Difference between revisions of "Wired to Wireless bridge single SSID"

From Teknologisk videncenter
Jump to: navigation, search
m (Security)
m (added Category:WiFi using HotCat)
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
{{TOCright}}
 +
Cisco 897 connected to existing network with DHCP server. Wireless clients are [[Bridge-group cisco IOS|bridged]] through the Cisco 897 and using the external DHCP server..
 +
 +
=IP adresser i lokalet=
 +
 +
*Default gateway: 192.168.146.1
 +
 +
 +
*Gruppe 1: 192.168.146.[10-19]/24
 +
*Gruppe 2: 192.168.146.[20-29]/24
 +
*Gruppe 3: 192.168.146.[30-39]/24
 +
*Gruppe 4: 192.168.146.[40-49]/24
 +
*Gruppe 5: 192.168.146.[50-59]/24
 +
*Gruppe 6: 192.168.146.[60-69]/24
 +
 
=Basic interface configuration=
 
=Basic interface configuration=
 
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
 
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
Line 4: Line 19:
 
Router#<input>conf t</input>
 
Router#<input>conf t</input>
 
Enter configuration commands, one per line.  End with CNTL/Z.
 
Enter configuration commands, one per line.  End with CNTL/Z.
 +
Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input>
 
Router(config)#<input>int vlan 1</input>
 
Router(config)#<input>int vlan 1</input>
 
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
 
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Line 60: Line 76:
 
To disconnect from the AP back to the router use the sequence press'''<CTL>+<SHIFT>+6''' simultaneously and the press '''x''' after.
 
To disconnect from the AP back to the router use the sequence press'''<CTL>+<SHIFT>+6''' simultaneously and the press '''x''' after.
 
<source lang=cli>
 
<source lang=cli>
ap#<error><CTL>+<SHIFT>+6 pressed followed by x</error>
+
ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error>
 
Router#<input>disconnect</input>
 
Router#<input>disconnect</input>
 
Closing connection to 192.168.64.4 [confirm]
 
Closing connection to 192.168.64.4 [confirm]
 
Router#
 
Router#
 
</source>
 
</source>
 +
 
===Assigning an IP address interface to BVI 1===
 
===Assigning an IP address interface to BVI 1===
The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a xixed IP address on this interface.
+
The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface.
 
<source lang=cli>
 
<source lang=cli>
<notice>! NOTICE: This is the AP we are configuring
+
<notice>! NOTICE: This is the AP we are configuring</notice>
 
ap(config)#<input>interface BVI 1</input>
 
ap(config)#<input>interface BVI 1</input>
 
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>
 
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>
 
</source>
 
</source>
 +
 
==Secure AP web server with HTTPS==
 
==Secure AP web server with HTTPS==
 
The AP can be configure from the '''CLI''' or the web server
 
The AP can be configure from the '''CLI''' or the web server
 +
 +
Disable the default http server and enable https. You should also change the default user and password - not shown here.
 
<source lang=cli>
 
<source lang=cli>
Disable the default http server and enable https. You should also change the default user and password - not shown here.
+
<notice>! NOTICE: This is the AP we are configuring</notice>
<notice>! NOTICE: This is the AP we are configuring
 
 
ap(config)#<input>no ip http server</input>
 
ap(config)#<input>no ip http server</input>
 
ap(config)#<input>ip http secure-server</input>
 
ap(config)#<input>ip http secure-server</input>
 
</source>
 
</source>
 +
 
==Connecting to the AP from the browser==
 
==Connecting to the AP from the browser==
 
Connect to '''https://192.168.64.5''' and accept insecure certificate, and you should see the homepage. (Default username '''Cisco''' password '''Cisco''')
 
Connect to '''https://192.168.64.5''' and accept insecure certificate, and you should see the homepage. (Default username '''Cisco''' password '''Cisco''')
Line 123: Line 143:
 
=Links=
 
=Links=
 
*[http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature] BVI interface
 
*[http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html Understanding and Configuring VLAN Routing and Bridging on a Router Using the IRB Feature] BVI interface
 +
 +
[[Category:Cisco]]
 +
[[Category:Wireless]]
 +
[[Category:WiFi]]

Latest revision as of 12:57, 2 September 2014

Cisco 897 connected to existing network with DHCP server. Wireless clients are bridged through the Cisco 897 and using the external DHCP server..

IP adresser i lokalet

  • Default gateway: 192.168.146.1


  • Gruppe 1: 192.168.146.[10-19]/24
  • Gruppe 2: 192.168.146.[20-29]/24
  • Gruppe 3: 192.168.146.[30-39]/24
  • Gruppe 4: 192.168.146.[40-49]/24
  • Gruppe 5: 192.168.146.[50-59]/24
  • Gruppe 6: 192.168.146.[60-69]/24

Basic interface configuration

Configure VLAN 1 with an IP address and associate wlan-ap0 with it.

Router#<input>conf t</input>
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#<input>ip route 0.0.0.0 0.0.0.0 192.168.1.1</input>
Router(config)#<input>int vlan 1</input>
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Router(config-if)#<input>interface wlan-ap0</input>
The wlan-ap 0 interface is used for managing the embedded AP.
Please use the "service-module wlan-ap 0 session" command to console into the embedded AP

Router(config-if)#<input>ip unnumbered vlan 1</input>
Router(config-if)#<input>no shutdown</input>

Check interface status

Notice the IP address on VLAN 1 and wlan-ap0 interfaces

Router#<input>show ip interface brief</input>
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES unset  administratively down down
Ethernet0                  unassigned      YES unset  administratively down down
GigabitEthernet0           unassigned      YES unset  up                    up
GigabitEthernet1           unassigned      YES unset  down                  down
GigabitEthernet2           unassigned      YES unset  down                  down
GigabitEthernet3           unassigned      YES unset  down                  down
GigabitEthernet4           unassigned      YES unset  down                  down
GigabitEthernet5           unassigned      YES unset  down                  down
GigabitEthernet6           unassigned      YES unset  down                  down
GigabitEthernet7           unassigned      YES unset  down                  down
GigabitEthernet8           unassigned      YES unset  administratively down down
Vlan1                      <notice>192.168.64.4</notice>    YES manual up                    up
Wlan-GigabitEthernet8      unassigned      YES unset  up                    up
wlan-ap0                   <notice>192.168.64.4</notice>    YES TFTP   up                    up

Setup the access point part 1

The access point - AP -wlan-ap0 is a built in service module running its own IOS. To connect to the AP use the service-module command from the Routers IOS.

Connecting and disconnecting to the AP

Connecting

To connect use the service-module command

Router#<input>service-module wlan-ap 0 session</input>
Trying 192.168.64.4, 2002 ... Open

Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt

ap><input>enable</input>
Password:<error>Default password Cisco</error>
ap#<input>show ip interface brief</input>
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       <notice>192.168.64.15</notice>   YES DHCP   up                    up
Dot11Radio0                unassigned      YES unset  administratively down down
Dot11Radio1                unassigned      YES unset  administratively down down
GigabitEthernet0           unassigned      YES other  up                    up
ap#

Notice the BVI11 interface pulls an IP address from a connected DHCP server.

Disconnecting

To disconnect from the AP back to the router use the sequence press<CTL>+<SHIFT>+6 simultaneously and the press x after.

ap#<error><CTRL>+<SHIFT>+6 pressed followed by x</error>
Router#<input>disconnect</input>
Closing connection to 192.168.64.4 [confirm]
Router#

Assigning an IP address interface to BVI 1

The BVI 1 interface is Brigded Virtual Interface used to bridge packets between interfaces in the same subnet on a router. We would want a fixed IP address on this interface.

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>interface BVI 1</input>
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>

Secure AP web server with HTTPS

The AP can be configure from the CLI or the web server

Disable the default http server and enable https. You should also change the default user and password - not shown here.

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>no ip http server</input>
ap(config)#<input>ip http secure-server</input>

Connecting to the AP from the browser

Connect to https://192.168.64.5 and accept insecure certificate, and you should see the homepage. (Default username Cisco password Cisco)

Cisco 897 AP homepage

Notice the three interfaces

  • GigabitEthernet corresponds to GigabitEthernet0 in the config
  • Radio0-802.11N corresponds to Dot11Radio0 in the config (2,4 GHz radio)
  • Radio1-802.11N corresponds to Dot11Radio1 in the config (5 GHz radio)

In the following example the AP will be configured from the CLI - just for the fun of it - but it could as well has been configured from the web server.

Configuring SSID

In this example WPA security is used and the SSID is broadcasted in the beacons.

Security

The authentication open means that WPA authentication is used, and any wireless device that knows the encryption key could associate with the AP. The guest-mode means the SSID is broadcasted in the beacon frames.

<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>dot11 ssid MYSSID1</input>
ap(config-ssid)#<input>authentication open</input>
ap(config-ssid)#<input>guest-mode</input>

Enabling 2,4 GHz radio

The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.

ap(config)#<input>interface Dot11Radio0</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>

Enabling 5 GHz radio

The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.

ap(config)#<input>interface Dot11Radio1</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>


Links