Is WPA or WPA2 possible in a 877w?

Answered Question
Mar 31st, 2008

Hi, I have just received a Cisco 877w and it is configured to use WEP. I was wondering if it possibel to use WPA or even better WPA2?

Here is the wireless config:

interface Dot11Radio0

no ip address

!

encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx transmit-key

encryption key 2 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx

encryption key 3 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx

encryption key 4 size 128bit 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx

encryption mode wep mandatory

!

ssid mynet

authentication open

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

ip virtual-reassembly

ip tcp adjust-mss 1400

bridge-group 1

What would I need to change, it seem the VLAN1 is bridged across to the BVI1 interface?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Hi

The 877W will support WPA. Try something like this:

dot11 ssid mynet

vlan 1

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 1411145255012F737C2C376275100440550354585906005D5149

!

!

interface Dot11Radio0

no ip address

!

encryption vlan 1 mode ciphers aes-ccm

!

ssid mynet

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

whiteford Mon, 03/31/2008 - 08:38

Thanks,

Do I not use the "interface Dot11Radio0"

I see you use "dot11 ssid mynet"?

Does it matter if I bridge the Vlan1 or Bvi1?

Thanks

Hi

Sorry for the delay in getting back to you, I was travelling home, and only just picked up your post.

Int Bvi1 will be the logical interface for your bridge-group 1. You will assign the IP address for your Vlan 1 / wireless network to this interface. You will assign both the interface vlan 1 and interface dot11Radio0 to this bridge-group.

Create the dot11 ssid mynet globally, and apply the authentication commands etc to this, then under int dot11Radio 0 you will assign this ssid, and the encryption method you are going to use. I just put AES in as an example.

Hope this helps

Martin

whiteford Tue, 04/01/2008 - 00:19

Thanks Martin, just got into work to pick this up.

Do you have an example on how this might look in the config? I'm use to 837,877's and etc in CLI but this wireless side has confused me :)

What's confusing is I use "interface Dot11Radio0" where my ssid is, but what is this new "dot11" ssid name etc?

Sorry for the questions, is the bvi the interface for the wireless users and the vlan1 just for ethernet users then?

Thanks in advanced Martin.

Actions

This Discussion