Dave Heavy Industries Dave Heavy Industries – blog

25Feb/110

Cisco 1200 Accesspoint config

Well, my cisco 1232 just arrived and was promptly set up - thought I'd share some config with everyone to save someone the bother of writing their own. This replaced my existing Apple aiport extreme. Every home needs a cisco access point.

Well, my 1232 plugs into a port on my Cisco 877, so the first step is to get the switchport set up in trunk mode. This sends tags all of your vlans over the port so that your accesspoint can deal with them and you can set up multiple BSSID.

we needs its ip... now, we could look in the dhcp table, but... cdp is so much more fun.. So, from the router (877 in my case)

cisco877#sh cdp neighbors
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
ap                 Fas 3              126           T       AIR-AP123 Fas 0
davetopia#sh cdp entry ap
-------------------------
Device ID: ap
Entry address(es):  IP address: 192.168.1.2

next step is to telnet into 192.168.1.2. By default, the AP will have the username and password of Cisco (yes, capital "C"). This probably needs to change, but we can do that in the config. The AP will also ask for a dhcp when it first boots up.. this means you can generally get away without using a console cable.

and now for the config. Replace network1 with your first wireless network ssid, it will use VLAN1 (native). replace network2 with your second ssid, it will use vLAN2. Replace newpassword with your desired password (username is still "Cisco" in this example), and finally network1-psk and network2-psk with your new wpa PSKs.

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname davetopia-AP
!
enable secret 0 newpassword
!
ip subnet-zero
ip name-server 172.16.1.11
!
!
no aaa new-model
!
dot11 ssid network2
vlan 2
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 network2-psk
!
dot11 ssid network1
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 network1-psk
!
!
!
username Cisco password 0 newpassword
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
ssid network1
!
ssid network2
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption mode ciphers aes-ccm tkip
!
ssid network1
!
ssid network2
!
no dfs band block
mbssid
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
interface BVI2
no ip address
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end

 

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.