[c-nsp] Cisco 1801W wireless configuration woes.

Dave Lim dave.daturax at gmail.com
Tue Mar 28 08:36:51 EST 2006


What about the cipher suites? Do I have to enable those?


On 3/28/06, Dan Massey <dan at gconnect.net> wrote:
> I could not get wpa-psk to work through the gui interface and ended up
> using the cli instead. The basic commands were:
>
> ssid <name>
>         authentication open
>         authentication key-management wpa
>         guest-mode
>         wpa-psk ascii <key>
>
> Hope that helps
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dave Lim
> Sent: 28 March 2006 14:23
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco 1801W wireless configuration woes.
>
> Hi guys,
>
> I have no problem creating the SSID to access vlan100, after which I
> create a DHCP pool for this vla 100 n which is a different segment from
> the LAN (vlan1) and do a NAT inside. This was not an issue for me.
>
> But I have problems securing the wireless using WPA-PSK. When I try to
> configure the Wireless Security via the SDM in the SSID mananger to use
> WPA-PSK, it gives me this error
>
> "Vlan should not be associated with a SSID to configure this setting"
>
> Anyone have any idea? Can someone point me to a guide to configuring
> WPA-PSK for SSID Here's my running config.
> ip cef
> no ip dhcp use vrf connected
> ip dhcp excluded-address 10.10.10.1
> ip dhcp excluded-address 192.168.1.201 192.168.1.254 ip dhcp
> excluded-address 192.168.1.1 192.168.1.100 ip dhcp excluded-address
> 192.168.2.1 192.168.2.99 !
> ip dhcp pool testing at KA
>    import all
>    network 192.168.1.0 255.255.255.0
>    dns-server 210.193.2.34 210.193.2.36
>    default-router 192.168.1.1
> !
> ip dhcp pool testingGuest
>    import all
>    network 192.168.2.0 255.255.255.0
>    dns-server 210.193.2.34 210.193.2.36
>    default-router 192.168.2.1
> !
> !
> no ip domain lookup
> ip domain name testing.com.sg
> ip name-server 210.193.2.34
> !
> interface Dot11Radio0
>  no ip address
>  !
>  ssid testing
>     vlan 100
>     authentication open
>     guest-mode
>  !
>  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
> 36.0 48.0 54.0  station-role root  no dot11 extension aironet !
> interface Dot11Radio0.100
>  encapsulation dot1Q 100
>  ip address 192.168.2.1 255.255.255.0
>  ip access-group 101 in
>  ip access-group 101 out
>  ip nat inside
>  ip virtual-reassembly
>  shutdown
>  no snmp trap link-status
>  no cdp enable
> !ip route 0.0.0.0 0.0.0.0 Dialer0
> ip route 192.168.10.0 255.255.255.0
>
>
>
>  FastEthernet0
> On 3/28/06, Asbjorn Hojmark - Lists <lists at hojmark.org> wrote:
> > > But he had a special request for his wireless. He wants the wireless
>
> > > clients connect to the Cisco 1801 wireless, denied LAN
> => > access and only internet access.
> >
> > Run the WLAN in a subnet separate to the LAN, and apply an access
> > list, which denies WLAN<->LAN access and permits all other traffic.
> >
> > -A
> >
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list