• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cisco 871w WEP and WPA

narzy

narzy

Elite Member
I''m trying to configure WEP and WPA as part of a lab on the Cisco 871w router we have and I keep getting stuck, below is my configuration with all of the WEP and WPA stuff stripped out of it because it simply doesn't work. Some guidance would be greatly appreciated.

PS: I know WEP is crap, but the lab wants me to show that I can configure it anyway.

enable
config t
hostname Tim
username cisco privilege 15 secret 0 class
no aaa new-model
ip subnet-zero
ip cef

ip dhcp excluded-address 10.10.10.1

ip dhcp pool Tim
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 2

no ip domain lookup
ip domain name tech.div
ip ips po max-events 100
no ftp-server write-enable

interface FastEthernet0
no ip address
no cdp enable
no shutdown

interface FastEthernet1
no ip address
no cdp enable
no shutdown

interface FastEthernet2
no ip address
no cdp enable
no shutdown

interface FastEthernet3
no ip address
no cdp enable
no shutdown

bridge irb

interface FastEthernet4
ip address dhcp
ip nat outside
no shutdown
duplex auto
speed auto
no cdp enable
ip route 0.0.0.0 0.0.0.0 dhcp

interface Dot11Radio0
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

ssid Tim
vlan 1
authentication open
guest-mode
station-role root
no cdp enable
no shutdown
no ip address

interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disable
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

interface vlan1
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled

interface BVI1
description wired network
ip address 10.10.10.1 255.255.255.0
ip nat inside
bridge 1 route ip

ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 700 permit 001e.e5e7.4a31 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
dot11 association mac-list 700
no cdp run

line con 0
login local
no modem enable
logging synchronous
transport preferred all
transport output all

line aux 0
transport preferred all
transport output all

line vty 0 4
access-class 23 in
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all

 
ok, thanks spidey, I'll give the link a read and see if I can't make some sense out of it all. Would I enable the encryption on the vlan? and then bridge the dot11 to the vlan?
 
You enable and specify the encryption for a specific wireless vlan on the dotradio interface and then specify the authentication on the ssid. The vlan and BVI are just to link the layer2 wireless VLAN that you created together - in essence bridging the wireless vlan to the wired side (that's what all the bridging commands and bridge groups are for). Link has more details. It's tough to get your head around it unless you've done it before.

I've never done it on a 871 before but on APs you also create sub interfaces on the fastethernet port and use 802.1q trunking to have the multiple layer2 VLANs tagged. The link doesn't show that however. But now that I think about it you probably don't have to do that because it's a router and you really are just routing the wireless vlans to your fastethernet interface.
 
ok, that makes better sense. First time configuring wireless on a cisco device so definitely new territory. That mixed with my very rusty IOS skills (which allowed me to brick a router...'erase flash' is NOT the same as 'write erase' 😉 ) has made this more difficult then it needs to be. I'll try to sit down with the router again and get this hammered out. Back to the CCNA books for me 🙁
 
got it working, thanks so much spidey 😀 I'll post the config I had to use after I'm done with the write up 🙂.
 
Too blow your mind a little bit more, if you use a lightweight solution you can have WPA2 and WEP on the same SSID/layer2 network. Very handy for migrating.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top