[c-nsp] Cisco 1801W wireless configuration woes.
Per Carlson
lists at ip4all.net
Mon Mar 27 13:42:26 EST 2006
On Mon, Mar 27, 2006 at 10:35:01PM +0800, Dave Lim wrote:
> But he had a special request for his wireless. He wants the wireless
> clients connect to the Cisco 1801 wireless, denied LAN access and only
> internet access.
>
> The only thing I can think of, is applying an acl to interface
> Dot11Radio0 denying access to the servers.
policy based routing (pbr) is another option:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#wp1001398
given the (higher) complexity with pbr compared with a acl, i
would recommend an acl. keep it simple is (almost) always a good
thing (tm).
> BTW, does anyone know if Cisco 1801w supports WPA2-PSK? I can only see
> WEP from the SDM wizard. Can someone point me to a guide on
> configuring wireless for Cisco 1801w router?
you should rely on what sdm tells you... my 876w router (running
12.3(8)yi doesn't do wpa2, but the neccessary knobs are there:
876w#conf t
876w(config)#interface Dot11Radio0
876w(config-if)#encryption mode ciphers ?
aes-ccm WPA AES CCMP
tkip WPA Temporal Key encryption
wep128 128 bit key
wep40 40 bit key
876w(config-if)#encryption mode ciphers aes-ccm tkip
Warning: interface Dot11Radio0 does not support AES-CCMP
876w(config-if)#
i am hough running wpa.
here is a link for the config guide. not the easiest one to read
though.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1800fix/awg/index.htm
this excerpt is from a 876w doing wpa-psk:
interface Dot11Radio0
ip address <address> <mask>
!
encryption mode ciphers tkip
!
ssid <your ssid>
authentication open ! open must be enabled to use wpa
authentication key-management wpa
guest-mode ! broadcast ssid
wpa-psk ascii <your psk>
!
speed <snip>
station-role root
--
Per Carlson, Sr. Network Developer
More information about the cisco-nsp
mailing list