Solved

Basic Cisco AP config using WPA

Posted on 2008-09-29
10
1,296 Views
Last Modified: 2013-11-09
Does anyone have a basic config for a Cisco 1131? I want to setup WPA on it, but am not familiar with setting up a Cisco AP, just the Linksys AP's.
0
Comment
Question by:judsoncollege
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22598214

To setup WPA with a preshared key, you need the following commands:
dot11 ssid <enter your ssid name here>
authentication open
authentication key-management wpa
wpa-psk ascii <enter your password here>
! generate keys for encryption
crypto rsa key generate mod 1024

! now tell your wireless interface X to use this ssid -
! replace X with your interface ID, usually 0
interface Dot11RadioX
ssid <enter your ssid name here>
encryption mode ciphers tkip

Let me know if that helps!

Note that the cipher is TKIP, not AES.
0
 

Author Comment

by:judsoncollege
ID: 22599242
I think I may not have given a good description of what I was looking for. This is awesome, but I also need the rest of the configuration to make it work on a network. So, since I am starting from scratch, what else do I need in the configuration to make the AP work on a network. Let's assume a class C network. Thanks.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599606
Ooooohhh... can you please post your current config?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:judsoncollege
ID: 22599637
No current config. Setting it up from scratch. I have never setup a wireless AP from Cisco before so I am not sure where to start. All I know is I want to use WPA on a class C network and might want to hide the SSID.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599659
Oh wow. Do you know to work other Cisco stuff just so I know how you stand on playing with IOS?
0
 

Author Comment

by:judsoncollege
ID: 22599676
Yes, I do have experience on a few of the Cisco switches.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599720
Good. that's all I wanted to know. Give me a little bit to come up with a config. Do you want the AP to have a static IP or a DHCP assigned one? I recommend static for easy management. Also, what's the default gateway the AP and clients will be using and what is the IP address range and subnet mask of the network. If you want the AP to have a static IP (recommended!) then let me know what you want that to be.
I assume you have no interest in VLANs because this is a small setup?
0
 

Author Comment

by:judsoncollege
ID: 22600187
Yes, static. Here is the rest of the info:

AP IP address: 192.168.120.5
Gateway: 192.168.120.1
IP Range: 192.168.120.40 - 100  (I would like to have my server hand out DHCP)
Subnet mask: 255.255.255.0
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22602442
I just asked for the IP range because I wanted to make sure I didn't create any conflicts with the DHCP scope.
Your config is attached! Be sure to RECORD ALL INFORMATION YOU REPLACE (AKA passwords, usernames, etc.)
Replace all values I have in  < > with your values.
I went ahea and configured time settings with Central time because that's where you are.
Use the info you provice in the username line to login with SSH, telnet, or by accessing the access point by https://192.168.120.5
This config sets up WPA security. You provide the password.
Let me know if this works! Enjoy!

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <enter unique hostname here>
!
logging buffered 8192 debugging
enable secret 0 <enable secret password>
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
ip domain name <enter domain name here - if you have an AD domain use it and add this device to it's DNS with the hostname used above>
!
!
aaa new-model
!
!
aaa authentication login eap_methods local
aaa authentication login mac_methods local
aaa authorization exec default local 
!
aaa session-id common
!
username <admin username> privilege 15 password 0 <admin password>
!
dot11 ssid <your SSID here>
   authentication open 
   authentication key-management wpa
   infrastructure-ssid optional
   wpa-psk ascii 0 <enter your password here>
!
dot11 network-map
dot11 phone
!
crypto rsa key generate mod 1024
!
bridge irb
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip  
 !
 ssid <your SSID used above goes here too>
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 packet retries 32
 fragment-threshold 2338
 station-role root access-point
 rts threshold 2339
 rts retries 32
 cca 75
 cdp enable
 infrastructure-client
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.120.5 255.255.255.0 
 no ip route-cache
!
ip default-gateway 192.168.120.1
no ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
no snmp-server community
no snmp-server enable
 
control-plane
bridge 1 route ip
!
line con 0
 terminal-type teletype
 transport preferred all
 transport output all
line vty 0 4
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
!
end

Open in new window

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have had so many issues with my Vodafone 3G card (Novatel Merlin u630, provided by French carrier SFR) on Windows XP laptops that I thought I would create an help page for other users (I solved the issues). First issue, with my IBM/Lenovo lapto…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question