cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3129
Views
0
Helpful
4
Replies

HWIC-AP-AG-B

ROBERT ISAACS
Level 1
Level 1

Hello all,

     I am going to one our companies remote sites to install a wireless access point card into a Cisco 2851 router. I have never installed one before so I read the 188 page manual and my head is spinning. It shows you how to do everything under the Sun.

     All I think that I need is a simple situation but with enough security to keep most everybody away but those that need to be. I don't want to have another subnet and I don't think that I need a separate VLAN. I want the PC's at this site to use the Windows server for DHCP with the same subnet as the wired PC's. I would like to apply WPA with sufficient encryption and think I only need 1 SSID.

     Will anyone share their expertise on the WPA issue and does anyone have a config example that they might share with me? I would surely appreicate it.

Thanks a bunch,

RI

4 Replies 4

vuckovic75
Level 1
Level 1

Hahaha, man , welcome to the club. I've been doing that for the past 10 days. I can only help You with this. It's a simple bridge configuration with WEP. To configure WPA you'll have to have a different last name, like Einstein for instance :-) . Since I was too stupid to do that, here's what I did manage to do .

configure terminal
bridge irb             // creating bridge
bridge 1 route ip // name it bridge 1

This will create new interface BVI1 . From now one you setup everything IP address, DHCP, ACL's for this interface. Make sure that before you create this bridge your Fa0/0 or Fa0/1 and Dot11Radio 0/0/0 or whatever ports you are using, don't have ip addresses setup.

dot11 ssid ssid1
authentication open
exit

Not sure if this will work on HWIC-AP?


interface dot11Radio 0/0/0
encryption mode wep mandatory
encryption key 1 size 40bit 11aa33bb55
ssid ssid1
exit


bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
no shutdown
exit

Hell, I don't know what this is all about

interface vlan 1
bridge-group 1
bridge-group 1 spanning-disabled
exit

You could skip vlan section if you don't use them

interface bvi 1
ip address 10.0.1.2 255.255.255.0
end

setting IP for bridge

copy running-config startup-config

Listen, It's kinda confusing since I've setup routing mode not bridge. If you want working setup for that I can give You , no problem. I have AP1200 too along with HWIC-AP . It looks like HWIC is a liitle Lite version on options. WPA is hell to start, and I have problem with mobile phones. They don't see AP at all. Dont go with Cisco Configuration Professional since Wireless AP 2.5 is NOT working with HWIC . It's a registered problem , and everything points to CLI. One thing I'm not sure of is why the hell there are not few simple configurations for AP with WPA or WPA2 on the net. Every single one has a line or two that does'nt work with HWIC. I think I'm gonna plug WRT54GL into switch and everything will workl like a charm. It's just that this thing is making me furious.

Apologies for digging up an old thread. I've been playing with my 2851 with an HWIC-AP installed and setting up multiple SSIDs. With the following config I have been able to connect my Samsung tablet to the AP and obtain an IP address. I've yet to set up routing, NAT, ZBPF and the ADSL access. It is still a work in progress. All passwords were generated with an online random password generator.

clock timezone Sydney 10 0
clock summer-time sydney date Oct 4 2015 2:00 Apr 3 2016 2:00
!
dot11 syslog
!
dot11 ssid xxx.guest
vlan 20
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 uBUFXQjBqY
!
dot11 ssid xxx.mgt
vlan 10
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 DPy3KT4hEs
!
dot11 ssid xxx.user
vlan 30
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 4A3PmF7CCq
!
ip source-route
!
!
ip cef
!
ip dhcp excluded-address 10.1.1.1 10.1.1.230
ip dhcp excluded-address 20.1.1.1 20.1.1.230
ip dhcp excluded-address 30.1.1.1 30.1.1.230
!
!
!
ip dhcp pool 10.xxx.mgt
import all
network 10.1.1.0 255.255.255.0
domain-name mgt.xxx.local
default-router 10.1.1.5
dns-server 103.26.62.218 8.8.8.8
option 42 ip 10.1.1.1
lease 7
!
ip dhcp pool 20.xxx.guest
import all
network 20.1.1.0 255.255.255.0
domain-name guest.xxx.local
default-router 20.1.1.5
dns-server 103.26.62.218 8.8.8.8
option 42 ip 10.1.1.1
lease 7
!
ip dhcp pool 30.xxx.user
import all
network 30.1.1.0 255.255.255.0
domain-name user.xxx.local
default-router 30.1.1.5
dns-server 103.26.62.218 8.8.8.8
option 42 ip 10.1.1.1
lease 7
!
!
!
bridge irb
!
!
!
interface Loopback0
ip address 2.8.5.2 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.1.5 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet0/1
ip address 172.16.1.5 255.255.255.0
duplex full
speed 1000
!
!
!
interface Dot11Radio0/3/0
no ip address
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 20 mode ciphers aes-ccm tkip
!
encryption vlan 30 mode ciphers aes-ccm tkip
!
ssid xxx.guest
!
ssid xxx.mgt
!
ssid xxx.user
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0/3/0.10
description xxx.mgt_subint
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0/3/0.20
description xxx.guest_subint
encapsulation dot1Q 20
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Dot11Radio0/3/0.30
description xxx.user_subint
encapsulation dot1Q 30 native
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 spanning-disabled
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
!
interface BVI10
ip address 10.1.1.5 255.255.255.0
!
interface BVI20
ip address 20.1.1.5 255.255.255.0
!
interface BVI30
ip address 30.1.1.5 255.255.255.0
!
!
!
bridge 10 route ip
bridge 20 route ip
bridge 30 route ip
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
length 512
width 100
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
terminal-type exit
length 0
width 250
transport input ssh
transport output ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
logging synchronous
terminal-type exit
length 0
width 250
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp server 10.1.1.1 prefer
end

R2852#

I hope this config is of use to someone. It is a good starting point.

Leo Laohoo
Hall of Fame
Hall of Fame

I don't get it.  Why install a hardware that will reside inside a router and away from the clients when you could've used an access point, configure it the same way, and install it near or around the clients.

It is an installation with only 8 offices so it is not widespread. The boss wanted to try it so we are going to. The offices are all wired so it will really be for visitors for the home office. I have noticed you with several postings on wireless problems. Do you have any sample configs with the requirements I have put forth.

Thanks,

RI

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: