Configuring a Wireless LAN Connection

Similar documents
Configuring the WMIC for the First Time

Configuring the Access Point/Bridge for the First Time

Configuring a Basic Wireless LAN Connection

Configuring VLANs CHAPTER

Configuring VLANs CHAPTER

Configuring Cipher Suites and WEP

Securing a Wireless LAN

ISR Wireless Configuration Example

Integration Guide. Trakker Antares 2400 Family and Cisco Aironet 123X

Configuring WEP and WEP Features

Configuring VLANs. Understanding VLANs

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

Approved APs: AP 1121, 1131, 1231, 1232, 1242, BR 1310

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Configuring Spanning Tree Protocol

Configuring a VAP on the WAP351, WAP131, and WAP371

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through

Workgroup Bridges. Cisco WGBs. Information About Cisco Workgroup Bridges. Cisco WGBs, page 1 Third-Party WGBs and Client VMs, page 9

accounting (SSID configuration mode) through encryption mode wep

Using Cisco Workgroup Bridges

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Configuring Authentication Types

Integration Guide. CK30/CK31 and Cisco Aironet 1231/1242

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Field Verified. Configuration Guide. Cisco. 1100, 1200 and 1300 Series APs using the Wireless LAN Services Module (WLSM)

2 Wireless Networks. 2.1 Introduction. 2.2 IEEE b. Unit 2: Wireless Networks 1

Cisco CP Express Wizard

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring Repeater and Standby Access Points

Wireless Filtering and Firewalling

Console Server. Con. Cisco Aironet Port Figure 1: Aironet configuration

Cisco Unified Communications Manager Express 7921 Push-to-talk

ECB N Multi-Function Gigabit Client Bridge

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

ECB7510. Wireless Gigabit Dual Band Concurrent Router AP PRODUCT DESCRIPTION

Basic Wireless Settings on the CVR100W VPN Router

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

DVA-G3340S High-Speed 2.4 GHz Wireless ADSL VOIP Router. Manual

8 VLANs. 8.1 Introduction. 8.2 vlans. Unit 8: VLANs 1

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

How to Configure Wireless Internet Access (Wi-Fi) Advanced Settings on the Qwest Standard Modem: Actiontec GT701-WG

Chapter 1 Introduction

Configuring Wireless Devices

Configuring Multiple SSIDs

Wireless 300N Access Point 300 Mbps, MIMO, Bridge, Repeater, Multiple SSIDs and VLANs Part No.:

Configuring OfficeExtend Access Points

Wireless LAN Example Scenario

U S E R M A N U A L b/g PC CARD

FAQ on Cisco Aironet Wireless Security

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

User Guide. 450Mbps/300Mbps Wireless N Access Point TL-WA901ND/TL-WA801ND REV

Learn How to Configure EnGenius Wi-Fi Products for Popular Applications

Cisco Unified IP Phone Installation

Wireless LAN Controller Module Configuration Examples

C H A P T E R Overview Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide OL

Cisco CCNA (ICND1, ICND2) Bootcamp

ECB N Multi-Function Client Bridge

LEAP Authentication on a Local RADIUS Server

Viewing Status and Statistics

Release Notes: Version Operating System

LevelOne. User Manual. WAP Mbps PoE Wireless AP V3.0.0

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Security in IEEE Networks

Authentication and Security: IEEE 802.1x and protocols EAP based

ENH200 LONG RANGE WIRELESS 11N OUTDOOR CB/AP PRODUCT OVERVIEW. IEEE802.11/b/g/n 1T+1R 150Mbps 25 km High Performance

IP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask

2.4GHz / 5GHz 54Mbps a/b/g Flexible Application

Hot Standby Access Points

Configuring the Xirrus Array

Activity Configuring and Securing a Wireless LAN in Packet Tracer

Configuring FlexConnect Groups

Prestige 660HW Series. Prestige 660H Series. Quick Start Guide

Contents. Introduction

Configuring Hybrid REAP

Standard For IIUM Wireless Networking

Protected EAP (PEAP) Application Note

EnGenius Quick Start Guide

Wireless Access Point

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

ECB3500 Wireless Long Range Multi-function 7+1 AP

WPA Migration Mode: WEP is back to haunt you

b/g/n 1T1R Wireless USB Adapter. User s Manual

Wireless technology Principles of Security

WL 5011s g Wireless Network Adapter Client Utility User Guide

ECB Gon Tel: +44 (0) Fax: +44 (0) Wireless Long Range Multi-function 7+1 AP

Configuring WLANsWireless Device Access

54Mbps Pocket Wireless Access Point (WL-330g)

Chapter 4 Advanced Settings and Features

Mediant MSBR. Wireless Access Configuration. Configuration Guide. Version 6.8. Multi-Service Business Routers Product Series

EOC5611P. Wireless a/b/g Outdoor AP. Package Content PRODUCT DESCRIPTION. 2.4GHz / 5 GHz 54Mbps a/b/g 24V PoE

Wireless LAN Device Series. DLB2300-A User Manual

EnGenius EAP-9550 Indoor Access Point

Cisco Wireless LAN Controller Module

Figure 5-25: Setup Wizard s Safe Surfing Screen

Figure 35: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.

WUG2690 User s Manual

Securing Wireless LAN Controllers (WLCs)

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

ECB3500 Wireless Long Range Multi-function 7+1 AP

Transcription:

CHAPTER 9 The Cisco Secure Router 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN transceivers. You can configure and monitor the routers using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). This chapter describes how to configure the router using the CLI. Use the interface dot11radio global configuration CLI command to place the device into radio configuration mode. See the Cisco Access Router Wireless Configuration Guide for more detailed information about configuring these Cisco routers in a wireless LAN application. Figure 9-1 shows a wireless network deployment. Figure 9-1 Wireless Connection to the Cisco Router 3 1 4 2 129282 1 Wireless LAN (with multiple networked devices) 2 Cisco Secure Router 520 Series router connected to the Internet 3 VLAN 1 4 VLAN 2 In the configuration example that follows, a remote user is accessing the Cisco Secure Router 520 Series router using a wireless connection. Each remote user has his own VLAN. 9-1

Configure the Root Radio Station Chapter 9 Configuration Tasks Perform the following tasks to configure this network scenario: Configure the Root Radio Station Configure Bridging on VLANs Configure Radio Station Subinterfaces A configuration example showing the results of these configuration tasks is provided in the Configuration Example section on page 9-6. The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1, Basic Router Configuration, Chapter 3, Configuring PPP over Ethernet with NAT, and Chapter 4, Configuring PPP over ATM with NAT, as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels. Configure the Root Radio Station Perform these steps to create and configure the root radio station for your wireless LAN, beginning in global configuration mode: Step 1 interface name number Router(config)# interface dot11radio 0 Enters interface configuration mode for the radio Step 2 broadcast-key [vlan vlan-id] change seconds broadcast-key vlan 1 change 45 Specifies the time interval, in seconds, between rotations of the broadcast encryption key used for clients. Client devices using static Wired Equivalent Privacy (WEP) cannot use the access point when you enable broadcast key rotation only wireless client devices using 802.1x authentication (such as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access point. This command is not supported on bridges. See the Cisco IOS s for Access Points and Bridges for more details. 9-2

Chapter 9 Configure the Root Radio Station Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 encryption method algorithm key encryption vlan 1 mode ciphers tkip ssid name ssid cisco Router(config-if-ssid)# vlan number Router(config-if-ssid)# vlan 1 Router(config-if-ssid)# authentication type Router(config-if-ssid)# authentication open Router(config-if-ssid)# authentication network-eap eap_methods Router(config-if-ssid)# authentication key-management wpa exit Router(config-if-ssid)# exit speed rate speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 rts [retries threshold] rts threshold 2312 Specifies the encryption method, algorithm, and key used to access the wireless The example uses the VLAN with optional encryption method of data ciphers. Creates a Service Set ID (SSID), the public name of a wireless network. All of the wireless devices on a WLAN must employ the same SSID to communicate with each other. Binds the SSID with a VLAN. Sets the permitted authentication methods for a user attempting access to the wireless LAN. More than one method can be specified, as shown in the example. Exits SSID configuration mode, and enters interface configuration mode for the radio (Optional) Specifies the required and allowed rates, in Mbps, for traffic over the wireless connection. (Optional) Specifies the Request to Send (RTS) threshold or the number of times to send a request before determining the wireless LAN is unreachable. 9-3

Configure Bridging on VLANs Chapter 9 Step 10 power [client local] [cck [number maximum] ofdm [number maximum]] power local cck 17 power local ofdm 17 (Optional) Specifies the radio transmitter power level. See the Cisco Access Router Wireless Configuration Guide for available power level values. Step 11 Step 12 Step 13 channel [number least-congested] channel 2462 station-role [repeater root] station-role root exit exit Router(config)# (Optional) Specifies the channel on which communication occurs. See the Cisco Access Router Wireless Configuration Guide for available channel numbers. (Optional) Specifies the role of this radio You must specify at least one root Exits interface configuration mode, and enters global configuration mode. Configure Bridging on VLANs Perform these steps to configure integrated routing and bridging on VLANs, beginning in global configuration mode: Step 1 Step 2 or Action bridge [number crb irb mac-address-table] Router(config)# bridge irb Router(config)# interface name number Router(config)# interface vlan 1 Specifies the type of bridging. The example specifies integrated routing and bridging. Enters interface configuration mode. We want to set up bridging on the VLANs, so the example enters the VLAN interface configuration mode. 9-4

Chapter 9 Configure Radio Station Subinterfaces Step 3 Step 4 Step 5 Step 6 or Action bridge-group number bridge-group 1 bridge-group parameter bridge-group 1 spanning-disabled interface name number interface bvi 1 ip address address mask ip address 10.0.1.1 255.255.255.0 Assigns a bridge group to the Sets other bridge parameters for the bridging Enters configuration mode for the virtual bridge Specifies the address for the virtual bridge Repeat Step 2 through Step 6 above for each VLAN that requires a wireless Configure Radio Station Subinterfaces Perform these steps to configure subinterfaces for each root station, beginning in global configuration mode: Step 1 Step 2 interface type number Router(config)# interface dot11radio 0.1 description string description Cisco open Enters subinterface configuration mode for the root station Provides a description of the subinterface for the administrative user. 9-5

Configuration Example Chapter 9 Step 3 encapsulation dot1q vlanid [native second-dot1q] encapsulation dot1q 1 native Specifies that IEEE 802.1Q (dot1q) encapsulation is used on the specified sub Step 4 Step 5 no cdp enable no cdp enable bridge-group number bridge-group 1 Disables the Cisco Discovery Protocol (CDP) on the wireless Assigns a bridge group to the sub When the bridge-group command is enabled, the following commands are automatically enabled, and cannot be disabled. If you disable these commands you may experience an interruption in wireless device communication. bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source Step 6 exit exit Router(config)# Exits subinterface configuration mode, and enters global configuration mode. Repeat these steps to configure more subinterfaces, as needed. Configuration Example The following configuration example shows a portion of the configuration file for the wireless LAN scenario described in the preceding sections. bridge irb interface Dot11Radio0 no ip address broadcast-key vlan 1 change 45 9-6

Chapter 9 Configuration Example encryption vlan 1 mode ciphers tkip ssid cisco vlan 1 authentication open wpa-psk ascii 0 cisco123 authentication key-management wpa ssid ciscowep vlan 2 authentication open ssid ciscowpa vlan 3 authentication open speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 rts threshold 2312 power local cck 50 power local ofdm 30 channel 2462 station-role root interface Dot11Radio0.1 description Cisco Open encapsulation dot1q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding interface Dot11Radio0.2 encapsulation dot1q 2 bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding interface Dot11Radio0.3 encapsulation dot1q 3 bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 spanning-disabled bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding interface Vlan1 no ip address bridge-group 1 bridge-group 1 spanning-disabled interface Vlan2 no ip address bridge-group 2 bridge-group 2 spanning-disabled interface Vlan3 9-7

Configuration Example Chapter 9 no ip address bridge-group 3 bridge-group 3 spanning-disabled interface BVI1 ip address 10.0.1.1 255.255.255.0 interface BVI2 ip address 10.0.2.1 255.255.255.0 interface BVI3 ip address 10.0.3.1 255.255.255.0 9-8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback