asked on

How to secure wireless network

Hi all,

I've got a Cisco 871 wireless router. I've got most of it configured using SDM. The only thing I'm unable to do is secure the wireless network. I've put a WPA key in where I think it should go but it still shows up as an unsecured network.

Here's a copy of the config. If anyone has a command or instruction how to do it in SDM, I'd greatly appreciate it.

sh run
Building configuration...
Current configuration : 5583 bytes
!
! Last configuration change at 12:01:22 PCTime Thu Dec 24 2009 by administrator
! NVRAM config last updated at 11:48:39 PCTime Thu Dec 24 2009 by administrator
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ciscowireless
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
--More-- logging console critical
enable secret 5 $1$TyD1$WNZyQJgoXjAje928BCEGj.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.44.1.1 10.44.1.99
ip dhcp excluded-address 10.44.1.131 10.44.1.254
!
ip dhcp pool sdm-pool1
import all
network 10.44.1.0 255.255.255.0
dns-server 192.168.168.179
default-router 10.44.1.1
!
!
--More-- ip tcp synwait-time 10
ip domain name cms.local
ip name-server 192.168.168.179
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3841103926
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3841103926
revocation-check none
rsakeypair TP-self-signed-3841103926
!
!
crypto pki certificate chain TP-self-signed-3841103926
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383431 31303339 3236301E 170D3032 30333031 30303538
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38343131
30333932 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8DF E942156D EF9DCA12 160073C5 25C3E272 92193D16 D371F8D4 5C12CE11
--More-- 6A57DD2B 9271C6A4 69450CD6 28B0306F 0D1B157E D758625E 38DC551A B8E91DA4
BFE8F95F B37D3BFC 40AB4A3D 187D119E 5E6A924C 3C3BA345 152DCE8E 0A316245
67F76B03 2BA2093B 99B8D37F 7E4B96C7 F0EF79C9 9A99F497 7447FA2F E074BDB0
E34F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14AC346D BEBEEA64 689F56AE 8C2FB9AC 869F3CC5
1C301D06 03551D0E 04160414 AC346DBE BEEA6468 9F56AE8C 2FB9AC86 9F3CC51C
300D0609 2A864886 F70D0101 04050003 8181005B 8BCB6196 64509B44 F78EEE3B
A9F96AD8 8D2B9D6E 0D97C1A3 283E14CA 8F004685 0D2E89FE BA289336 40C605B7
9674A37B 0039B984 BB073194 A29A5D4C 79FDB677 32E3A71E 5B011DD5 D266D619
99205D9E 2887E18A 6439EC25 00F63839 2814E239 B6D48244 524347C2 9205710A
6A13F485 8FCBB6A3 21FE9C06 17E6DEBC 250039
quit
username administrator privilege 15 secret 5 $1$awfJ$fqhvuLDY8I8ukpQUoFMNT1
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
--More-- interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address 192.168.168.90 255.255.255.0
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid CMSUK
authentication open
guest-mode
wpa-psk ascii 7 073C345C4F5B495447
!
--More-- speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 10.44.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip route 0.0.0.0 0.0.0.0 192.168.168.1
!
!
ip http server
--More-- ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.44.1.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
--More-- it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
--More-- line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
ciscowireless#

ASKER CERTIFIED SOLUTION