Cisco 1200 Accesspoint config
Well, my cisco 1232 just arrived and was promptly set up - thought I'd share some config with everyone to save someone the bother of writing their own. This replaced my existing Apple aiport extreme. Every home needs a cisco access point.
Well, my 1232 plugs into a port on my Cisco 877, so the first step is to get the switchport set up in trunk mode. This sends tags all of your vlans over the port so that your accesspoint can deal with them and you can set up multiple BSSID.
we needs its ip... now, we could look in the dhcp table, but... cdp is so much more fun.. So, from the router (877 in my case)
cisco877#sh cdp neighbors Device ID Local Intrfce Holdtme Capability Platform Port ID ap Fas 3 126 T AIR-AP123 Fas 0
davetopia#sh cdp entry ap ------------------------- Device ID: ap Entry address(es): IP address: 192.168.1.2
next step is to telnet into 192.168.1.2. By default, the AP will have the username and password of Cisco (yes, capital "C"). This probably needs to change, but we can do that in the config. The AP will also ask for a dhcp when it first boots up.. this means you can generally get away without using a console cable.
and now for the config. Replace network1 with your first wireless network ssid, it will use VLAN1 (native). replace network2 with your second ssid, it will use vLAN2. Replace newpassword with your desired password (username is still "Cisco" in this example), and finally network1-psk and network2-psk with your new wpa PSKs.
version 12.3no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname davetopia-AP!enable secret 0 newpassword!ip subnet-zeroip name-server 172.16.1.11!!no aaa new-model!dot11 ssid network2vlan 2authentication openauthentication key-management wpambssid guest-modewpa-psk ascii 0 network2-psk!dot11 ssid network1vlan 1authentication openauthentication key-management wpambssid guest-modewpa-psk ascii 0 network1-psk!!!username Cisco password 0 newpassword!bridge irb!!interface Dot11Radio0no ip addressno ip route-cache!encryption mode ciphers aes-ccm tkip!encryption vlan 1 mode ciphers tkip!encryption vlan 2 mode ciphers aes-ccm tkip!ssid network1!ssid network2!mbssidspeed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0station-role root!interface Dot11Radio0.1encapsulation dot1Q 1 nativeno ip route-cachebridge-group 1bridge-group 1 subscriber-loop-controlbridge-group 1 block-unknown-sourceno bridge-group 1 source-learningno bridge-group 1 unicast-floodingbridge-group 1 spanning-disabled!interface Dot11Radio0.2encapsulation dot1Q 2no ip route-cachebridge-group 2bridge-group 2 subscriber-loop-controlbridge-group 2 block-unknown-sourceno bridge-group 2 source-learningno bridge-group 2 unicast-floodingbridge-group 2 spanning-disabled!interface Dot11Radio1no ip addressno ip route-cache!encryption vlan 1 mode ciphers tkip!encryption vlan 2 mode ciphers aes-ccm tkip!encryption mode ciphers aes-ccm tkip!ssid network1!ssid network2!no dfs band blockmbssidspeed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0channel dfsstation-role root!interface Dot11Radio1.1encapsulation dot1Q 1 nativeno ip route-cachebridge-group 1bridge-group 1 subscriber-loop-controlbridge-group 1 block-unknown-sourceno bridge-group 1 source-learningno bridge-group 1 unicast-floodingbridge-group 1 spanning-disabled!interface Dot11Radio1.2encapsulation dot1Q 2no ip route-cachebridge-group 2bridge-group 2 subscriber-loop-controlbridge-group 2 block-unknown-sourceno bridge-group 2 source-learningno bridge-group 2 unicast-floodingbridge-group 2 spanning-disabled!interface FastEthernet0no ip addressno ip route-cacheduplex autospeed autobridge-group 1no bridge-group 1 source-learningbridge-group 1 spanning-disabledhold-queue 160 in!interface FastEthernet0.2encapsulation dot1Q 2no ip route-cachebridge-group 2no bridge-group 2 source-learningbridge-group 2 spanning-disabled!interface BVI1ip address dhcp client-id FastEthernet0no ip route-cache!interface BVI2no ip addressno ip route-cache!ip http serverno ip http secure-serverip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag!!control-plane!bridge 1 route ip!!!line con 0line vty 0 4login local!end
Leave a comment