I am going to one our companies remote sites to install a wireless access point card into a Cisco 2851 router. I have never installed one before so I read the 188 page manual and my head is spinning. It shows you how to do everything under the Sun.
All I think that I need is a simple situation but with enough security to keep most everybody away but those that need to be. I don't want to have another subnet and I don't think that I need a separate VLAN. I want the PC's at this site to use the Windows server for DHCP with the same subnet as the wired PC's. I would like to apply WPA with sufficient encryption and think I only need 1 SSID.
Will anyone share their expertise on the WPA issue and does anyone have a config example that they might share with me? I would surely appreicate it.
Hahaha, man , welcome to the club. I've been doing that for the past 10 days. I can only help You with this. It's a simple bridge configuration with WEP. To configure WPA you'll have to have a different last name, like Einstein for instance :-) . Since I was too stupid to do that, here's what I did manage to do .
configure terminal bridge irb // creating bridge bridge 1 route ip // name it bridge 1
This will create new interface BVI1 . From now one you setup everything IP address, DHCP, ACL's for this interface. Make sure that before you create this bridge your Fa0/0 or Fa0/1 and Dot11Radio 0/0/0 or whatever ports you are using, don't have ip addresses setup.
interface bvi 1 ip address 10.0.1.2 255.255.255.0 end
setting IP for bridge
copy running-config startup-config
Listen, It's kinda confusing since I've setup routing mode not bridge. If you want working setup for that I can give You , no problem. I have AP1200 too along with HWIC-AP . It looks like HWIC is a liitle Lite version on options. WPA is hell to start, and I have problem with mobile phones. They don't see AP at all. Dont go with Cisco Configuration Professional since Wireless AP 2.5 is NOT working with HWIC . It's a registered problem , and everything points to CLI. One thing I'm not sure of is why the hell there are not few simple configurations for AP with WPA or WPA2 on the net. Every single one has a line or two that does'nt work with HWIC. I think I'm gonna plug WRT54GL into switch and everything will workl like a charm. It's just that this thing is making me furious.
Apologies for digging up an old thread. I've been playing with my 2851 with an HWIC-AP installed and setting up multiple SSIDs. With the following config I have been able to connect my Samsung tablet to the AP and obtain an IP address. I've yet to set up routing, NAT, ZBPF and the ADSL access. It is still a work in progress. All passwords were generated with an online random password generator.
clock timezone Sydney 10 0 clock summer-time sydney date Oct 4 2015 2:00 Apr 3 2016 2:00 ! dot11 syslog ! dot11 ssid xxx.guest vlan 20 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 0 uBUFXQjBqY ! dot11 ssid xxx.mgt vlan 10 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 0 DPy3KT4hEs ! dot11 ssid xxx.user vlan 30 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 0 4A3PmF7CCq ! ip source-route ! ! ip cef ! ip dhcp excluded-address 10.1.1.1 10.1.1.230 ip dhcp excluded-address 22.214.171.124 126.96.36.199 ip dhcp excluded-address 188.8.131.52 184.108.40.206 ! ! ! ip dhcp pool 10.xxx.mgt import all network 10.1.1.0 255.255.255.0 domain-name mgt.xxx.local default-router 10.1.1.5 dns-server 220.127.116.11 18.104.22.168 option 42 ip 10.1.1.1 lease 7 ! ip dhcp pool 20.xxx.guest import all network 22.214.171.124 255.255.255.0 domain-name guest.xxx.local default-router 126.96.36.199 dns-server 188.8.131.52 184.108.40.206 option 42 ip 10.1.1.1 lease 7 ! ip dhcp pool 30.xxx.user import all network 220.127.116.11 255.255.255.0 domain-name user.xxx.local default-router 18.104.22.168 dns-server 22.214.171.124 126.96.36.199 option 42 ip 10.1.1.1 lease 7 ! ! ! bridge irb ! ! ! interface Loopback0 ip address 188.8.131.52 255.255.255.255 ! interface GigabitEthernet0/0 ip address 192.168.1.5 255.255.255.0 duplex full speed 1000 ! interface GigabitEthernet0/1 ip address 172.16.1.5 255.255.255.0 duplex full speed 1000 ! ! ! interface Dot11Radio0/3/0 no ip address ! encryption vlan 10 mode ciphers aes-ccm tkip ! encryption vlan 20 mode ciphers aes-ccm tkip ! encryption vlan 30 mode ciphers aes-ccm tkip ! ssid xxx.guest ! ssid xxx.mgt ! ssid xxx.user ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0/3/0.10 description xxx.mgt_subint encapsulation dot1Q 10 bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding ! interface Dot11Radio0/3/0.20 description xxx.guest_subint encapsulation dot1Q 20 bridge-group 20 bridge-group 20 subscriber-loop-control bridge-group 20 spanning-disabled bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding ! interface Dot11Radio0/3/0.30 description xxx.user_subint encapsulation dot1Q 30 native bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 spanning-disabled bridge-group 30 block-unknown-source no bridge-group 30 source-learning no bridge-group 30 unicast-flooding ! interface BVI10 ip address 10.1.1.5 255.255.255.0 ! interface BVI20 ip address 184.108.40.206 255.255.255.0 ! interface BVI30 ip address 220.127.116.11 255.255.255.0 ! ! ! bridge 10 route ip bridge 20 route ip bridge 30 route ip ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous length 512 width 100 stopbits 1 line aux 0 line vty 0 4 exec-timeout 0 0 privilege level 15 logging synchronous terminal-type exit length 0 width 250 transport input ssh transport output ssh line vty 5 15 exec-timeout 0 0 privilege level 15 logging synchronous terminal-type exit length 0 width 250 transport input ssh transport output ssh ! scheduler allocate 20000 1000 ntp source GigabitEthernet0/0 ntp server 10.1.1.1 prefer end
I hope this config is of use to someone. It is a good starting point.
I don't get it. Why install a hardware that will reside inside a router and away from the clients when you could've used an access point, configure it the same way, and install it near or around the clients.
It is an installation with only 8 offices so it is not widespread. The boss wanted to try it so we are going to. The offices are all wired so it will really be for visitors for the home office. I have noticed you with several postings on wireless problems. Do you have any sample configs with the requirements I have put forth.