Solved

Basic Cisco AP config using WPA

Posted on 2008-09-29
10
1,290 Views
Last Modified: 2013-11-09
Does anyone have a basic config for a Cisco 1131? I want to setup WPA on it, but am not familiar with setting up a Cisco AP, just the Linksys AP's.
0
Comment
Question by:judsoncollege
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22598214

To setup WPA with a preshared key, you need the following commands:
dot11 ssid <enter your ssid name here>
authentication open
authentication key-management wpa
wpa-psk ascii <enter your password here>
! generate keys for encryption
crypto rsa key generate mod 1024

! now tell your wireless interface X to use this ssid -
! replace X with your interface ID, usually 0
interface Dot11RadioX
ssid <enter your ssid name here>
encryption mode ciphers tkip

Let me know if that helps!

Note that the cipher is TKIP, not AES.
0
 

Author Comment

by:judsoncollege
ID: 22599242
I think I may not have given a good description of what I was looking for. This is awesome, but I also need the rest of the configuration to make it work on a network. So, since I am starting from scratch, what else do I need in the configuration to make the AP work on a network. Let's assume a class C network. Thanks.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599606
Ooooohhh... can you please post your current config?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:judsoncollege
ID: 22599637
No current config. Setting it up from scratch. I have never setup a wireless AP from Cisco before so I am not sure where to start. All I know is I want to use WPA on a class C network and might want to hide the SSID.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599659
Oh wow. Do you know to work other Cisco stuff just so I know how you stand on playing with IOS?
0
 

Author Comment

by:judsoncollege
ID: 22599676
Yes, I do have experience on a few of the Cisco switches.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22599720
Good. that's all I wanted to know. Give me a little bit to come up with a config. Do you want the AP to have a static IP or a DHCP assigned one? I recommend static for easy management. Also, what's the default gateway the AP and clients will be using and what is the IP address range and subnet mask of the network. If you want the AP to have a static IP (recommended!) then let me know what you want that to be.
I assume you have no interest in VLANs because this is a small setup?
0
 

Author Comment

by:judsoncollege
ID: 22600187
Yes, static. Here is the rest of the info:

AP IP address: 192.168.120.5
Gateway: 192.168.120.1
IP Range: 192.168.120.40 - 100  (I would like to have my server hand out DHCP)
Subnet mask: 255.255.255.0
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22602442
I just asked for the IP range because I wanted to make sure I didn't create any conflicts with the DHCP scope.
Your config is attached! Be sure to RECORD ALL INFORMATION YOU REPLACE (AKA passwords, usernames, etc.)
Replace all values I have in  < > with your values.
I went ahea and configured time settings with Central time because that's where you are.
Use the info you provice in the username line to login with SSH, telnet, or by accessing the access point by https://192.168.120.5
This config sets up WPA security. You provide the password.
Let me know if this works! Enjoy!

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname <enter unique hostname here>
!
logging buffered 8192 debugging
enable secret 0 <enable secret password>
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
ip domain name <enter domain name here - if you have an AD domain use it and add this device to it's DNS with the hostname used above>
!
!
aaa new-model
!
!
aaa authentication login eap_methods local
aaa authentication login mac_methods local
aaa authorization exec default local 
!
aaa session-id common
!
username <admin username> privilege 15 password 0 <admin password>
!
dot11 ssid <your SSID here>
   authentication open 
   authentication key-management wpa
   infrastructure-ssid optional
   wpa-psk ascii 0 <enter your password here>
!
dot11 network-map
dot11 phone
!
crypto rsa key generate mod 1024
!
bridge irb
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip  
 !
 ssid <your SSID used above goes here too>
 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 packet retries 32
 fragment-threshold 2338
 station-role root access-point
 rts threshold 2339
 rts retries 32
 cca 75
 cdp enable
 infrastructure-client
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.120.5 255.255.255.0 
 no ip route-cache
!
ip default-gateway 192.168.120.1
no ip http server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
no snmp-server community
no snmp-server enable
 
control-plane
bridge 1 route ip
!
line con 0
 terminal-type teletype
 transport preferred all
 transport output all
line vty 0 4
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 terminal-type teletype
 transport preferred all
 transport input all
 transport output all
!
end

Open in new window

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bluetooth 2 53
Bluetooth speakers and my laptop 5 64
How to disable the wireless network adapter card from BIOS in Win 10 20 101
Cisco 1830 AP behaving wierdly 7 72
This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question