[c-nsp] Cisco 1801W wireless configuration woes.

Per Carlson lists at ip4all.net
Mon Mar 27 13:42:26 EST 2006


On Mon, Mar 27, 2006 at 10:35:01PM +0800, Dave Lim wrote:

> But he had a special request for his wireless. He wants the wireless
> clients connect to the Cisco 1801 wireless, denied LAN access and only
> internet access.
>
> The only thing I can think of, is applying an acl to interface
> Dot11Radio0 denying access to the servers.

policy based routing (pbr) is another option:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#wp1001398

given the (higher) complexity with pbr compared with a acl, i
would recommend an acl. keep it simple is (almost) always a good
thing (tm).

> BTW, does anyone know if Cisco 1801w supports WPA2-PSK? I can only see
> WEP from the SDM wizard. Can someone point me to a guide on
> configuring wireless for Cisco 1801w router?

you should rely on what sdm tells you... my 876w router (running
12.3(8)yi doesn't do wpa2, but the neccessary knobs are there:

876w#conf t
876w(config)#interface Dot11Radio0
876w(config-if)#encryption mode ciphers ?
    aes-ccm  WPA AES CCMP
    tkip     WPA Temporal Key encryption
    wep128   128 bit key
    wep40    40 bit key

876w(config-if)#encryption mode ciphers aes-ccm tkip
Warning: interface Dot11Radio0 does not support AES-CCMP
876w(config-if)#

i am hough running wpa.

here is a link for the config guide. not the easiest one to read
though.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1800fix/awg/index.htm

this excerpt is from a 876w doing wpa-psk:

interface Dot11Radio0
 ip address <address> <mask>
 !
 encryption mode ciphers tkip
 !
 ssid <your ssid>
   authentication open   ! open must be enabled to use wpa
   authentication key-management wpa
   guest-mode            ! broadcast ssid
   wpa-psk ascii <your psk>
 !
 speed <snip>
 station-role root 


-- 
Per Carlson, Sr. Network Developer


More information about the cisco-nsp mailing list