[c-nsp] Cisco 1801W wireless configuration woes.

Dave Lim dave.daturax at gmail.com
Mon Mar 27 09:35:01 EST 2006 

Hi guys,

I am not really adept at configuring Cisco Wireless. Presently, I have
a customer who bought a Cisco 1801 to replace their Cisco 877 ADSL
router. I have no problems configurng their ADSL.

But he had a special request for his wireless. He wants the wireless
clients connect to the Cisco 1801 wireless, denied LAN access and only
internet access.

The only thing I can think of, is applying an acl to interface
Dot11Radio0 denying access to the servers.

Here's my running config
clock timezone PCTime 8
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.201 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool JamTech at KA
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 210.193.2.34 210.193.2.36
   default-router 192.168.1.1
!
!
no ip domain lookup
ip domain name jamtech.com.sg
ip name-server 210.193.2.34
!
username jamadmin privilege 15 password 7 0521520215494D013954424B
!
!
!
!
!
!
interface FastEthernet0
 ip address 10.10.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
 no ip address
 shutdown
 !
 encryption mode ciphers wep128
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no snmp trap link-status
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 shutdown
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no snmp trap link-status
 pvc 0/100
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username jamtech at qala.com.sg password 7 05280E2B117C19
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.10.0 255.255.255.0 FastEthernet0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit any
access-list 100 permit ip any any
access-list 101 permit udp host 210.193.2.36 eq domain any
access-list 101 permit udp host 210.193.2.34 eq domain any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

router1#


BTW, does anyone know if Cisco 1801w supports WPA2-PSK? I can only see
WEP from the SDM wizard. Can someone point me to a guide on
configuring wireless for Cisco 1801w router?

Thanks

More information about the cisco-nsp mailing list