[c-nsp] Cisco 1801W wireless configuration woes.

Dave Temkin dave at ordinaryworld.com
Mon Mar 27 09:45:30 EST 2006 

Wow...  you should probably change the passwords on that router NOW.

#1 rule of pasting configs onto a mailing list - remove all identifying
information, passwords, and SNMP communities.




-Dave

On Mon, 27 Mar 2006, Dave Lim wrote:

> Hi guys,
>
> I am not really adept at configuring Cisco Wireless. Presently, I have
> a customer who bought a Cisco 1801 to replace their Cisco 877 ADSL
> router. I have no problems configurng their ADSL.
>
> But he had a special request for his wireless. He wants the wireless
> clients connect to the Cisco 1801 wireless, denied LAN access and only
> internet access.
>
> The only thing I can think of, is applying an acl to interface
> Dot11Radio0 denying access to the servers.
>
> Here's my running config
> clock timezone PCTime 8
> !
> !
> ip cef
> no ip dhcp use vrf connected
> ip dhcp excluded-address 10.10.10.1
> ip dhcp excluded-address 192.168.1.201 192.168.1.254
> ip dhcp excluded-address 192.168.1.1 192.168.1.100
> !
> ip dhcp pool JamTech at KA
>    import all
>    network 192.168.1.0 255.255.255.0
>    dns-server 210.193.2.34 210.193.2.36
>    default-router 192.168.1.1
> !
> !
> no ip domain lookup
> ip domain name jamtech.com.sg
> ip name-server 210.193.2.34
> !
> username jamadmin privilege 15 password 7 0521520215494D013954424B
> !
> !
> !
> !
> !
> !
> interface FastEthernet0
>  ip address 10.10.1.1 255.255.255.0
>  duplex auto
>  speed auto
> !
> interface BRI0
>  no ip address
>  encapsulation hdlc
>  shutdown
> !
> interface FastEthernet1
> !
> interface FastEthernet2
> !
> interface FastEthernet3
> !
> interface FastEthernet4
> !
> interface FastEthernet5
> !
> interface FastEthernet6
> !
> interface FastEthernet7
> !
> interface FastEthernet8
> !
> interface Dot11Radio0
>  no ip address
>  shutdown
>  !
>  encryption mode ciphers wep128
>  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
> 36.0 48.0 54.0
>  station-role root
> !
> interface Dot11Radio0.1
>  encapsulation dot1Q 1 native
>  no snmp trap link-status
>  no cdp enable
>  bridge-group 1
>  bridge-group 1 subscriber-loop-control
>  bridge-group 1 spanning-disabled
>  bridge-group 1 block-unknown-source
>  no bridge-group 1 source-learning
>  no bridge-group 1 unicast-flooding
> !
> interface Dot11Radio1
>  no ip address
>  shutdown
>  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
>  station-role root
> !
> interface ATM0
>  no ip address
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  no atm ilmi-keepalive
>  dsl operating-mode auto
> !
> interface ATM0.1 point-to-point
>  description $ES_WAN$$FW_OUTSIDE$
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  no snmp trap link-status
>  pvc 0/100
>   encapsulation aal5mux ppp dialer
>   dialer pool-member 1
>  !
> !
> interface Vlan1
>  description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
>  ip address 192.168.1.1 255.255.255.0
>  ip nat inside
>  ip virtual-reassembly
> !
> interface Dialer0
>  description $FW_OUTSIDE$
>  ip address negotiated
>  ip access-group 101 in
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip mtu 1452
>  ip nat outside
>  ip virtual-reassembly
>  encapsulation ppp
>  ip route-cache flow
>  dialer pool 1
>  dialer-group 1
>  no cdp enable
>  ppp authentication pap callin
>  ppp pap sent-username jamtech at qala.com.sg password 7 05280E2B117C19
> !
> ip route 0.0.0.0 0.0.0.0 Dialer0
> ip route 192.168.10.0 255.255.255.0 FastEthernet0
> !
> !
> ip http server
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 5 life 86400 requests 10000
> ip nat inside source list 1 interface Dialer0 overload
> !
> access-list 1 remark INSIDE_IF=Vlan1
> access-list 1 remark SDM_ACL Category=2
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 1 permit any
> access-list 100 permit ip any any
> access-list 101 permit udp host 210.193.2.36 eq domain any
> access-list 101 permit udp host 210.193.2.34 eq domain any
> access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
> access-list 101 permit icmp any any echo-reply
> access-list 101 permit icmp any any
> access-list 101 permit icmp any any unreachable
> access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
> access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
> access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
> access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
> access-list 101 deny   ip host 255.255.255.255 any
> access-list 101 deny   ip host 0.0.0.0 any
> access-list 101 deny   ip any any
> dialer-list 1 protocol ip permit
> no cdp run
> !
> !
> !
> !
> !
> !
> control-plane
> !
> !
> line con 0
>  login local
> line aux 0
> line vty 0 4
>  privilege level 15
>  login local
>  transport input telnet ssh
> line vty 5 15
>  privilege level 15
>  login local
>  transport input telnet ssh
> !
> !
> webvpn context Default_context
>  ssl authenticate verify all
>  !
>  no inservice
> !
> end
>
> router1#
>
>
> BTW, does anyone know if Cisco 1801w supports WPA2-PSK? I can only see
> WEP from the SDM wizard. Can someone point me to a guide on
> configuring wireless for Cisco 1801w router?
>
> Thanks
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list