Difference between revisions of "Wired to Wireless bridge single SSID"
m (→Security) |
m (added Category:WiFi using HotCat) |
||
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | {{TOCright}} | ||
+ | Cisco 897 connected to existing network with DHCP server. Wireless clients are [[Bridge-group cisco IOS|bridged]] through the Cisco 897 and using the external DHCP server.. | ||
+ | |||
+ | =IP adresser i lokalet= | ||
+ | |||
+ | *Default gateway: 192.168.146.1 | ||
+ | |||
+ | |||
+ | *Gruppe 1: 192.168.146.[10-19]/24 | ||
+ | *Gruppe 2: 192.168.146.[20-29]/24 | ||
+ | *Gruppe 3: 192.168.146.[30-39]/24 | ||
+ | *Gruppe 4: 192.168.146.[40-49]/24 | ||
+ | *Gruppe 5: 192.168.146.[50-59]/24 | ||
+ | *Gruppe 6: 192.168.146.[60-69]/24 | ||
+ | |||
=Basic interface configuration= | =Basic interface configuration= | ||
Configure VLAN 1 with an IP address and associate wlan-ap0 with it. | Configure VLAN 1 with an IP address and associate wlan-ap0 with it. | ||
Line 4: | Line 19: | ||
Router#<input>conf t</input> | Router#<input>conf t</input> | ||
Enter configuration commands, one per line. End with CNTL/Z. | Enter configuration commands, one per line. End with CNTL/Z. | ||
+ | Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input> | ||
Router(config)#<input>int vlan 1</input> | Router(config)#<input>int vlan 1</input> | ||
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input> | Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input> | ||
Line 60: | Line 76: | ||
To disconnect from the AP back to the router use the sequence press'''<CTL>+<SHIFT>+6''' simultaneously and the press '''x''' after. | To disconnect from the AP back to the router use the sequence press'''<CTL>+<SHIFT>+6''' simultaneously and the press '''x''' after. | ||
<source lang=cli> | <source lang=cli> | ||
− | ap#<error>< | + | ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error> |
Router#<input>disconnect</input> | Router#<input>disconnect</input> | ||
Closing connection to 192.168.64.4 [confirm] | Closing connection to 192.168.64.4 [confirm] | ||
Router# | Router# | ||
</source> | </source> | ||
+ | |||
===Assigning an IP address interface to BVI 1=== | ===Assigning an IP address interface to BVI 1=== | ||
− | The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a | + | The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface. |
<source lang=cli> | <source lang=cli> | ||
− | <notice>! NOTICE: This is the AP we are configuring | + | <notice>! NOTICE: This is the AP we are configuring</notice> |
ap(config)#<input>interface BVI 1</input> | ap(config)#<input>interface BVI 1</input> | ||
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input> | ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input> | ||
</source> | </source> | ||
+ | |||
==Secure AP web server with HTTPS== | ==Secure AP web server with HTTPS== | ||
The AP can be configure from the '''CLI''' or the web server | The AP can be configure from the '''CLI''' or the web server | ||
+ | |||
+ | Disable the default http server and enable https. You should also change the default user and password - not shown here. | ||
<source lang=cli> | <source lang=cli> | ||
− | + | <notice>! NOTICE: This is the AP we are configuring</notice> | |
− | <notice>! NOTICE: This is the AP we are configuring | ||
ap(config)#<input>no ip http server</input> | ap(config)#<input>no ip http server</input> | ||
ap(config)#<input>ip http secure-server</input> | ap(config)#<input>ip http secure-server</input> | ||
</source> | </source> | ||
+ | |||
==Connecting to the AP from the browser== | ==Connecting to the AP from the browser== | ||
Connect to '''https://192.168.64.5''' and accept insecure certificate, and you should see the homepage. (Default username '''Cisco''' password '''Cisco''') | Connect to '''https://192.168.64.5''' and accept insecure certificate, and you should see the homepage. (Default username '''Cisco''' password '''Cisco''') | ||
Line 123: | Line 143: | ||
=Links= | =Links= | ||
*[http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature] BVI interface | *[http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature] BVI interface | ||
+ | |||
+ | [[Category:Cisco]] | ||
+ | [[Category:Wireless]] | ||
+ | [[Category:WiFi]] |
Latest revision as of 12:57, 2 September 2014
Cisco 897 connected to existing network with DHCP server. Wireless clients are bridged through the Cisco 897 and using the external DHCP server..
IP adresser i lokalet
- Default gateway: 192.168.146.1
- Gruppe 1: 192.168.146.[10-19]/24
- Gruppe 2: 192.168.146.[20-29]/24
- Gruppe 3: 192.168.146.[30-39]/24
- Gruppe 4: 192.168.146.[40-49]/24
- Gruppe 5: 192.168.146.[50-59]/24
- Gruppe 6: 192.168.146.[60-69]/24
Basic interface configuration
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
Router#<input>conf t</input>
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input>
Router(config)#<input>int vlan 1</input>
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Router(config-if)#<input>interface wlan-ap0</input>
The wlan-ap 0 interface is used for managing the embedded AP.
Please use the "service-module wlan-ap 0 session" command to console into the embedded AP
Router(config-if)#<input>ip unnumbered vlan 1</input>
Router(config-if)#<input>no shutdown</input>
Check interface status
Notice the IP address on VLAN 1 and wlan-ap0 interfaces
Router#<input>show ip interface brief</input>
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES unset administratively down down
Ethernet0 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset down down
GigabitEthernet8 unassigned YES unset administratively down down
Vlan1 <notice>192.168.64.4</notice> YES manual up up
Wlan-GigabitEthernet8 unassigned YES unset up up
wlan-ap0 <notice>192.168.64.4</notice> YES TFTP up up
Setup the access point part 1
The access point - AP -wlan-ap0 is a built in service module running its own IOS. To connect to the AP use the service-module command from the Routers IOS.
Connecting and disconnecting to the AP
Connecting
To connect use the service-module command
Router#<input>service-module wlan-ap 0 session</input>
Trying 192.168.64.4, 2002 ... Open
Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
ap><input>enable</input>
Password:<error>Default password Cisco</error>
ap#<input>show ip interface brief</input>
Interface IP-Address OK? Method Status Protocol
BVI1 <notice>192.168.64.15</notice> YES DHCP up up
Dot11Radio0 unassigned YES unset administratively down down
Dot11Radio1 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES other up up
ap#
Notice the BVI11 interface pulls an IP address from a connected DHCP server.
Disconnecting
To disconnect from the AP back to the router use the sequence press<CTL>+<SHIFT>+6 simultaneously and the press x after.
ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error>
Router#<input>disconnect</input>
Closing connection to 192.168.64.4 [confirm]
Router#
Assigning an IP address interface to BVI 1
The BVI 1 interface is Brigded Virtual Interface used to bridge packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>interface BVI 1</input>
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>
Secure AP web server with HTTPS
The AP can be configure from the CLI or the web server
Disable the default http server and enable https. You should also change the default user and password - not shown here.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>no ip http server</input>
ap(config)#<input>ip http secure-server</input>
Connecting to the AP from the browser
Connect to https://192.168.64.5 and accept insecure certificate, and you should see the homepage. (Default username Cisco password Cisco)
Notice the three interfaces
- GigabitEthernet corresponds to GigabitEthernet0 in the config
- Radio0-802.11N corresponds to Dot11Radio0 in the config (2,4 GHz radio)
- Radio1-802.11N corresponds to Dot11Radio1 in the config (5 GHz radio)
In the following example the AP will be configured from the CLI - just for the fun of it - but it could as well has been configured from the web server.
Configuring SSID
In this example WPA security is used and the SSID is broadcasted in the beacons.
Security
The authentication open means that WPA authentication is used, and any wireless device that knows the encryption key could associate with the AP. The guest-mode means the SSID is broadcasted in the beacon frames.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>dot11 ssid MYSSID1</input>
ap(config-ssid)#<input>authentication open</input>
ap(config-ssid)#<input>guest-mode</input>
Enabling 2,4 GHz radio
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
ap(config)#<input>interface Dot11Radio0</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>
Enabling 5 GHz radio
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
ap(config)#<input>interface Dot11Radio1</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>