ISR Wireless Configuration Example

Similar documents
Configuring a Wireless LAN Connection

Configuring a Basic Wireless LAN Connection

Configuring VLANs CHAPTER

Contents. Introduction

Configuring the WMIC for the First Time

IR829 AP803 Access Point Module

Securing a Wireless LAN

Configuring the Access Point/Bridge for the First Time

Configuring VLANs CHAPTER

Workgroup Bridges. Cisco WGBs. Information About Cisco Workgroup Bridges. Cisco WGBs, page 1 Third-Party WGBs and Client VMs, page 9

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Wireless LAN Controller Module Configuration Examples

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)

EAP FAST with the Internal RADIUS Server on the Autonomous Access Point Configuration Example

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3

Configuring VLANs. Understanding VLANs

Cisco Wireless Devices Association Matrix

Configuring Cipher Suites and WEP

Configuring Wireless Devices

Securing Wireless LAN Controllers (WLCs)

Managing APs. Converting Autonomous APs to Lightweight Mode. Information About Converting Autonomous Access Points to Lightweight Mode

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Converting Autonomous Access Points to Lightweight Mode, page 2

Configuring Repeater and Standby Access Points

Cisco Unified Communications Manager Express 7921 Push-to-talk

Configure Flexconnect ACL's on WLC

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Configuring WEP and WEP Features

Using Cisco Workgroup Bridges

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Configure Pre-image Downloading a Secondary Image onto an AP with 32MB Flash System

Activity Configuring and Securing a Wireless LAN in Packet Tracer

Wireless Filtering and Firewalling

Configuring a VAP on the WAP351, WAP131, and WAP371

Configuring Multiple SSIDs

Mesh Deployment Modes

Converting Autonomous Access Points to Lightweight Mode

Converting Autonomous Access Points to Lightweight Mode

8 VLANs. 8.1 Introduction. 8.2 vlans. Unit 8: VLANs 1

Configuring Management Frame Protection

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5

Cisco Aironet 1200 Console Set Ip Address >>>CLICK HERE<<<

The following steps should be used when configuring a VLAN on the EdgeXOS platform:

Internetwork Expert s CCNP Bootcamp. Wireless LANs. WLANs replace Physical (layer 1) and Data Link (layer 2) transports with wireless

Approved APs: AP 1121, 1131, 1231, 1232, 1242, BR 1310

CCNP SWITCH (22 Hours)

Cisco Wireless LAN Controller Module Feature Guide

Cisco Systems, Inc , 1200, 1300 Series AP (Autonomous mode) Product sw version 12.3(11)JA4 I75 Handset sw version 1.4.

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

HP0-Y49. Applying HP FlexNetwork Fundamentals.

LEAP Authentication on a Local RADIUS Server

Configuring Layer2 Security

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

Switches running the LAN Base feature set support only static routing on SVIs.

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Console Server. Con. Cisco Aironet Port Figure 1: Aironet configuration

Configuring VLANs. Finding Feature Information. Prerequisites for VLANs

Trusted AP Policies on a Wireless LAN Controller

Configuring Spanning Tree Protocol

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

Cisco Exam Questions & Answers

Cisco Certification Exam

Configuring WLAN Security

FlexConnect. Information About FlexConnect

Configure MAC authentication SSID on Cisco Catalyst 9800 Wireless Controllers

Configuring VLANs. Finding Feature Information. Prerequisites for VLANs

CISCO EXAM QUESTIONS & ANSWERS

TACACS+ on an Aironet Access Point for Login Authentication Configuration Example

Configuring the Catalyst 3750G Integrated Wireless LAN Controller Switch

Configuring the Switch for Access Point Discovery

Configuring Authentication Types

Configure to Secure a Flexconnect AP Switchport with Dot1x

Configuring Hybrid REAP

VIEW Certified Configuration Guide. Cisco

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Wireless LAN Controller (WLC) Mobility Groups FAQ

Cisco Exam Troubleshooting Cisco Wireless Enterprise Networks Version: 7.0 [ Total Questions: 60 ]

WFS709TP Case Scenario: Wireless deployment for a Corporate and Public network

Q&A. DEMO Version

Configuring AP Groups

LSI Industries AirLink Network Security. Best Practices. System Information 01/31/18. Physical Access. Software Updates. Network Encryption

Lab 6.4.2: Challenge Inter-VLAN Routing

Configuring r BSS Fast Transition

Integration Guide. Trakker Antares 2400 Family and Cisco Aironet 123X

Configure Multicast on Cisco Mobility Express AP's

DHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy

Configuring DHCP for WLANs

Configuring Aggressive Load Balancing

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

The information in this document is based on these software and hardware versions:

COPYRIGHTED MATERIAL. Table of Contents. Assessment Test

High Availability (AP SSO) Deployment Guide

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Chromecast as mdns Service in order to Cast Screen Configuration on WLC

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Configuring Access Point Groups

Cisco 440X Series Wireless LAN Controllers Deployment Guide

Error and Event Messages

Cisco Aironet 350 (DS) AP IOS Software

Transcription:

ISR Wireless Configuration Example Document ID: 116579 Contributed by Surendra BG, Cisco TAC Engineer. Oct 16, 2013 Contents Introduction Prerequisites Requirements Components Used Background Information Identify Legacy and Next Generation ISRs Configure Legacy ISR Configuration Example Next Generation ISR Configuration Example Upgrade an ISR AP from Lightweight to Autonomous Verify Troubleshoot Related Information Introduction This document describes how to tell the difference between Cisco Legacy and Next-Generation Integrated Services Routers (ISRs) and provides information about how to configure them. Prerequisites Requirements There are no specific requirements for this document. Components Used This document is not restricted to specific software and hardware versions. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Background Information There are different types of Cisco ISRs, and only a few of them are integrated with the Cisco IOS for routers. For example, with Legacy 851W, 857W, 871W, and 877W ISRs, you must access the router via Telnet/Secure Shell (SSH), or use the Security Device Manager (SDM) in order to access the wireless configurations. In comparison, some Next Generation ISRs, such as 861W, 881W, 891W, 1941W, 819W, come with Wireless Access Points (APs) already integrated, and can be accessed separately with the AP Bridge Virtual Interface (BVI) interface (with either the GUI or Telnet/SSH).

Identify Legacy and Next Generation ISRs In order to identify the ISR, enter the show ip interface brief command on the router. If interface WLAN-AP 0 and Interface WLAN Gig 0 are present on the interface list, then it means that it is a Next Generation router and has an Integrated Wireless AP inside the router. You can access this via the CLI with Telnet/SSH or from the GUI. Note: If you do not see interface WLAN-AP 0 on the interface list for a 861W, 881W, 891W, or 1941W, then it means that the router does not support wireless. For Legacy routers, this is what appears when you enter the show ip int brief command: As shown, for Legacy routers, you see only the Radio interface directly on the IOS. Configure There are different methods used in order to configure ISRs. In order to configure Legacy routers, where the router IOS supports wireless, you must configure the router via the BVI interface for each VLAN. Also, you must bridge traffic with the Radio interface and VLAN interface bridge via the BVI. If you use multiple Service Set Identifiers (SSIDs), then each SSID must be mapped to each VLAN, and each VLAN must be mapped to a unique Bridge Group (BG) through a separate BVI interface.

On the other hand, when you configure a Next Generation ISR, then the configuration is less complex. You must establish a connection between the router and the AP, and configure the AP just as any other stand-alone AP. There will be a single BVI interface, with multiple sub-interfaces, that helps communicate between multiple SSIDs and VLANs. Next Generation ISRs can be synched with the Cisco Unified Wireless Manager (CUWM) architecture as well. The AP module inside the router can be converted to Light Weight Access Point Protocol (LWAPP)/Control and Provisioning of Wireless Access Points (CAPWAP) mode, which is registered to the Wireless LAN Controller (WLC). This section describes how to convert the AP module from Autonomous and LWAPP. Note: 861W does not support LWAPP mode. Legacy ISR Configuration Example This configuration example uses two VLANS (VLAN 1 and VLAN 2) that are each mapped to a different SSID with WIFI-Protected Access - Pre Shared Key (WPA-PSK) security: en conf t vlan 2 mapped to GUESTRITS SSID..Use the vlan as per the network configuration dot11 ssid GUESTRITS vlan 2 mbssid authentication open authentication key-management wpa wpa-psk ascii 0 cisco123 dot11 ssid INTERNAL vlan 1 >> vlan 1 mapped to INTERNAL SSID

authentication open mbssid authentication key-management wpa wpa-psk ascii 0 cisco123 bridge irb <<< Enables IRB. Allows bridging of traffic interface Dot11Radio0 no ip address mbssid encryption vlan 1 mode ciphers tkip << Encryption encryption vlan 2 mode ciphers tkip ssid GUESTRITS ssid INTERNAL speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root interface Dot11Radio0.1 <<< Corresponding Sub Interface encapsulation dot1q 1 native configuration for Radio bridge-group 1 <<< Bridging between VLAN 1 and bridge-group 1 subscriber-loop-control Dot11 0.1 bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding interface Dot11Radio0.2 <<< Corresponding Sub Interface encapsulation dot1q 2 configuration for Radio bridge-group 2 <<< Bridging between VLAN 2 and bridge-group 2 subscriber-loop-control Dot11 0/2 bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding interface Vlan1 no ip address bridge-group 1 <<< Bridging between VLAN 1 and Dot11 0/1 interface Vlan2 no ip address bridge-group 2 <<< Bridging between VLAN 2 and Dot11 0.2 interface BVI1 << BVI 1 for VLAN 1 ip address 10.0.0.2 255.255.255.0 interface BVI2 << BVI 2 for VLAN 2 ip address 192.168.1.1 255.255.255.0

bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip <<< Mandatory Bridging commands Next Generation ISR Configuration Example Complete these steps in order to configure Next Generation routers: 1. Establish connectivity between the router and the AP with the reverse console interface that is available on the router (Interface WLAN-AP 0). Use the IP address for this interface (you can assign the IP address, or use the IP unnumbered VLAN X command) in order to assign the IP. Here is an example where the IP unnumbered VLAN command is used: en conf t int wlan-ap 0 ip unnumbered vlan 1 no shut This appears when you enter the show ip int br command: This helps you log in to the AP module. 2. Enter the service module WLAN-ap 0 session command in order to log in to the AP.

Follow the same process used in order to configure the stand-alone AP. For additional configuration examples, see the Configuration Examples and TechNotes index page. If your deployment consists of multiple VLANs or SSIDs, you must set the WLAN-GIG 0 interface as a trunk port that allows the required VLANs on the router. Upgrade an ISR AP from Lightweight to Autonomous When the integrated AP runs the LWAPP image, such as AP801-RCVK9W8-M, AP801-RCVK9 "W8" -M (indicates LWAPP), or W7 (indicates an autonomous image), the Config t command does not work; the AP should use the autonomous image in order to run the commands. In order to resolve this issue, you must upgrade the ISR AP from lightweight to autonomous. Enter these commands: Router>en Router#config t Router(config t)#service-module wlan-ap0 bootimage autonomous With these commands, you can change the AP mode. If you want the AP to load and run an autonomous image, use Autonomous in the previous command. If you want the AP to load and boot with an LWAPP image, then type Unified and reload the AP with this command: Router(config t)#service-module wlan-ap 0 reload This sets the AP to autonomous. The process works for the majority of cases. However, if you encounter issues, you can use the manual process: 1. Download TFTPd32 onto your laptop and install it. Download the latest IOS image for the AP801 Series: A. Navigate to Cisco.com. B. Click the Support tab near the top of the screen. C. Click Download Software. D. Select Wireless, and then select Integrated routers and switches from the product drop-down list. E. Select the Router Model. F. Select the appropriate IOS image: 12.4(21a)JY (or later, as desired). 2. Log in to the AP module from the router, and enter these commands: AP>en AP#debug capwap console cli OR debug lwapp console cli AP#config t (this configuration command now works) AP(config-t)#int GIG 0 or int FA 0

AP(config - int)#ip addresss <address > <mask> (ensure that you have connectivity to your laptop IP address, and that they are both in the same subnet) AP(config - int)#no shut AP(config - int)#end 3. Enter the archive download commands in order to upgrade the AP to autonomous: AP#archive download-sw /force-reload /overwrite tftp://<tftp ip address (laptops IP)>/<Autonomous image.tar> AP#archive download-sw /overwrite /force-reload tftp://10.0.0.4/ap801-k9w7-tar.124-21a.jy.tar This completes the manual configuration process. Verify Note: If the AP is in autonomous mode and you want to convert it to LWAPP, use the archive downloads commands and select the LWAPP Recovery image instead of the Autonomous-Cisco Internetwork Operating System (AIOS) image. There is currently no verification procedure available for this configuration. Troubleshoot There is currently no specific troubleshooting information available for this configuration. Related Information Datasheets - Cisco 800 Series Routers Compare Models - Cisco 800 Series Routers Wireless Authenticaion Types on a Fixed ISR Configuration Example Technical Support & Documentation - Cisco Systems Updated: Oct 16, 2013 Document ID: 116579

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback