
authentication key-management wpa
wpa-psk ascii <enter your password here>
! generate keys for encryption
crypto rsa key generate mod 1024

! now tell your wireless interface X to use this ssid -
! replace X with your interface ID, usually 0
interface Dot11RadioX
ssid <enter your ssid name here>
encryption mode ciphers tkip

Let me know if that helps!

Note that the cipher is TKIP, not AES.
0
 

Author Comment

by:judsoncollege
ID: 22599242
I think I may not have given a good description of what I was looking for. This is awesome, but I also need the rest of the configuration to make it work on a network. So, since I am starting from scratch, what else do I need in the configuration to make the AP work on a network. Let's assume a class C network. Thanks.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599606
Ooooohhh... can you please post your current config?
0
 

Author Comment

by:judsoncollege
ID: 22599637
No current config. Setting it up from scratch. I have never setup a wireless AP from Cisco before so I am not sure where to start. All I know is I want to use WPA on a class C network and might want to hide the SSID.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599659
Oh wow. Do you know to work other Cisco stuff just so I know how you stand on playing with IOS?
0
 

Author Comment

by:judsoncollege
ID: 22599676
Yes, I do have experience on a few of the Cisco switches.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599720
Good. that's all I wanted to know. Give me a little bit to come up with a config. Do you want the AP to have a static IP or a DHCP assigned one? I recommend static for easy management. Also, what's the default gateway the AP and clients will be using and what is the IP address range and subnet mask of the network. If you want the AP to have a static IP (recommended!) then let me know what you want that to be.
I assume you have no interest in VLANs because this is a small setup?
0
 

Author Comment

by:judsoncollege
ID: 22600187
Yes, static. Here is the rest of the info:

AP IP address: 192.168.120.5
Gateway: 192.168.120.1
IP Range: 192.168.120.40 - 100  (I would like to have my server hand out DHCP)
Subnet mask: 255.255.255.0
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22602442
I just asked for the IP range because I wanted to make sure I didn't create any conflicts with the DHCP scope.
Your config is attached! Be sure to RECORD ALL INFORMATION YOU REPLACE (AKA passwords, usernames, etc.)
Replace all values I have in  < > with your values.
I went ahea and configured time settings with Central time because that's where you are.
Use the info you provice in the username line to login with SSH, telnet, or by accessing the access point by https://192.168.120.5
This config sets up WPA security. You provide the password.
Let me know if this works! Enjoy!

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname <enter unique hostname here>

!

logging buffered 8192 debugging

enable secret 0 <enable secret password>

!

clock timezone CST -6

clock summer-time CDT recurring

ip subnet-zero

ip domain name <enter domain name here - if you have an AD domain use it and add this device to it's DNS with the hostname used above>

!

!

aaa new-model

!

!

aaa authentication login eap_methods local

aaa authentication login mac_methods local

aaa authorization exec default local 

!

aaa session-id common

!

username <admin username> privilege 15 password 0 <admin password>

!

dot11 ssid <your SSID here>

   authentication open 

   authentication key-management wpa

   infrastructure-ssid optional

   wpa-psk ascii 0 <enter your password here>

!

dot11 network-map

dot11 phone

!

crypto rsa key generate mod 1024

!

bridge irb

!

interface Dot11Radio0

 no ip address

 no ip route-cache

 !

 encryption mode ciphers tkip  

 !

 ssid <your SSID used above goes here too>

 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

 packet retries 32

 fragment-threshold 2338

 station-role root access-point

 rts threshold 2339

 rts retries 32

 cca 75

 cdp enable

 infrastructure-client

 bridge-group 1

 bridge-group 1 subscriber-loop-control

 bridge-group 1 block-unknown-source

 no bridge-group 1 source-learning

 no bridge-group 1 unicast-flooding

 bridge-group 1 spanning-disabled

!

interface FastEthernet0

 no ip address

 no ip route-cache

 duplex auto

 speed auto

 bridge-group 1

 no bridge-group 1 source-learning

 bridge-group 1 spanning-disabled

!

interface BVI1

 ip address 192.168.120.5 255.255.255.0 

 no ip route-cache

!

ip default-gateway 192.168.120.1

no ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100

no snmp-server community

no snmp-server enable
 

control-plane

bridge 1 route ip

!

line con 0

 terminal-type teletype

 transport preferred all

 transport output all

line vty 0 4

 terminal-type teletype

 transport preferred all

 transport input all

 transport output all

line vty 5 15

 terminal-type teletype

 transport preferred all

 transport input all

 transport output all

!

end

Open in new window

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now