Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

How to secure wireless network

Hi all,

I've got a Cisco 871 wireless router.  I've got most of it configured using SDM.  The only thing I'm unable to do is secure the wireless network.  I've put a WPA key in where I think it should go but it still shows up as an unsecured network.  

Here's a copy of the config.  If anyone has a command or instruction how to do it in SDM, I'd greatly appreciate it.  


sh run
Building configuration...
Current configuration : 5583 bytes
!
! Last configuration change at 12:01:22 PCTime Thu Dec 24 2009 by administrator
! NVRAM config last updated at 11:48:39 PCTime Thu Dec 24 2009 by administrator
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ciscowireless
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
 --More--         logging console critical
enable secret 5 $1$TyD1$WNZyQJgoXjAje928BCEGj.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.44.1.1 10.44.1.99
ip dhcp excluded-address 10.44.1.131 10.44.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 10.44.1.0 255.255.255.0
   dns-server 192.168.168.179
   default-router 10.44.1.1
!
!
 --More--         ip tcp synwait-time 10
ip domain name cms.local
ip name-server 192.168.168.179
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3841103926
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3841103926
 revocation-check none
 rsakeypair TP-self-signed-3841103926
!
!
crypto pki certificate chain TP-self-signed-3841103926
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383431 31303339 3236301E 170D3032 30333031 30303538
  31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38343131
  30333932 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C8DF E942156D EF9DCA12 160073C5 25C3E272 92193D16 D371F8D4 5C12CE11
 --More--           6A57DD2B 9271C6A4 69450CD6 28B0306F 0D1B157E D758625E 38DC551A B8E91DA4
  BFE8F95F B37D3BFC 40AB4A3D 187D119E 5E6A924C 3C3BA345 152DCE8E 0A316245
  67F76B03 2BA2093B 99B8D37F 7E4B96C7 F0EF79C9 9A99F497 7447FA2F E074BDB0
  E34F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 14AC346D BEBEEA64 689F56AE 8C2FB9AC 869F3CC5
  1C301D06 03551D0E 04160414 AC346DBE BEEA6468 9F56AE8C 2FB9AC86 9F3CC51C
  300D0609 2A864886 F70D0101 04050003 8181005B 8BCB6196 64509B44 F78EEE3B
  A9F96AD8 8D2B9D6E 0D97C1A3 283E14CA 8F004685 0D2E89FE BA289336 40C605B7
  9674A37B 0039B984 BB073194 A29A5D4C 79FDB677 32E3A71E 5B011DD5 D266D619
  99205D9E 2887E18A 6439EC25 00F63839 2814E239 B6D48244 524347C2 9205710A
  6A13F485 8FCBB6A3 21FE9C06 17E6DEBC 250039
  quit
username administrator privilege 15 secret 5 $1$awfJ$fqhvuLDY8I8ukpQUoFMNT1
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
 --More--         interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 192.168.168.90 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 !
 ssid CMSUK
    authentication open
    guest-mode
    wpa-psk ascii 7 073C345C4F5B495447
 !
 --More--          speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface BVI1
 description $ES_LAN$
 ip address 10.44.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.0.0 192.168.168.1
!
!
ip http server
 --More--         ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.44.1.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and
 --More--         it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
 --More--         line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
ciscowireless#

0
Darylx
Asked:
Darylx
  • 2
2 Solutions
 
DCMBSCommented:
Have a look at the following link.  It has a downloadable template for setting up the 871W.  It should show you how todo the security settings.

http://downloads.techrepublic.com.com/abstract.aspx?docid=243375&tag=leftCol%3BarticleText
0
 
Istvan KalmarSenior Network EngineerCommented:
Hi this line that you need:

interface Dot11Radio0
 no ip address
 !
 ssid CMSUK
    authentication open
    guest-mode
    authentication key-management wpa
    wpa-psk ascii 7 073C345C4F5B495447
   
0
 
DarylxAuthor Commented:
Hi, thank you for the replies.  I'm away from work until the new year so I'll try it then.

thanks again and Happy New Year!!
0
 
Istvan KalmarSenior Network EngineerCommented:
your Welcome:)

Happy New Year!!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now