Difference between revisions of "Wired to Wireless bridge single SSID"

From Teknologisk videncenter
Jump to: navigation, search
m
m (added Category:WiFi using HotCat)
 
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
{{TOCright}}
 +
Cisco 897 connected to existing network with DHCP server. Wireless clients are [[Bridge-group cisco IOS|bridged]] through the Cisco 897 and using the external DHCP server..
 +
 +
=IP adresser i lokalet=
 +
 +
*Default gateway: 192.168.146.1
 +
 +
 +
*Gruppe 1: 192.168.146.[10-19]/24
 +
*Gruppe 2: 192.168.146.[20-29]/24
 +
*Gruppe 3: 192.168.146.[30-39]/24
 +
*Gruppe 4: 192.168.146.[40-49]/24
 +
*Gruppe 5: 192.168.146.[50-59]/24
 +
*Gruppe 6: 192.168.146.[60-69]/24
 +
 
=Basic interface configuration=
 
=Basic interface configuration=
 
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
 
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
Line 4: Line 19:
 
Router#<input>conf t</input>
 
Router#<input>conf t</input>
 
Enter configuration commands, one per line.  End with CNTL/Z.
 
Enter configuration commands, one per line.  End with CNTL/Z.
 +
Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input>
 
Router(config)#<input>int vlan 1</input>
 
Router(config)#<input>int vlan 1</input>
 
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
 
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Line 14: Line 30:
 
</source>
 
</source>
 
==Check interface status==
 
==Check interface status==
<source>
+
Notice the IP address on '''VLAN 1''' and '''wlan-ap0''' interfaces
 +
<source lang=cli>
 
Router#<input>show ip interface brief</input>
 
Router#<input>show ip interface brief</input>
 
Interface                  IP-Address      OK? Method Status                Protocol
 
Interface                  IP-Address      OK? Method Status                Protocol
Line 32: Line 49:
 
wlan-ap0                  <notice>192.168.64.4</notice>    YES TFTP  up                    up
 
wlan-ap0                  <notice>192.168.64.4</notice>    YES TFTP  up                    up
 
</source>
 
</source>
 +
 
=Setup the access point part 1=
 
=Setup the access point part 1=
 
The access point - AP -'''wlan-ap0''' is a built in service module running its own IOS. To connect to the AP use the '''service-module''' command from the Routers IOS.
 
The access point - AP -'''wlan-ap0''' is a built in service module running its own IOS. To connect to the AP use the '''service-module''' command from the Routers IOS.
=Connecting  
+
==Connecting and disconnecting to the AP==
 +
===Connecting===
 +
To connect use the '''service-module''' command
 +
<source lang=cli>
 +
Router#<input>service-module wlan-ap 0 session</input>
 +
Trying 192.168.64.4, 2002 ... Open
 +
 
 +
Connecting to AP console, enter Ctrl-^ followed by x,
 +
then "disconnect" to return to router prompt
 +
 
 +
ap><input>enable</input>
 +
Password:<error>Default password Cisco</error>
 +
ap#<input>show ip interface brief</input>
 +
Interface                  IP-Address      OK? Method Status                Protocol
 +
BVI1                      <notice>192.168.64.15</notice>  YES DHCP  up                    up
 +
Dot11Radio0                unassigned      YES unset  administratively down down
 +
Dot11Radio1                unassigned      YES unset  administratively down down
 +
GigabitEthernet0          unassigned      YES other  up                    up
 +
ap#
 +
</source>
 +
Notice the BVI11 interface pulls an IP address from a connected DHCP server.
 +
===Disconnecting===
 +
To disconnect from the AP back to the router use the sequence press'''<CTL>+<SHIFT>+6''' simultaneously and the press '''x''' after.
 +
<source lang=cli>
 +
ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error>
 +
Router#<input>disconnect</input>
 +
Closing connection to 192.168.64.4 [confirm]
 +
Router#
 +
</source>
  
 +
===Assigning an IP address interface to BVI 1===
 +
The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface.
 +
<source lang=cli>
 +
<notice>! NOTICE: This is the AP we are configuring</notice>
 +
ap(config)#<input>interface BVI 1</input>
 +
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>
 +
</source>
 +
 +
==Secure AP web server with HTTPS==
 +
The AP can be configure from the '''CLI''' or the web server
 +
 +
Disable the default http server and enable https. You should also change the default user and password - not shown here.
 +
<source lang=cli>
 +
<notice>! NOTICE: This is the AP we are configuring</notice>
 +
ap(config)#<input>no ip http server</input>
 +
ap(config)#<input>ip http secure-server</input>
 +
</source>
 +
 +
==Connecting to the AP from the browser==
 +
Connect to '''https://192.168.64.5''' and accept insecure certificate, and you should see the homepage. (Default username '''Cisco''' password '''Cisco''')
 +
[[image:C897WLAN3.png|thumb|400px|right|Cisco 897 AP homepage]]
 +
Notice the three interfaces
 +
*GigabitEthernet corresponds to GigabitEthernet0 in the config
 +
*Radio0-802.11N corresponds to Dot11Radio0 in the config (2,4 GHz radio)
 +
*Radio1-802.11N corresponds to Dot11Radio1 in the config (5 GHz radio)
 +
 +
In the following example the AP will be configured from the CLI - just for the fun of it - but it could as well has been configured from the web server.
 +
=Configuring SSID=
 +
In this example WPA security is used and the SSID is broadcasted in the beacons.
 +
==Security==
 +
The '''authentication open''' means that WPA authentication is used, and any wireless device that knows the encryption key could associate with the AP. The '''guest-mode''' means the SSID is broadcasted in the beacon frames.
 +
<source lang=cli>
 +
<notice>! NOTICE: This is the AP we are configuring</notice>
 +
ap(config)#<input>dot11 ssid MYSSID1</input>
 +
ap(config-ssid)#<input>authentication open</input>
 +
ap(config-ssid)#<input>guest-mode</input>
 +
</source>
 +
 +
==Enabling 2,4 GHz radio==
 +
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
 +
<source lang=cli>
 +
ap(config)#<input>interface Dot11Radio0</input>
 +
ap(config-if)#<input>no shutdown</input>
 +
ap(config-if)#<input>ssid MYSSID1</input>
 +
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
 +
ap(config-if)#<input>encryption mode wep mandatory</input>
 +
</source>
 +
==Enabling 5 GHz radio==
 +
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
 +
<source lang=cli>
 +
ap(config)#<input>interface Dot11Radio1</input>
 +
ap(config-if)#<input>no shutdown</input>
 +
ap(config-if)#<input>ssid MYSSID1</input>
 +
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
 +
ap(config-if)#<input>encryption mode wep mandatory</input>
 +
</source>
  
 
{{Source cli}}
 
{{Source cli}}
 +
 +
=Links=
 +
*[http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature] BVI interface
 +
 +
[[Category:Cisco]]
 +
[[Category:Wireless]]
 +
[[Category:WiFi]]

Latest revision as of 13:57, 2 September 2014

Cisco 897 connected to existing network with DHCP server. Wireless clients are bridged through the Cisco 897 and using the external DHCP server..

IP adresser i lokalet

  • Default gateway: 192.168.146.1


  • Gruppe 1: 192.168.146.[10-19]/24
  • Gruppe 2: 192.168.146.[20-29]/24
  • Gruppe 3: 192.168.146.[30-39]/24
  • Gruppe 4: 192.168.146.[40-49]/24
  • Gruppe 5: 192.168.146.[50-59]/24
  • Gruppe 6: 192.168.146.[60-69]/24

Basic interface configuration

Configure VLAN 1 with an IP address and associate wlan-ap0 with it. 

Router#<input>conf t</input>
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input>
Router(config)#<input>int vlan 1</input>
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Router(config-if)#<input>interface wlan-ap0</input>
The wlan-ap 0 interface is used for managing the embedded AP.
Please use the "service-module wlan-ap 0 session" command to console into the embedded AP

Router(config-if)#<input>ip unnumbered vlan 1</input>
Router(config-if)#<input>no shutdown</input>

Check interface status

Notice the IP address on VLAN 1 and wlan-ap0 interfaces 

Router#<input>show ip interface brief</input>
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES unset  administratively down down
Ethernet0                  unassigned      YES unset  administratively down down
GigabitEthernet0           unassigned      YES unset  up                    up
GigabitEthernet1           unassigned      YES unset  down                  down
GigabitEthernet2           unassigned      YES unset  down                  down
GigabitEthernet3           unassigned      YES unset  down                  down
GigabitEthernet4           unassigned      YES unset  down                  down
GigabitEthernet5           unassigned      YES unset  down                  down
GigabitEthernet6           unassigned      YES unset  down                  down
GigabitEthernet7           unassigned      YES unset  down                  down
GigabitEthernet8           unassigned      YES unset  administratively down down
Vlan1                      <notice>192.168.64.4</notice>    YES manual up                    up
Wlan-GigabitEthernet8      unassigned      YES unset  up                    up
wlan-ap0                   <notice>192.168.64.4</notice>    YES TFTP   up                    up

Setup the access point part 1

The access point - AP -wlan-ap0 is a built in service module running its own IOS. To connect to the AP use the service-module command from the Routers IOS.

Connecting and disconnecting to the AP

Connecting

To connect use the service-module command 

Router#<input>service-module wlan-ap 0 session</input>
Trying 192.168.64.4, 2002 ... Open

Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt

ap><input>enable</input>
Password:<error>Default password Cisco</error>
ap#<input>show ip interface brief</input>
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       <notice>192.168.64.15</notice>   YES DHCP   up                    up
Dot11Radio0                unassigned      YES unset  administratively down down
Dot11Radio1                unassigned      YES unset  administratively down down
GigabitEthernet0           unassigned      YES other  up                    up
ap#

Notice the BVI11 interface pulls an IP address from a connected DHCP server.

Disconnecting

To disconnect from the AP back to the router use the sequence press<CTL>+<SHIFT>+6 simultaneously and the press x after. 

ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error>
Router#<input>disconnect</input>
Closing connection to 192.168.64.4 [confirm]
Router#

Assigning an IP address interface to BVI 1

The BVI 1 interface is Brigded Virtual Interface used to bridge packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface. 

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>interface BVI 1</input>
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>

Secure AP web server with HTTPS

The AP can be configure from the CLI or the web server

Disable the default http server and enable https. You should also change the default user and password - not shown here. 

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>no ip http server</input>
ap(config)#<input>ip http secure-server</input>

Connecting to the AP from the browser

Connect to https://192.168.64.5 and accept insecure certificate, and you should see the homepage. (Default username Cisco password Cisco)

Cisco 897 AP homepage

Notice the three interfaces

  • GigabitEthernet corresponds to GigabitEthernet0 in the config
  • Radio0-802.11N corresponds to Dot11Radio0 in the config (2,4 GHz radio)
  • Radio1-802.11N corresponds to Dot11Radio1 in the config (5 GHz radio)

In the following example the AP will be configured from the CLI - just for the fun of it - but it could as well has been configured from the web server.

Configuring SSID

In this example WPA security is used and the SSID is broadcasted in the beacons.

Security

The authentication open means that WPA authentication is used, and any wireless device that knows the encryption key could associate with the AP. The guest-mode means the SSID is broadcasted in the beacon frames. 

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>dot11 ssid MYSSID1</input>
ap(config-ssid)#<input>authentication open</input>
ap(config-ssid)#<input>guest-mode</input>

Enabling 2,4 GHz radio

The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory. 

ap(config)#<input>interface Dot11Radio0</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>

Enabling 5 GHz radio

The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory. 

ap(config)#<input>interface Dot11Radio1</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>


Links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Wired_to_Wireless_bridge_single_SSID&oldid=27918"