Difference between revisions of "Wired to Wireless bridge single SSID"
m (→Security) |
m |
||
Line 68: | Line 68: | ||
The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a xixed IP address on this interface. | The '''BVI 1 ''' interface is Brigded Virtual Interface used to ''bridge'' packets between interfaces in the same subnet on a router. We would want a xixed IP address on this interface. | ||
<source lang=cli> | <source lang=cli> | ||
− | <notice>! NOTICE: This is the AP we are configuring | + | <notice>! NOTICE: This is the AP we are configuring</notice> |
ap(config)#<input>interface BVI 1</input> | ap(config)#<input>interface BVI 1</input> | ||
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input> | ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input> | ||
Line 76: | Line 76: | ||
<source lang=cli> | <source lang=cli> | ||
Disable the default http server and enable https. You should also change the default user and password - not shown here. | Disable the default http server and enable https. You should also change the default user and password - not shown here. | ||
− | <notice>! NOTICE: This is the AP we are configuring | + | <notice>! NOTICE: This is the AP we are configuring</notice> |
ap(config)#<input>no ip http server</input> | ap(config)#<input>no ip http server</input> | ||
ap(config)#<input>ip http secure-server</input> | ap(config)#<input>ip http secure-server</input> |
Revision as of 11:12, 15 June 2014
Basic interface configuration
Configure VLAN 1 with an IP address and associate wlan-ap0 with it.
Router#<input>conf t</input>
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#<input>int vlan 1</input>
Router(config-if)#<input>ip address 192.168.64.4 255.255.255.0</input>
Router(config-if)#<input>interface wlan-ap0</input>
The wlan-ap 0 interface is used for managing the embedded AP.
Please use the "service-module wlan-ap 0 session" command to console into the embedded AP
Router(config-if)#<input>ip unnumbered vlan 1</input>
Router(config-if)#<input>no shutdown</input>
Check interface status
Notice the IP address on VLAN 1 and wlan-ap0 interfaces
Router#<input>show ip interface brief</input>
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES unset administratively down down
Ethernet0 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset down down
GigabitEthernet8 unassigned YES unset administratively down down
Vlan1 <notice>192.168.64.4</notice> YES manual up up
Wlan-GigabitEthernet8 unassigned YES unset up up
wlan-ap0 <notice>192.168.64.4</notice> YES TFTP up up
Setup the access point part 1
The access point - AP -wlan-ap0 is a built in service module running its own IOS. To connect to the AP use the service-module command from the Routers IOS.
Connecting and disconnecting to the AP
Connecting
To connect use the service-module command
Router#<input>service-module wlan-ap 0 session</input>
Trying 192.168.64.4, 2002 ... Open
Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
ap><input>enable</input>
Password:<error>Default password Cisco</error>
ap#<input>show ip interface brief</input>
Interface IP-Address OK? Method Status Protocol
BVI1 <notice>192.168.64.15</notice> YES DHCP up up
Dot11Radio0 unassigned YES unset administratively down down
Dot11Radio1 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES other up up
ap#
Notice the BVI11 interface pulls an IP address from a connected DHCP server.
Disconnecting
To disconnect from the AP back to the router use the sequence press<CTL>+<SHIFT>+6 simultaneously and the press x after.
ap#<error><CTL>+<SHIFT>+6 pressed followed by x</error>
Router#<input>disconnect</input>
Closing connection to 192.168.64.4 [confirm]
Router#
Assigning an IP address interface to BVI 1
The BVI 1 interface is Brigded Virtual Interface used to bridge packets between interfaces in the same subnet on a router. We would want a xixed IP address on this interface.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>interface BVI 1</input>
ap(config-if)#<input>ip address 192.168.64.5 255.255.255.0</input>
Secure AP web server with HTTPS
The AP can be configure from the CLI or the web server
Disable the default http server and enable https. You should also change the default user and password - not shown here.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>no ip http server</input>
ap(config)#<input>ip http secure-server</input>
Connecting to the AP from the browser
Connect to https://192.168.64.5 and accept insecure certificate, and you should see the homepage. (Default username Cisco password Cisco)
Notice the three interfaces
- GigabitEthernet corresponds to GigabitEthernet0 in the config
- Radio0-802.11N corresponds to Dot11Radio0 in the config (2,4 GHz radio)
- Radio1-802.11N corresponds to Dot11Radio1 in the config (5 GHz radio)
In the following example the AP will be configured from the CLI - just for the fun of it - but it could as well has been configured from the web server.
Configuring SSID
In this example WPA security is used and the SSID is broadcasted in the beacons.
Security
The authentication open means that WPA authentication is used, and any wireless device that knows the encryption key could associate with the AP. The guest-mode means the SSID is broadcasted in the beacon frames.
<notice>! NOTICE: This is the AP we are configuring</notice>
ap(config)#<input>dot11 ssid MYSSID1</input>
ap(config-ssid)#<input>authentication open</input>
ap(config-ssid)#<input>guest-mode</input>
Enabling 2,4 GHz radio
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
ap(config)#<input>interface Dot11Radio0</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>
Enabling 5 GHz radio
The SSID is associated withe the interface and the WPA key is assigned on the interface as mandatory.
ap(config)#<input>interface Dot11Radio1</input>
ap(config-if)#<input>no shutdown</input>
ap(config-if)#<input>ssid MYSSID1</input>
ap(config-if)#<input>encryption key 1 size 128bit 0 12345678901234567890123456 transmit-key</input>
ap(config-if)#<input>encryption mode wep mandatory</input>