Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1656
  • Last Modified:

Setting up WiFi on Cisco 871

I have been trying to set up the WiFi on my Cisco 871W router. Its pretty confusing. I know its probably becuase Im more used to simple SOHO routers that come free with Broadband providers. I just want my router to broadcasd an SSID and on connection enter a simple WEP Key then your logged on. Thats all,

Instead there is is dog slow config utility that has just too many settings and configurations.

Is there an IOS command i can just bang in there and get it set up?
All help appreciated.
0
adavir
Asked:
adavir
  • 3
  • 3
1 Solution
 
blue-screenCommented:
There is an enormous amount of power and flexibility in an IOS access point.

I recommend using the setup tool that came with the unit, (SDM?)

If you like you can try installing the new CCP config software (www.cisco.com/go/ccp) which is supposed to be better than the integrated SDM.

Config snippets from my access point (not a router).  Drop the Bridge-group and BVI stuff for a router.

dot11 ssid MyNetwork
   authentication open
   guest-mode

interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption key 1 size 128bit <key> transmit-key
 encryption mode wep mandatory
 !
 ssid MyNetwork
 !
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled

interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address x.x.x.x 255.255.255.0
 no ip route-cache
0
 
adavirAuthor Commented:
RIght, after leaving it for several months i have revisited the issue. Its still mind boggling.

Router IP is 179.168.10.1 which is the IP i use to access the router, i have enabled SSID broadcase on VLAN with IP address 179.168.40.1.

The SSID broadcasts fine and i can authenticate, but the DHCP IP Address is not being retrieved by my device. I have even configured a pool to map directly to the parameters I have set but still no joy.

My network runs on subnet 255.255.0.0.


HARVARD_SW#show running-config
Building configuration...
 
Current configuration : 11414 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname HARVARD_SW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$n/Jk$YZC3PyqPRRadgYjBn9ECa/
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2635954892
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2635954892
 revocation-check none
 rsakeypair TP-self-signed-2635954892
!
!
crypto pki certificate chain TP-self-signed-2635954892
 certificate self-signed 01
  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32363335 39353438 3932301E 170D3032 30333031 30303539
  35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333539
  35343839 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E591 90839613 A41FEDDA 2705E074 BAC08577 0C831372 17B62FCF 923ED8A2
  39029C1E DB512D84 5DA36439 FF7BFCEF 728900A5 71C8E706 85D454AC 7779F495
  F16E6D3C 6DAF0289 6993483B 616C1E4B CB9892CA 1542DBA3 58E5B245 3A050262
  0512D3BF DF7BC39E 95337BB4 35D1D9AE C3E35CF7 12998171 CAB2D77C C3D67695
  145D0203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
  551D1104 1D301B82 19484152 56415244 5F53572E 48415256 41524444 4E532E43
  4F4D301F 0603551D 23041830 1680148F 9D70E40C 97C6FC29 8BBDD674 3629881E
  3FAFA230 1D060355 1D0E0416 04148F9D 70E40C97 C6FC298B BDD67436 29881E3F
  AFA2300D 06092A86 4886F70D 01010405 00038181 008210DD B9D320F5 7112FC0F
  43AF66C6 6625296E 28BF7585 F0C9C11F 4495BCD9 7A9C9562 5400D716 01995249
  71EFB267 6F5D029E F4F4BF69 BCBBBB8B 8C806426 2CBFD03D 98F984B3 B7BF9C64
  EB3219EC 404B392E 4909FB24 CB518BB8 6456AEFD E7716647 10A45E01 79D8C8D3
  D014C154 5EABACD7 297B4B3A 6C10DBA7 5A6C5444 D0
        quit
dot11 syslog
dot11 vlan-name WiFiVLan vlan 1
!
dot11 ssid HARVARDWiFi
   max-associations 25
   authentication open
   guest-mode
   mbssid guest-mode
   infrastructure-ssid optional
   wpa-psk ascii 7 12110405040A1E003D2E26
!
dot11 ssid HARVARD_WiFi
   vlan 1
   authentication open
   guest-mode
!
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 179.168.0.1 179.168.40.9
ip dhcp excluded-address 179.168.41.0 179.168.255.254
ip dhcp excluded-address 179.0.0.1 179.168.6.29
ip dhcp excluded-address 179.168.6.61 179.255.255.254
!
ip dhcp pool WiFiPool
   import all
   network 179.168.0.0 255.255.0.0
   domain-name HARVARD.COM
   dns-server 179.168.6.250
   default-router 179.168.40.1
!
ip dhcp pool Standard
   import all
   network 179.0.0.0 255.0.0.0
   domain-name HARVARD.COM
   dns-server 179.168.6.250 62.231.32.10
   default-router 179.168.10.1
   lease infinite
!
!
ip port-map user-DEV_1 port tcp 64039 list 2 description Web Devel Port 1
ip port-map user-RDP port tcp 3389 description Remote Desktop
no ip bootp server
ip domain name HARVARDDNS.COM
ip name-server 179.168.6.250
ip name-server 62.231.32.10
!
parameter-map type regex sdm-regex-nonascii
 pattern [^\x00-\x80]
 
!
!
username admin privilege 15 secret 5 $1$lwjB$5FL7Jgjvv8Z8Wf..1x40U0
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_HTTPS
 match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
 match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
 match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
 match class-map SDM_HTTPS
 match class-map SDM_SSH
 match class-map SDM_SHELL
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any Services
 match class-map SDM_GRE
class-map type inspect match-all sdm-cls--1
 match class-map Services
 match access-group name All
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any FTP_Serv
 match protocol ftp
 match protocol ftps
 match protocol kermit
 match protocol uucp
 match protocol tftp
 match protocol nfs
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any DEV_1
 match protocol user-DEV_1
class-map type inspect match-any FTP
 match protocol ftp
 match protocol ftps
class-map type inspect match-any RDP
 match protocol user-RDP
class-map type inspect match-any Email
 match protocol smtp
 match protocol pop3
class-map type inspect match-all sdm-access
 match class-map sdm-cls-access
 match access-group 101
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
 match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-inspect
 class type inspect sdm-insp-traffic
  inspect
 class type inspect FTP
  inspect
 class type inspect sdm-protocol-http
  inspect
 class type inspect SDM-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect sdm-permit
 class type inspect sdm-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-policy-sdm-cls--1
 class type inspect DEV_1
  inspect
 class type inspect Email
  inspect
 class type inspect FTP_Serv
  inspect
 class type inspect RDP
  inspect
 class type inspect sdm-cls--1
  inspect
 class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-zone-in-zone source out-zone destination in-zone
 service-policy type inspect sdm-policy-sdm-cls--1
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
 ip address 179.169.11.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 ip route-cache flow
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 !
 
 encryption key 1 size 40bit 7 0CD8B692F64B transmit-key
 encryption mode wep mandatory
 !
 encryption vlan 1 mode wep mandatory
 !
 ssid HARVARD_WiFi
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
 bridge-group 200
 bridge-group 200 subscriber-loop-control
 bridge-group 200 spanning-disabled
 bridge-group 200 block-unknown-source
 no bridge-group 200 source-learning
 no bridge-group 200 unicast-flooding
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 179.168.10.1 255.255.0.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1412
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 179.169.11.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 179.168.6.252 64001 interface FastEthernet4 6400
1
ip nat inside source static tcp 179.168.6.252 3389 interface FastEthernet4 3389
ip nat inside source static tcp 179.168.6.252 25 interface FastEthernet4 25
ip nat inside source static tcp 179.168.6.252 64039 interface FastEthernet4 6403
9
!
ip access-list extended All
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended SDM_GRE
 remark SDM_ACL Category=0
 permit gre any any
ip access-list extended SDM_HTTPS
 remark SDM_ACL Category=1
 permit tcp any any eq 443
ip access-list extended SDM_SHELL
 remark SDM_ACL Category=1
 permit tcp any any eq cmd
ip access-list extended SDM_SSH
 remark SDM_ACL Category=1
 permit tcp any any eq 22
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 179.168.0.0 0.0.255.255
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 179.168.6.252
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip any any
no cdp run
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
 
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Open in new window

0
 
blue-screenCommented:
Usually a DHCP failure us a Crypto/auth failure.  If you set a static IP address, does it work?  Which SSID are you using, HarvardWifi (WPA) or Harvard_WiFi (WEP)?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
adavirAuthor Commented:
Yes, I thought the same so I set it unsecured, connected fine and once again no IP. Also when I set the IP statically i still not get network access.

in accordance with the manuals, i have everything set up correctly.

thanks
0
 
blue-screenCommented:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html


If you run debug ip dhcp server events  or debug ip dhcp server packets, what do you see?  Are the DISCOVER packets seen?
0
 
adavirAuthor Commented:
Not really a solution, its a point in the same direction I was already in. Thanks though
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now