Cisco 1841w config help

Unanswered Question
Dec 13th, 2007

Hi, I'm getting a 1841w. I've had non wireless 1841's and configured them fine in VPN mode to our HQ. I want to give a remote office wireless access and can't find any examples as I want to configure this as soon as I get it.

I would at first just like to turn on wireless and use WPA or WPA2 with AES and just bridge it and get the wireless users to get the same DHCP IP range as the LAN users, so does anyone have an example to configure all this.

One all this is working I was also wondering if I can get users to authenticate against a RADIUS server over the VPN at the HQ?

I have a Cisco 877w and can't figure out the above on this and again no examples anywhere.

I hope some can help, I have looked for examples with no luck.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
Paolo Bevilacqua Thu, 12/13/2007 - 12:53

Hi, the "trick" is using BVI interface:

dot11 ssid mycisco

authentication open

guest-mode

!

!

bridge irb

!

interface Dot11Radio0

no ip address

!

encryption key 1 size 40bit 7 D6756456A16B transmit-key

!

ssid mycisco

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2462

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.0.97.1 255.255.255.0

ip nat inside

bridge 1 route ip

Hope this helps, please rate post if it does!

whiteford Thu, 12/13/2007 - 14:17

What is the bvi interface?

Can the wireless ip use my vlan ip or do I remove this and use bvi?

Can radius be used over vpn?

Please answer all these, and many thanks in advance.

Paolo Bevilacqua Fri, 12/14/2007 - 08:29

Hi,

I understand that you guys are collectively using that account and more often than not, repeat the same questions or themes.

Now in this case I gave you a configuration example but it seems that because of lack of the basics to understand how a configuration works, immutably any answer just cause more questions.

Really at some point I think that first of all, you should use a separate account for each individual of "whiteford", and then study the documentation to understand what you are doing, what is a BIV interface, etc, etc. so you can depend less by others.

Good luck!

whiteford Fri, 12/14/2007 - 08:36

I think we collectively can find your explanations very confusing and sometimes only half answered. It's funny how that we all agree on this here. Please don't answer otherwise, we are all hear to learn.

You assume I think we are at all the same level.

That's we we hardly rate your answers unlike other guys great answers. i don't want to sound mean, but honest.

At the end of the day we just want answers and we only do this once we have searched the net and Cisco, this is normally a last resort.

jamesgonzo Fri, 12/14/2007 - 08:59

I agree with both. Makes sense to have an account each, just take 5 mins to register the accounts.

But I agree the answers to be better sometimes, I would prefer to see the whole config, and I see you asked a couple of other questions that have been missed (half answered). However I can't answer these for you. I'm sure you could use RADIUS if it can be contacted though.

Paolo Bevilacqua Fri, 12/14/2007 - 09:29

We can surely agree to disagree on your approach and attitude to the NetPro forum.

It is also a matter of trust in the answers received, for case in question I gave you a working config, if there was a way to bridge lan and wlan without BVI, I would have told you so, now why the BVI must be be used can be discussed, but after you have read the documentation first. Beside, there are config examples on CCO that covers most of the situations you repeatedly ask about.

Also certainly it would be more motivating for the many people that helps here, to know the individual he/she is replying to, for an amicable interaction naming each individual that participates.

As I said, you're perfectly welcome to disagree on all that. I didn't low rated your post above, like it has done to mine, because I use a different approach to the rating system from the one you appear to have.

Good luck.

whiteford Fri, 12/14/2007 - 09:46

You are right we will have to disagree. You once again failed fully read my post as we failed to find the correct documentation so we post questions, if our questions are not valid the ignore them and let others help who can and let others benefit who might be having similar issues.

Please be more professional in your conduct here like me and others.

Oh and merry xmas.

Actions

This Discussion