cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1666
Views
10
Helpful
15
Replies

871 wireless setup

frankm
Level 1
Level 1

I am trying to get an 871 soho router wireless connections to work.

The SDM is useless.

I have tried to find docs on how and why and what to do - but no luck.

Been at the this for a week. Got the DSL and fw parts working, but not

wireless.

I have a Authentication Open setup - guest-mode enabled.

So I should be pretty wide open for connections.

I can see the SSID on a client PC, but cannot connect.

I'm running DHCP to clients

--------------------

config below

--------------------

bridge irb

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dot11Radio0

no ip address

!

ssid 1138

vlan 1

authentication open

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0

48.0 54.0

station-role root

no cdp enable

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

ip address 192.168.0.109 255.255.255.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly

!

interface Dialer1

description $FW_OUTSIDE$

mtu 1492

ip address negotiated

ip access-group 103 in

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxx@xxxxxx.net password xxx

ppp ipcp dns request accept

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer1 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 remark auto-generated by Cisco SDM Express firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto-generated by Cisco SDM Express firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 deny ip 192.168.0.0 0.0.0.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny ip host 255.255.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

access-list 103 remark auto generated by SDM firewall configuration

access-list 103 remark SDM_ACL Category=1

access-list 103 deny ip 192.168.0.0 0.0.0.255 any

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any unreachable

access-list 103 deny ip 10.0.0.0 0.255.255.255 any

access-list 103 deny ip 172.16.0.0 0.15.255.255 any

access-list 103 deny ip 192.168.0.0 0.0.255.255 any

access-list 103 deny ip 127.0.0.0 0.255.255.255 any

access-list 103 deny ip host 255.255.255.255 any

access-list 103 deny ip host 0.0.0.0 any

access-list 103 deny ip any any log

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

1 Accepted Solution

Accepted Solutions

Stephen Rodriguez
Cisco Employee
Cisco Employee

interface Dot11Radio0

no ip address

!

ssid 1138

no vlan 1

!

interface Vlan1

no ip address 192.168.0.109 255.255.255.0

no ip nat inside

bridge-group 1

!

interface BVI 1

ip address 192.168.0.109 255.255.255.0

ip nat inside

!

end

Cut these commands in. I'll assume that if you are doing DHCP from a server and not the router. If you wish to use the router, you'll need to configure a DHCP pool.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

15 Replies 15

a.hajhamad
Level 4
Level 4

The following commands will config wireless access using pre-shared key:

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers tkip // Encryption mode for WPA since WPA2 is not supported at Cisco 800 integrated routers

!

ssid Free // SSID name

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 Cisco123 // the pre-shared Key that will be used for users whom connect using wireless

!

I hope to be helpful!

Please rate if it does!

Regards

Abd Alqader

Thanks, I'll keep this for when I get to the security part. Right now I am just trying to get a wireless client connected. That's why I left the encryption / auth open, so I can start simple and once I get the connectivity working, I can add things. I can see the ssid broadcast but cannot connect.

No BVI interface?

What the client wireless adapter?

Two different machines - one is a usr pcmcia on a dell (winXP) and the other is a broadcom internal on a compaq (winXP)

I have the same problem with connectivity. I can see SSID, but unable to get ip address from DHCP pool.

I think ??? it has something with the bridge-group and the bvi. But I can't get ANY descriptions of what does what and fits where. It seesm that the BVI allows communication between routed (wan) and bridged (internal) topologies. The problem is: what to plug in and where and what else do I hose.

Yep - no BVI - whatever that is. It was there when I called cisco tech support and was gone after he got out. I am finding VERY little info on how to configure this device. I can navigate the cli, but the pieces are greek to me. I see a lot of articles showing the config - but not what should be done and why.

i think, if you move the commands from your vlan 1 interface, and put them in a bvi interface, that should take care of it. just do this from the config prompt.

int bvi1

(then just take the commands off of interface vlan 1 and put them in bvi1)

I beleive you should use BVI interface, you should put DotRadio0 interface and vlan1 interface into bridge-group1 and remove the IP and NAT configurations from vlan 1 to bvi interface. Hope the following configuraiton example helps:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/85x87x/857swcg/eng/pt2/wireless.htm

Stephen Rodriguez
Cisco Employee
Cisco Employee

interface Dot11Radio0

no ip address

!

ssid 1138

no vlan 1

!

interface Vlan1

no ip address 192.168.0.109 255.255.255.0

no ip nat inside

bridge-group 1

!

interface BVI 1

ip address 192.168.0.109 255.255.255.0

ip nat inside

!

end

Cut these commands in. I'll assume that if you are doing DHCP from a server and not the router. If you wish to use the router, you'll need to configure a DHCP pool.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

WOO HOO !!!!!!!!!!!

Thanks to everyone for your help. I have pppoe connection, dns resolution, wireless connectivity, wired lan connectivity and encryption flying. Kinda like pulling teeth from a duck, but works. My last thing is mac filtering, but that should relatively easy.

Hey - again thanks. The config in the replied-to post got me almost all the way there.

Remember - for every item that you learn - it exposes 5 more things you didn't know that you didn't know. Therefore I am getting more and more incompetent.

You could also just give the radio interface its own IP address and make it a routed subnet. Skip the bvi config entirely. Just make sure to create an appropriate DHCP scope for it, and add subnet to any NAT rules or ACLS. The benefit here is that, among a lot of other things, you could apply QoS differently for wireless, different ACLs, and could even (depending on your setup) create a 'guest' SSID that routes directly out to the Internet.

interface Dot11Radio0

description wireless internal net

ip address 192.168.2.1 255.255.255.0

! ip helper will forward DHCP broadcasts from

! the wireless subnet to a server on the wired subnet

! not necessary if using IOS DHCPD

ip helper-address 192.168.1.2

ip nat inside

ip virtual-reassembly

!

ssid private

authentication open

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description wired internal network

ip address 192.168.1.1 255.255.255.0

ip nat inside

vpn#show ip route connected

200.100.17.0..0/30 is subnetted, 1 subnets

C 200.100.17.16 is directly connected, FastEthernet4

C 192.168.1.0/24 is directly connected, Vlan1

C 192.168.2.0/24 is directly connected, Dot11Radio0

192.168.3.0/32 is subnetted, 1 subnets

C 192.168.3.1 is directly connected, Loopback1

mirosmanali
Level 1
Level 1

I hope this may help you, note that in this scenario the DHCP was configured from the server, if your setup is not the same then you have to define the DHCP scope on the AP.

Current configuration : 1823 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP_NAME

!

enable secret xxx

!

ip subnet-zero

ip domain name somecompany.com.sa

ip name-server [DNS Primary IP]

ip name-server [DNS Secondary IP]

!

!

no aaa new-model

!

dot11 ssid CORE_AP_HG4_01

vlan 2

authentication open

guest-mode

!

!

!

username Cisco password xxxxxxxx

!

bridge irb

!

!

interface Dot11Radio0

bandwidth 55296

no ip address

no ip route-cache

!

encryption vlan 2 key 1 size 40bit xxx transmit-key

encryption vlan 2 mode wep mandatory

!

ssid AP_ITDPT

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

!

interface Dot11Radio0.2

encapsulation dot1Q 2 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.2

encapsulation dot1Q 2 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.80.12.224 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.10.115 {Cisco Switch IP Address}

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

transport preferred all

transport output all

line vty 0 4

login local

transport preferred all

transport input all

transport output all

line vty 5 15

login

transport preferred all

transport input all

transport output all

!

end

Best of Luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: