Cisco Wireless Access Points: Difference between revisions
(Created page with '<center>Cisco Aironet 1200 Series Wireless Access Point: Basic Wireless Configuration</center> This article was written to set up a Cisco Aironet 1200 series access point withou…') |
No edit summary |
||
Line 3: | Line 3: | ||
This article was written to set up a Cisco Aironet 1200 series access point without connecting it to a wired network. These settings will enable basic wireless services including DHCP for wireless devices. The particular access point that was used to research and produce this article contained Cisco’s IOS operating system so much of the command line configuration is similar to that if Cisco’s switches and routers. | This article was written to set up a Cisco Aironet 1200 series access point without connecting it to a wired network. These settings will enable basic wireless services including DHCP for wireless devices. The particular access point that was used to research and produce this article contained Cisco’s IOS operating system so much of the command line configuration is similar to that if Cisco’s switches and routers. | ||
==Plug in the access point== | |||
==Create a physical connection to the access point.== | |||
# This can be done with a rollover cable and a DB-9 to RJ45 adapter | |||
# Connect the DB-9 to RJ45 adapter to the 9-pin DB-9 serial port on the back of the host PC | |||
# Connect one end for the rollover cable to the RJ-45 console port located at the rear of the access point between the two antennas | |||
# Connect the other end of the rollover cable to the RJ-45 connecter on the DB-9 to RJ45 adapter. | |||
==Create an interface connection to the access point via HyperTerminal or other command line terminal== | |||
# Open HyperTerminal from Start>All Programs>Accessories>Communications | |||
# Create a new connection | |||
## HyperTerminal should prompt you to create a new connection when it first opens | |||
===Cisco recommends the following settings=== | |||
# 9600 baud rate | |||
# 8 data bits | |||
# no parity | |||
# 1 stop bit | |||
# no flow control | |||
==Log in to the access point command line== | |||
# Once the HyperTerminal connection is made, press '''Enter''' to access the command line interface and User Exec mode command prompt. None of the configuration we are doing will be in user EXEC mode so we will not spend any time on this area. | |||
# At the command prompt, issue the command '''enable''' and press enter. This is the command to enter the privileged EXEC mode prompt. | |||
# At this point, the system will prompt you for a password. The default password for this line of access points is '''Cisco''' and is case sensitive. This will also be the default password for the web browser interface in later sections. Type the password at the command prompt and press '''Enter'''. | |||
# This should result in a command prompt ending with the pound (#) character. | |||
==Remove the old configuration file== | |||
# To remove any old configurations and prevent old settings from interfering, remove the starting configuration file by issuing the command '''erase startup-config''' at the command prompt. | |||
# At this point, the system will prompt you to confirm your actions. Press '''Enter''' to confirm and return to the command prompt. | |||
==Reload or restart the access point== | |||
# At this point, you may either unplug the access point and plug it back in, or issue the command '''reload''' at the command prompt. If you choose to issue the '''reload''' command, it will prompt you again to confirm your actions. Press '''Enter''' to confirm and proceed with restarting the access point. | |||
==Perform basic security configuration== | |||
# Issue the command '''configure terminal''' at the command prompt and press '''Enter'''. This is known as “Global Configuration Mode”. | |||
# If you wish, here you may issue the command '''<nowiki>hostname <</nowiki>'''''hostname''> at the command prompt where ''hostname'' will be the name of the access point. For the purpose of this article, we left this as the default value of “ap”. | |||
# You may also wish to change the default password with the command '''enable secret'''<nowiki> <</nowiki>''password>''. This will change the default password for the privileged EXEC mode. This will also change the default password to access the web browser interface. | |||
==Configure the BVI1 interface with an IP address== | |||
# At the command prompt, issue the command '''interface bvi 1''' and press '''Enter''' to enter the interface configuration mode for the BVI1 interface. For the web browser interface to work, an IP address needs to be assigned to this interface. If you are configuring this on a wired network, this could be the network IP address of the access point. For our purposes, we configured this as a standalone access point and used the private address 192.168.1.1 with the subnet mask 255.255.255.0. Being as this address is in the subnet of the network that will occupy the access point, we then have the option use any device connected to the access point to access the web browser interface. | |||
# At the command prompt, issue the command '''ip address '''''ip address subnet mask'', where ''ip address'' ''subnet mask'' is the combination of IP address and subnet mask that you wish to use. | |||
# At this point, you can issue the command '''no shutdown''' as you would during most cases of interface configuration, but, like loopback interfaces, the BVI1 interface is a virtual interface and is always up so this step is not necessary. | |||
# At the command prompt, issue the command '''end''' and press '''Enter''' to return to the global configuration command prompt. | |||
==Configure the Dynamic Host Configuration Protocol (DHCP)== | |||
# At this point we will configure the access point to provide DHCP service. To do this, choose a suitable network IP address and subnet mask to serve your purpose. | |||
# At the command prompt, issue the command '''<nowiki>ip dhcp excluded-address <</nowiki>'''''<nowiki>low address> <high address></nowiki>'' and press '''Enter'''. The purpose of this command is to exclude a contiguous range of addresses used for management purposes such as static addresses for printers and other hardware and peripherals. You may enter a single address or a contiguous range of addresses. | |||
# At the command prompt, issue the command '''ip dhcp pool''' ''<nowiki><name></nowiki>'', where ''name'' is a name chosen to represent the IP address pool and press '''Enter'''. For our purposes, we used the SSID of the access point. At this point, after pressing '''Enter''', you are placed in DHCP configuration mode. | |||
# At the command prompt, issue the command '''network''' ''<nowiki><ip address> <subnet mask></nowiki>'' where ''<nowiki>ip address> <subnet mask></nowiki>'' are the network IP address and subnet mask that you chose in step A. For our purposes, we stuck with the combination of 192.168.1.0 255.255.255.0. | |||
# At the command prompt, issue the command '''lease '''''<nowiki><days> <hours> <minutes></nowiki>'' to set the IP address lease period and press '''Enter'''. You may use '''infinite''' instead of defining the days, hours and minutes. | |||
# At the command prompt issue the command '''end''' and press '''Enter''' to return to the privileged EXEC mode prompt. | |||
# At this point, DHCP has been configured and the web browser interface should be operational and accessible. At the command prompt, issue the command '''copy running-config startup-config''' to save the changes. | |||
==Configure the host network interface card (NIC) IPv4 settings with an IP address== | |||
# Configure the IPv4 settings of the PC network interface card so that it has a static IP address that is on the same subnet as the BVI1 interface as well as the same subnet mask. For our purposes, we used 192.168.1.2 255.255.255.0. | |||
==Connect an Ethernet patch cable to the access point== | |||
# Here, we are using a cabled connection because the SSID and wireless interfaces have not yet been configured. Using an Ethernet patch cable, plug one RJ-45 connector in the NIC on the PC and the other RJ-45 connector into the Fast Ethernet interface located at the rear of the access point between the two antennas. | |||
==Connect to the web browser interface of the access point== | |||
# Open a web browser such as Internet Explorer or Firefox. | |||
# In the address bar, type '''http://'''''ip address'' where ''ip address'' is the IP address of the BVI1 interface, and press '''Enter'''. | |||
# At this point, you will receive a login prompt window. Leaving the username field blank, press the '''Tab''' key to move the cursor to the password field. If you set the password in step C of section VII, then the password you chose there is the same password needed here. If you left it as the default, the password should be '''Cisco'''. Enter the password and press '''Enter'''. This step should end with the web browser interface being displayed on the web browser. | |||
==Configure service set identifier (SSID)== | |||
# When the web browser interface starts, you are placed on the home screen. Here you should see a router configuration summary on the main screen. On the left side of the summary is a navigation panel. For our configuration we are going to navigate directly to the '''Express Security''' page. We are doing this for two reasons. We need to configure an SSID for wireless devices to connect to and we need to enable the wireless interfaces which need the SSID to work.\ | |||
# On the top of the '''Express Security''' page, you will see a field for an SSID name and a check box to allow broadcasting of the SSID. Enter a name and check the box to enable SSID broadcast. There are a lot of other options on this page, but for our immediate purpose, these are the only changes we will make here. Once you have set the SSID name and allowed it to broadcast, scroll down to the bottom of the page and click '''Apply'''. | |||
==Enable the wireless interfaces== | |||
# Navigate to the '''Interfaces''' page in the navigation menu on the left side of the screen. You will notice that the navigation panel expands to show each of the individual interfaces. | |||
# Navigate to the '''Radio0-802.11B''' interface page. Here you will notice four tabs. | |||
## RADIO0-802.11B STATUS - shows a summary interface status | |||
## DETAILED STATUS - self explanatory | |||
## SETTINGS - the changeable settings page | |||
## CARRIER BUSY TEST - self explanatory | |||
## Navigate directly to the '''Settings''' tab. Here you will notice all the settings available to configure the interface. | ## Navigate directly to the '''Settings''' tab. Here you will notice all the settings available to configure the interface. | ||
## For our purpose, click the '''enable''' option to enable the interface. | ## For our purpose, click the '''enable''' option to enable the interface. | ||
## Scroll down to the '''Data Rates''' setting and click on the '''Best Throughput''' button. | ## Scroll down to the '''Data Rates''' setting and click on the '''Best Throughput''' button. | ||
## Scroll sown to the bottom of the page and click the '''Apply''' button. It will take a few seconds for the interfaces to show enabled. If you still have access to the command line interface session, you will notice some system messages as the interface comes up. | ## Scroll sown to the bottom of the page and click the '''Apply''' button. It will take a few seconds for the interfaces to show enabled. If you still have access to the command line interface session, you will notice some system messages as the interface comes up. | ||
# Perform steps B through F for interface '''Radio0-802.11A'''. | |||
==Configure cipher type== | |||
# In the navigation menu on the left side of the screen, navigate to the '''Security''' page. Again you will notice that the navigation menu expands to show sub sections of the security menu. | |||
# Navigate to the '''Encryption '''sub section. Here you will notice that there is a page tab for each of the wireless interfaces. In this access point, you can configure different security measures for each interface. You will be setting them both the same. | |||
# Click on the '''Cipher''' option and then use the scroll menu to the right and select '''TKIP''' as the encryption type. We are bypassing WEP on this page as WEP has been found to be broken and insecure and we are choosing to use the more secure WPA option (next section). | |||
# You will only be using one security key so choose an appropriate passphrase and type it into the '''Encryption Key 2''' field. You can choose a different key size of you choose to do so, but for our purposes, we left ours at 128 bits. | |||
# Scroll down to the bottom of the page. As we are applying these settings to both wireless interfaces, we can click on the '''Apply-All''' button. This will save you from having to configure encryption settings for both interfaces. | |||
==Configure WPA== | |||
# Here, we will now configure SSID authentication essentially by using the previously defined encryption key as the pre-shared key (PSK). In the navigation menu on the left side of the screen, navigate to the '''SSID''' '''Manager''' page. | |||
# In the '''Current SSID List''' window, click and select the SSID name. | |||
# Scroll down to the '''Authentication Settings''' section and make sure '''Open Authentication''' is selected. For a basic wireless configuration, you can leave the rest of this section configured with the defaults. | |||
# Scroll down to the '''Authenticated Key Management''' section. Use the dropdown menu for Key Management to select '''Mandatory''' and then click and select the WPA option. | |||
# Select either '''ASCII''' or '''Hexadecimal''' style passphrase, then enter an appropriate passphrase into the field for '''WPA Pre-shared Key'''. | |||
# For the rest of this page, you can leave the rest of the configuration with the default settings. Scroll down to the bottom of the page and click on '''Apply'''. | |||
You should now have completed setting up basic wireless service with DHCP enabled to automatically negotiate network addressing. You should be able to connect a wireless device with the NIC to set to obtain an IP address automatically. There are a couple of ways to check who is connected to your network at any given time. In the web browser interface, selecting the '''Association''' page from the navigation menu will show you a graphical table with a MAC address and the IP address that is associated with it. You can get this same information using the command line interface by issuing the command '''show ip dhcp binding''' in the privileged EXEC mode command prompt. | You should now have completed setting up basic wireless service with DHCP enabled to automatically negotiate network addressing. You should be able to connect a wireless device with the NIC to set to obtain an IP address automatically. There are a couple of ways to check who is connected to your network at any given time. In the web browser interface, selecting the '''Association''' page from the navigation menu will show you a graphical table with a MAC address and the IP address that is associated with it. You can get this same information using the command line interface by issuing the command '''show ip dhcp binding''' in the privileged EXEC mode command prompt. |
Revision as of 19:31, 4 March 2010
This article was written to set up a Cisco Aironet 1200 series access point without connecting it to a wired network. These settings will enable basic wireless services including DHCP for wireless devices. The particular access point that was used to research and produce this article contained Cisco’s IOS operating system so much of the command line configuration is similar to that if Cisco’s switches and routers.
Plug in the access point
Create a physical connection to the access point.
- This can be done with a rollover cable and a DB-9 to RJ45 adapter
- Connect the DB-9 to RJ45 adapter to the 9-pin DB-9 serial port on the back of the host PC
- Connect one end for the rollover cable to the RJ-45 console port located at the rear of the access point between the two antennas
- Connect the other end of the rollover cable to the RJ-45 connecter on the DB-9 to RJ45 adapter.
Create an interface connection to the access point via HyperTerminal or other command line terminal
- Open HyperTerminal from Start>All Programs>Accessories>Communications
- Create a new connection
- HyperTerminal should prompt you to create a new connection when it first opens
Cisco recommends the following settings
- 9600 baud rate
- 8 data bits
- no parity
- 1 stop bit
- no flow control
Log in to the access point command line
- Once the HyperTerminal connection is made, press Enter to access the command line interface and User Exec mode command prompt. None of the configuration we are doing will be in user EXEC mode so we will not spend any time on this area.
- At the command prompt, issue the command enable and press enter. This is the command to enter the privileged EXEC mode prompt.
- At this point, the system will prompt you for a password. The default password for this line of access points is Cisco and is case sensitive. This will also be the default password for the web browser interface in later sections. Type the password at the command prompt and press Enter.
- This should result in a command prompt ending with the pound (#) character.
Remove the old configuration file
- To remove any old configurations and prevent old settings from interfering, remove the starting configuration file by issuing the command erase startup-config at the command prompt.
- At this point, the system will prompt you to confirm your actions. Press Enter to confirm and return to the command prompt.
Reload or restart the access point
- At this point, you may either unplug the access point and plug it back in, or issue the command reload at the command prompt. If you choose to issue the reload command, it will prompt you again to confirm your actions. Press Enter to confirm and proceed with restarting the access point.
Perform basic security configuration
- Issue the command configure terminal at the command prompt and press Enter. This is known as “Global Configuration Mode”.
- If you wish, here you may issue the command hostname <hostname> at the command prompt where hostname will be the name of the access point. For the purpose of this article, we left this as the default value of “ap”.
- You may also wish to change the default password with the command enable secret <password>. This will change the default password for the privileged EXEC mode. This will also change the default password to access the web browser interface.
Configure the BVI1 interface with an IP address
- At the command prompt, issue the command interface bvi 1 and press Enter to enter the interface configuration mode for the BVI1 interface. For the web browser interface to work, an IP address needs to be assigned to this interface. If you are configuring this on a wired network, this could be the network IP address of the access point. For our purposes, we configured this as a standalone access point and used the private address 192.168.1.1 with the subnet mask 255.255.255.0. Being as this address is in the subnet of the network that will occupy the access point, we then have the option use any device connected to the access point to access the web browser interface.
- At the command prompt, issue the command ip address ip address subnet mask, where ip address subnet mask is the combination of IP address and subnet mask that you wish to use.
- At this point, you can issue the command no shutdown as you would during most cases of interface configuration, but, like loopback interfaces, the BVI1 interface is a virtual interface and is always up so this step is not necessary.
- At the command prompt, issue the command end and press Enter to return to the global configuration command prompt.
Configure the Dynamic Host Configuration Protocol (DHCP)
- At this point we will configure the access point to provide DHCP service. To do this, choose a suitable network IP address and subnet mask to serve your purpose.
- At the command prompt, issue the command ip dhcp excluded-address <low address> <high address> and press Enter. The purpose of this command is to exclude a contiguous range of addresses used for management purposes such as static addresses for printers and other hardware and peripherals. You may enter a single address or a contiguous range of addresses.
- At the command prompt, issue the command ip dhcp pool <name>, where name is a name chosen to represent the IP address pool and press Enter. For our purposes, we used the SSID of the access point. At this point, after pressing Enter, you are placed in DHCP configuration mode.
- At the command prompt, issue the command network <ip address> <subnet mask> where ip address> <subnet mask> are the network IP address and subnet mask that you chose in step A. For our purposes, we stuck with the combination of 192.168.1.0 255.255.255.0.
- At the command prompt, issue the command lease <days> <hours> <minutes> to set the IP address lease period and press Enter. You may use infinite instead of defining the days, hours and minutes.
- At the command prompt issue the command end and press Enter to return to the privileged EXEC mode prompt.
- At this point, DHCP has been configured and the web browser interface should be operational and accessible. At the command prompt, issue the command copy running-config startup-config to save the changes.
Configure the host network interface card (NIC) IPv4 settings with an IP address
- Configure the IPv4 settings of the PC network interface card so that it has a static IP address that is on the same subnet as the BVI1 interface as well as the same subnet mask. For our purposes, we used 192.168.1.2 255.255.255.0.
Connect an Ethernet patch cable to the access point
- Here, we are using a cabled connection because the SSID and wireless interfaces have not yet been configured. Using an Ethernet patch cable, plug one RJ-45 connector in the NIC on the PC and the other RJ-45 connector into the Fast Ethernet interface located at the rear of the access point between the two antennas.
Connect to the web browser interface of the access point
- Open a web browser such as Internet Explorer or Firefox.
- In the address bar, type http://ip address where ip address is the IP address of the BVI1 interface, and press Enter.
- At this point, you will receive a login prompt window. Leaving the username field blank, press the Tab key to move the cursor to the password field. If you set the password in step C of section VII, then the password you chose there is the same password needed here. If you left it as the default, the password should be Cisco. Enter the password and press Enter. This step should end with the web browser interface being displayed on the web browser.
Configure service set identifier (SSID)
- When the web browser interface starts, you are placed on the home screen. Here you should see a router configuration summary on the main screen. On the left side of the summary is a navigation panel. For our configuration we are going to navigate directly to the Express Security page. We are doing this for two reasons. We need to configure an SSID for wireless devices to connect to and we need to enable the wireless interfaces which need the SSID to work.\
- On the top of the Express Security page, you will see a field for an SSID name and a check box to allow broadcasting of the SSID. Enter a name and check the box to enable SSID broadcast. There are a lot of other options on this page, but for our immediate purpose, these are the only changes we will make here. Once you have set the SSID name and allowed it to broadcast, scroll down to the bottom of the page and click Apply.
Enable the wireless interfaces
- Navigate to the Interfaces page in the navigation menu on the left side of the screen. You will notice that the navigation panel expands to show each of the individual interfaces.
- Navigate to the Radio0-802.11B interface page. Here you will notice four tabs.
- RADIO0-802.11B STATUS - shows a summary interface status
- DETAILED STATUS - self explanatory
- SETTINGS - the changeable settings page
- CARRIER BUSY TEST - self explanatory
- Navigate directly to the Settings tab. Here you will notice all the settings available to configure the interface.
- For our purpose, click the enable option to enable the interface.
- Scroll down to the Data Rates setting and click on the Best Throughput button.
- Scroll sown to the bottom of the page and click the Apply button. It will take a few seconds for the interfaces to show enabled. If you still have access to the command line interface session, you will notice some system messages as the interface comes up.
- Perform steps B through F for interface Radio0-802.11A.
Configure cipher type
- In the navigation menu on the left side of the screen, navigate to the Security page. Again you will notice that the navigation menu expands to show sub sections of the security menu.
- Navigate to the Encryption sub section. Here you will notice that there is a page tab for each of the wireless interfaces. In this access point, you can configure different security measures for each interface. You will be setting them both the same.
- Click on the Cipher option and then use the scroll menu to the right and select TKIP as the encryption type. We are bypassing WEP on this page as WEP has been found to be broken and insecure and we are choosing to use the more secure WPA option (next section).
- You will only be using one security key so choose an appropriate passphrase and type it into the Encryption Key 2 field. You can choose a different key size of you choose to do so, but for our purposes, we left ours at 128 bits.
- Scroll down to the bottom of the page. As we are applying these settings to both wireless interfaces, we can click on the Apply-All button. This will save you from having to configure encryption settings for both interfaces.
Configure WPA
- Here, we will now configure SSID authentication essentially by using the previously defined encryption key as the pre-shared key (PSK). In the navigation menu on the left side of the screen, navigate to the SSID Manager page.
- In the Current SSID List window, click and select the SSID name.
- Scroll down to the Authentication Settings section and make sure Open Authentication is selected. For a basic wireless configuration, you can leave the rest of this section configured with the defaults.
- Scroll down to the Authenticated Key Management section. Use the dropdown menu for Key Management to select Mandatory and then click and select the WPA option.
- Select either ASCII or Hexadecimal style passphrase, then enter an appropriate passphrase into the field for WPA Pre-shared Key.
- For the rest of this page, you can leave the rest of the configuration with the default settings. Scroll down to the bottom of the page and click on Apply.
You should now have completed setting up basic wireless service with DHCP enabled to automatically negotiate network addressing. You should be able to connect a wireless device with the NIC to set to obtain an IP address automatically. There are a couple of ways to check who is connected to your network at any given time. In the web browser interface, selecting the Association page from the navigation menu will show you a graphical table with a MAC address and the IP address that is associated with it. You can get this same information using the command line interface by issuing the command show ip dhcp binding in the privileged EXEC mode command prompt.