how-to block ads
|
| | | | FAQ Revisions | Editors: skj  , Covenant , aryoba , Phraxos
Last modified on 2009-11-27 07:30:01
| |
|
|
50.8 Wireless·Wireless Router Sample Configuration
·Various sample configuration using Wireless as backbone network
·Configuring AP to trunk to Layer 3 Switch
·Upgrading the CISCO AIRONET MODEL AIR-AP-1220B-x-K9 VXWorks OS to IOS
·Cisco AP with authentication server
| | | Suggested prerequisite reading
»Cisco Forum FAQ »Things to expect when setup network for home or small business
1. Router with integrated ADSL module running PPPoE
As illustration, the router used is Cisco 1841 router with wireless module. This sample configuration assumes the followings
* The Qwest uses 0/32 as the VPI/VCI which may not reflect your ISP VPI/VCI value. Confirm with your ISP regarding the value.
* ISP connection is DSL with PPPoE
* The router receives static IP address from ISP
* Default gateway is received from the ISP PPP negotiation
* There is a public server sitting behind the router, open to any inbound and outbound traffic
* There is NAT/PAT on the router between local subnet of 10.10.0.0/22 (behind the BVI, FA0/0, and FA0/1) and the ISP Public IP address (in front of the Dialer0 interface)
* Router is in IRB (Integrated Routing Bridging) mode
* The Wired LAN interfaces (FA0/0 and FA0/1) are Layer 3 interfaces, where the FA0/0 is the Inside (Trusted) and FA0/1 is the DMZ
* There is one "dumb switch" behind each one of the Wired LAN interfaces
* DMZ interface is set for servers
* Inside interface is set for local users' workstation and printers
* Workstations and printers receive dynamic IP address via DHCP within 10.10.1.0/24 subnet
* Wireless users receive dynamic IP address via DHCP within 10.10.3.0/24 subnet
* The Radio and BVI interfaces are within the same broadcast domain, where the BVI is the Layer 3 interface
* No layer 2 trunking to external network device
* Wireless encryption type is WPA
Sample Configuration
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone Arizona -7
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp excluded-address 10.10.1.1
ip dhcp excluded-address 10.10.3.1
!
ip dhcp pool Inside
network 10.10.1.0 255.255.255.0
dns-server 205.171.3.65 4.2.2.1
default-router 10.10.1.1
!
ip dhcp pool Wireless
import all
network 10.10.3.0 255.255.255.0
dns-server 205.171.3.65 4.2.2.1
default-router 10.10.3.1
lease 3
!
!
multilink bundle-name authenticated
!
!
!
!
username xxxxxxx privilege 15 secret 5 xxxxxxxxxx
!
bridge irb
!
!
!
interface Loopback0
ip address 10.10.0.1 255.255.255.255
!
interface FastEthernet0/0
description Inside LAN
ip address 10.10.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description DMZ
ip address 10.10.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface ATM0/0/0
description ADSL WAN port
no ip address
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dot11Radio0/1/0
description Wireless interface
no ip address
no ip redirects
ip local-proxy-arp
ip virtual-reassembly
!
encryption vlan 1 mode ciphers tkip
!
ssid azwinters
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
no cdp enable
!
interface Dot11Radio0/1/0.1
description Wireless VLAN 1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dialer0
description ADSL WAN Dialer
ip address 71.216.xxx.xxx 255.255.255.0
ip mtu 1492
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxx@qwest.net
ppp chap password 0 xxxxxxxxx
ppp pap sent-username xxxxxxxxx@qwest.net password 0 xxxxx
ppp ipcp route default
!
!
interface BVI1
description Wireless LAN
ip address 10.10.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static 10.10.2.254 71.xxx.xxx.xxx
!
access-list 1 permit 10.10.0.0 0.0.3.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
no scheduler allocate
ntp clock-period 17175169
ntp server 132.163.4.101 source Dialer0 prefer
ntp server 148.167.132.200 source Dialer0 prefer
ntp server 207.10.214.111 source Dialer0 prefer
end
2. Router with integrated ADSL module running PPPoA
This sample configuration assumes the followings
* The Qwest uses 0/32 as the VPI/VCI which may not reflect your ISP VPI/VCI value. Confirm with your ISP regarding the value.
* ISP connection is DSL with PPPoA
* The router receives static IP address from ISP
* Default gateway is received from the ISP PPP negotiation
* There is a public server sitting behind the router, open to any inbound and outbound traffic
* There is NAT/PAT on the router between local subnet of 192.168.2.0/24 (behind the BVI as the Layer-3 interface and FA0/0 - FA0/3 as the Layer-2 interfaces; and Radio interface) and the ISP Public IP address (in front of the Dialer0 interface)
* Router is in IRB (Integrated Routing Bridging) mode
* The Radio and BVI interfaces are within the same broadcast domain, where the BVI is the Layer 3 interface
* No layer 2 trunking to external network device
* The router is running CBAC as IOS-based Firewall
Sample Configuration
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
aaa session-id common
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
!
crypto pki trustpoint TP-self-signed-3720820174
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3720820174
revocation-check none
rsakeypair TP-self-signed-3720820174
!
!
crypto pki certificate chain TP-self-signed-3720820174
certificate self-signed 01
!KEY GOES HERE
quit
!
dot11 ssid Es38ufd
authentication open
!
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.21 192.168.2.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 205.171.3.65 205.171.2.65
!
!************Various DHCP Bindings were here*****************
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name sdm_ins_in_100 cuseeme
ip inspect name sdm_ins_in_100 dns
ip inspect name sdm_ins_in_100 ftp
ip inspect name sdm_ins_in_100 h323
ip inspect name sdm_ins_in_100 https
ip inspect name sdm_ins_in_100 icmp
ip inspect name sdm_ins_in_100 imap
ip inspect name sdm_ins_in_100 pop3
ip inspect name sdm_ins_in_100 rcmd
ip inspect name sdm_ins_in_100 realaudio
ip inspect name sdm_ins_in_100 rtsp
ip inspect name sdm_ins_in_100 esmtp
ip inspect name sdm_ins_in_100 sqlnet
ip inspect name sdm_ins_in_100 streamworks
ip inspect name sdm_ins_in_100 tftp
ip inspect name sdm_ins_in_100 tcp
ip inspect name sdm_ins_in_100 udp
ip inspect name sdm_ins_in_100 vdolive
no ip bootp server
ip domain lookup source-interface Dialer0
ip name-server 205.171.3.65
ip name-server 205.171.2.65
!
!
!
file verify auto
username xxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxx
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
no snmp trap link-status
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode ansi-dmt
dsl enable-training-log
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid Es38ufd
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect sdm_ins_in_100 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxx password 7 xxxxxxxxxxxxxxxxxxx
ppp ipcp route default
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark HTTP Access-class list
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.2.0 0.0.0.255
access-list 3 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp host 205.171.2.65 eq domain any
access-list 103 permit udp host 205.171.3.65 eq domain any
access-list 103 remark Auto generated by SDM for NTP (123) 132.163.4.101
access-list 103 permit udp host 132.163.4.101 eq ntp any eq ntp
access-list 103 remark Auto generated by SDM for NTP (123) 128.138.140.44
access-list 103 permit udp host 128.138.140.44 eq ntp any eq ntp
access-list 103 remark Auto generated by SDM for NTP (123) 192.43.244.18
access-list 103 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any unreachable
access-list 103 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 2 in
privilege level 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 132.163.4.101
sntp server 128.138.140.44
sntp server 192.43.244.18
end
3. Router receiving Ethernet hand-off of external modem running DHCP
Following is another wireless router sample configuration with assumptions of
* ISP connection is Cable Internet or DSL with DHCP
* The router receives dynamic IP address from ISP
* Default gateway is received from the ISP DHCP negotiation
* There is NAT/PAT on the router between local subnet of 10.10.10.0/24 (behind the BVI, FA0-3, and Dot11Radio0) and the ISP Public IP address (in front of the FA4 interface)
* Router is in IRB (Integrated Routing Bridging) mode
* FA4 is Layer 3 WAN interface
* The Wired LAN interfaces (FA1, FA2 and FA3) are Layer 2 interfaces (integrated switch) that are members of VLAN 10
* The Wireless LAN interfaces (Dot11Radio0.10) is also a member of VLAN 10
* The Layer-3 interface BVI10 is to "integrate" between Wired and Wireless LAN
* All Wired and Wireless LAN machines receive dynamic IP address via DHCP within 10.10.10.0/24 subnet (exclude 10.10.10.1 - 10.10.10.10)
* No layer 2 trunking to external network device
* Wireless encryption type is WPA
* The router is running CBAC as IOS-based Firewall
Sample Configuration
Current configuration : 5572 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cloud
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool VLAN10
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
domain-name att.net
lease 4
!
!
ip domain lookup
ip domain name att.net
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name MYFW tcp
ip inspect name MYFW udp
!
!
!
crypto pki trustpoint TP-self-signed-1295877613
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1295877613
revocation-check none
rsakeypair TP-self-signed-1295877613
!
!
crypto pki certificate chain TP-self-signed-1295877613
certificate self-signed 01
quit
username morphius privilege 15 password 7
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
!
interface FastEthernet2
switchport access vlan 10
!
interface FastEthernet3
switchport access vlan 10
!
interface FastEthernet4
description WAN interface
ip address dhcp
ip access-group Internet-inbound-ACL in
ip nat outside
ip inspect MYFW out
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers tkip
!
ssid bennachie
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no snmp trap link-status
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Vlan1
no ip address
!
interface Vlan10
description Internal network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface BVI10
description Layer-3 LAN interface to bridge FA1-3 ports
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
!
control-plane
!
bridge 10 protocol ieee
bridge 10 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
password 7
no modem enable
line aux 0
line vty 0 4
password 7
!
scheduler max-task-time 5000
ntp authenticate
ntp source FastEthernet4
ntp server 70.85.188.218
ntp server 67.10.89.177
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
More Sample Configurations
Various PPPoE/PPPoA/DHCP/Static Sample Configuration with Cisco
 feedback form
 feedback form
by aryoba
last modified: 2008-01-07 16:22:01 | | | Two ISP using OSPF to find best default route
Example #1
Equipments used
* Two routers running IOS 12.3
* One PIX Firewall running OS 6.3(5)
* One Layer-3 Switch
* Three Access Points
Network Diagram
Wireless Backbone
ISP 1 --- Router 1 ---- AP 1 o o o o o o o o o o o AP 2 --- Layer-3 Switch --- Router 2 --- ISP 2
| o | |
Room 1 o Room 2 Room 2
Users o Users Servers
o
AP 3
|
PIX Firewall
|
Room 3 Users
Notes:
* All routers, Layer-3 switch, and PIX Firewall run OSPF
* The purpose of using dynamic routing protocol such OSPF is to dynamically find the best default gateway of specific subnet
* You can use any other dynamic routing protocol such as RIP or EIGRP if it is supported on all equipments
* From routing perspectives, all AP (Access Points) are seen as Layer-2 switches with no knowledge of dynamic routing protocol at all
* In this sample configuration, wireless G (54 Mbps) is used although you can use wireless N (300 Mbps) whenever available
Objectives
* AP (Access Points) 1, 2, and 3 are fixed and establish Wireless connection
* All communication between rooms go over the Wireless connection
* Since no communication between rooms is in place without the Wireless connection, the Wireless connection is assumed or called as Wireless Backbone
* The three AP, the Layer-3 switch, Router 1, and PIX Firewall devices are part of and make up the Wireless Backbone infrastructure
* The Router 2 is solely for ISP-2 connection and providing ISP-2 default route to all LAN machines
* No wireless hosts such as laptop, PC, printers, or servers
* All hosts are wired that connect to switch at either Room 1, 2, or 3
* The wireless connection is solely used as Wireless Backbone with no wireless hosts
* AP 1 acts as Root Bridge, AP 2 acts as Workgroup Bridge, and AP 3 acts as Non-Root Bridge
* SSID is used as infrastructure SSID
* SSID is invisible to any wireless hosts or other AP (invisible during SSID scan)
* SSID is only visible and usable by AP 1, 2, and 3
* Encryption used is WPA Temporal Key Integrity Protocol (TKIP) over open authentication with PSK (pre-shared key)
* No DCHP pool over wireless since the wireless connection is solely used as Wireless Backbone with no wireless hosts
* The Wireless Backbone serves one subnet of 10.0.0.0/29; no VLAN, no trunking, and no other SSID use the radio
* All inter-room communication must go through 10.0.0.0/29 subnet
* All Wireless Backbone devices (the three AP, the Layer-3 switch, Router 1, and PIX Firewall) use up available IP address within the 10.0.0.0/29 subnet. In addition, all of these Wireless Backbone devices are always up and running 24/7. These measures are required to minimize possibility of unknown or unauthorized wireless device to become part of Wireless Backbone infrastructure
* All Room 1 and 3 users should use ISP 1 as default gateway and only use ISP 2 when ISP 1 is unavailable
* Similarly, all Room 2 users and servers use ISP 2 as default gateway and only use ISP 1 when ISP 2 is unavailable
* Only machines within 172.16.0.0/12 subnet are able to go out to the Internet. Other devices such as AP that use IP address outside 172.16.0.0/12 subnet are unable to go out to the Internet due to security
* There is only DHCP pool from the PIX Firewall for wired machines that connect to switch at Room 3. No DHCP pool for wired machines that connect to switch at Room 1 or 2.
Sample Configuration
Router 1
AP 1
Router 2
Layer-3 Switch
AP 2
PIX Firewall
AP 3
Note:
* If both AP 2 and AP 3 station roles are set as Workgroup Bridge, then the AP 1 station role is not necessarily to be Root Bridge since to be Root is enough.
Some discussion
»Cisco Aironet 1231 AP - POS!!!
feedback form
feedback form
by aryoba
last modified: 2009-11-20 08:39:48 | | | Switch: Catalyst 3550
AP: 1130
Objective:
You need to dedicate subnet for specific wireless users. Each user has its own SSID to specify which wireless network to join.
Assumptions
Authentication used: WPA
Management: 10.10.10.0/29 Native VLAN 10
SSID: management
Gateway: 10.10.10.4
Guest: 192.168.100.0/24 VLAN 202
SSID: 230Guest
Gateway: 192.168.100.4
Internal: 192.168.10.0/24 VLAN 203
SSID: internal
Gateway: 192.168.10.4
The switch port configs:
interface FastEthernet0/7
description VLAN 203 Server
switchport access vlan 203
!
interface FastEthernet0/8
description Trunk to AP
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description AP Native VLAN
ip address 10.10.10.4 255.255.255.248
!
interface Vlan202
description Guest Internet VLAN
ip address 192.168.100.4 255.255.255.0
!
interface Vlan203
description Private VLAN
ip address 192.168.10.4 255.255.255.0
The AP config:
dot11 vlan-name Management_VLAN vlan 10
dot11 vlan-name Guess_VLAN vlan 202
dot11 vlan-name Private_WIFI_VLAN vlan 203
!
dot11 ssid 230Guest
vlan 202
authentication open
authentication key-management wpa
wpa-psk ascii 7 14072D3E213B27
!
dot11 ssid internal
vlan 203
authentication open
authentication key-management wpa
wpa-psk ascii 7 090D7E060E05E526B
!
dot11 ssid management
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 7 1148290A19587D65
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 203 mode ciphers tkip
!
encryption vlan 202 mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
ssid 230Guest
!
ssid internal
!
ssid management
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
bridge-group 202 subscriber-loop-control
bridge-group 202 block-unknown-source
no bridge-group 202 source-learning
no bridge-group 202 unicast-flooding
bridge-group 202 spanning-disabled
!
interface Dot11Radio0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
bridge-group 203 subscriber-loop-control
bridge-group 203 block-unknown-source
no bridge-group 203 source-learning
no bridge-group 203 unicast-flooding
bridge-group 203 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.10
encapsulation dot1Q 10 native
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
no bridge-group 202 source-learning
bridge-group 202 spanning-disabled
!
interface FastEthernet0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
no bridge-group 203 source-learning
bridge-group 203 spanning-disabled
!
interface BVI10
ip address 10.10.10.3 255.255.255.248
no ip route-cache
!
ip default-gateway 10.10.10.4
!
bridge 10 route ip
feedback form
feedback form
by aryoba
last modified: 2007-04-24 21:36:16 | | | You will need to download from CCO an UPGRADE IOS IMAGE, not the general IOS image. The name of the image is AIR-AP1220-IOS-UPGRD.
A link to explain the IOS Upgrade Image.
I would read the page linked above as there are minimum requirements to change your OS to IOS.
Below is a link outlining the method to upgrade the CISCO AIRONET MODEL AIR-AP-1220B-x-K9 Access Point from VXWorks to IOS after downloading the IOS Upgrade Image.
Click me.
Here is the URL for the root page which leads to it:
Cisco Aironet Conversion Tool for Cisco IOS Software, 1.0 Administrator Guide for Windows
NOTE: The upgrade is PERMANENT and cannot be undone. Once the AP is running IOS, there is no way of reverting back to VXWorks as the bootloader is overwritten
After loading the upgrade image, you can then download ANY IOS (not only the aforementioned upgrade image) to the AP.
Covenant
feedback form
feedback form
by Covenant edited by aryoba
last modified: 2006-09-12 05:51:49 | | | »[HELP] ap 1200 RADIUS auth
»[Info] How to configure PEAP to authenticate against Windows Dom
Connecting with WPA to Cisco Aironet 1200 based on IAS Radius on Windows 2003 Server
feedback form
feedback form
by aryoba
last modified: 2008-04-21 09:31:26 |
|
