Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Base wireless config - 1811w router

Greetings,

Is there any chance someone could sketch out a basic wireless configuration for a SOHO Cisco 1811W router? I just need the wireless to connect to the base wired LAN - with both WEP and MAC authentication. And - can the MAC auth. parameters be configured via CLI and not have to use either SDM or CP? I can access the router via SDM - but the Wirless Application will not fire up - and CP doesn't work at all.

Thanks for any assistance you can lend.

18 REPLIES
New Member

Re: Base wireless config - 1811w router

One more thing - SDM loads, but I get "webpage cannot be found" when I attempt to Launch Wireless Application.

the path listed:

http://10.10.10.1/archive/flash:wlaui/html/level/15/atg_express-setup.shtml

Silver

Re: Base wireless config - 1811w router

I'm not too familiar with the web GUIs for Cisco routers. Can you upload your CLI configuration for us to take a look at? ISRs are tricky to configure properly. They require proper configuration of bridge-groups, which is automatically handled on Cisco APs via its web GUI.

New Member

Re: Base wireless config - 1811w router

I agree. APs are much easier to setup for wireless.

As I said - I basically just need to extend the wired LAN IP scheme to the wireless - but also need to force static WEP cypher and require MAC. It's probably easy to set this up using the Wireless Application in SDM (or CP), but in my case - SDM works but fails to load the wireless application.

Thanks for taking a swag at this. First time using the 1811W router.

Silver

Re: Base wireless config - 1811w router

I'm not sure what you mean by "require MAC". Are you saying that you want to do local MAC authentication?

Try these configuration lines:

conf t

ssid Wireless

authentication open

interface Dot11Radio0

encryption key 1 size 128bit WEP_KEY transmit-key

encryption mode wep mandatory

bridge-group 1

interface Vlan 1

bridge-group 1

bridge 1 route ip

Note that you can use 64bit instead of 128bit encryption if you so desire. Hopefully this works, let me know if it doesn't.

New Member

Re: Base wireless config - 1811w router

Yes - I need to be able to configure a list of MAC addresses on the router as a requirement for connecting approved devices. Simple on an AP (GUI), but I don't have that ability on this router - SDM works, but Wireless Application doesn't.

Thanks.

New Member

Re: Base wireless config - 1811w router

OK - tried your suggestions. Last command - 'bridge 1 route ip' triggered a prompt to turn irb on. The two radios immediately went to reset:

Dot11Radio0 unassigned YES NVRAM reset down

Dot11Radio1 unassigned YES NVRAM reset down

So I attempted to create BVI. Here is the current config - radios still in reset.

Hope I haven't messed things up too bad.

Silver

Re: Base wireless config - 1811w router

You're right that you need "bridge irb", I forgot about that command.

If you have the BVI enabled, you don't need the bridge-group 1 on your VLAN 1 interface. Remove that and see if it works.

Also, did your SSID get wiped? You'll need to create it again. That's probably why your radios are down - they are only up if there's an SSID attached.

Try this:

conf t

dot11 ssid Wireless

auth open

int dot0

ssid Wireless

New Member

Re: Base wireless config - 1811w router

Again - thank you for all of your assistance.

That did the trick - but I still don't see the ssid broadcast to be able to connect to the wireless. Also - will I need to add 'ssid Wireless' to Dot1 in order to have that working as well?

Silver

Re: Base wireless config - 1811w router

To enable the SSID broadcast, add the config line "guest-mode" to the dot11 ssid command:

conf t

dot11 ssid Wireless

guest-mode

And yes, adding "ssid Wireless" to your Dot1 interface will bring up that radio as well.

Glad to see this is working for you. Let me know if you continue to have issues.

Jeff

New Member

Re: Base wireless config - 1811w router

OK - and thanks once more.

Attached is my final (hopefully) masked config. Still don't know how to set up the MAC address list for the 'authentication open mac-address . I originally set this up to test on my LAN, but need to get this out to the remote site - so going with best effort.

The guest-mode parameter worked for broadcasting the ssid and wep worked - but it only allowed access to the Internet and not the local LAN.

This config has the following req.'s:

1. wired and wireless LAN access

2. IPSEC to home office for both

3. wep amd mac-address authen. for wireless.

Is this coming close IYHO?

Thanks.

Silver

Re: Base wireless config - 1811w router

Sorry for the late response.

Try the following for local MAC authentication:

access-list 700 permit xxxx.xxxx.xxxx 0000.0000.0000

access-list 700 permit xxxx.xxxx.xxxx 0000.0000.0000

.

.

.

dot11 association mac-list 700

As for local/Internet traffic, if you can get to the Internet then your configuration on the AP is fine. It sounds like you have a problem with an ACL blocking you from local traffic. I don't see where it's getting blocked, though, unless it's somewhere else on the network. Try running a "show access-list" command while pinging local addresses and see if any of them are catching the traffic. You can tell by observing whether the matches are increasing as you ping.

New Member

Re: Base wireless config - 1811w router

Jeff,

Forgive my ignorance ...

is the access-list defined as

access-list 700 permit 0000.0000.0000.0000

... and there would need to be a similar entry for each allowed MAC?

Silver

Re: Base wireless config - 1811w router

Correct. Sorry, I should have clarified that in my post. List the MAC address in the form hhhh.hhhh.hhhh, where h = a hex number. 0000.0000.0000 is the mac wildcard mask to specify that only that address is specified. Simply list all of them out, then enter the permit any any statement at the end.

It's a pain to assemble, but you can easily copy/paste it to each AP. It's just cumbersome.

Just to toss this out there, but unless you need MAC authentication for a specific reason, there's almost no reason to use it. Wireless clients broadcast MAC addresses in the clear regardless of encryption used, and MAC addresses are easily spoofed. In other words, MAC authentication really only exists for organizational purposes. As for security, it's more or less worthless.

New Member

Re: Base wireless config - 1811w router

Jeff,

Thanks for all of you help. This will get me over the hurtle. I know MAC isn't the most trustworthy, but perhaps that coupled with WEP might be useful. I don't know what else I can use that could be enbabled on the router - since I do not have a RADIUS server avail.

Again, thank you!!

Silver

Re: Base wireless config - 1811w router

Glad to help!

Without a RADIUS server, the best thing you can use is WPA-PSK. It configures almost identically to a WEP key, but the encryption and handshake protocols are much stronger. If you want to give it a try:

dot11 ssid Wireless

authentication open

authentication key-management wpa

wpa-psk ascii WPA_PASSWORD

guest-mode

int dot0

encryption mode ciphers aes-ccm tkip

ssid Wireless

(The tkip is required for legacy WPA clients, but can/should be omitted if possible)

New Member

Re: Base wireless config - 1811w router

OK (sorry for the long delay)

I seem to have no problem authenticating to the router - using WPA-PSK - but cannot pick up an IP address via DHCP.

Does the config for that look correct?

Thanks again.

New Member

Base wireless config - 1811w router

Hi,

I have been following this discussion and I have exactly the same problem.

Everything is already set. I followed the configuration above and I'm stock at "Why can't the wireless device or the dot11 radio obtain ip from dhcp server?"

Any answer is very much appreciated.

New Member

Base wireless config - 1811w router

Hi,

I have been following this discussion and I have exactly the same problem.

Everything is already set. I followed the configuration above and I'm stock at "Why can't the wireless device or the dot11 radio obtain ip from dhcp server?"

Any answer is very much appreciated.

1950
Views
0
Helpful
18
Replies