cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
93051
Views
25
Helpful
11
Comments
ritchauh
Level 1
Level 1

Introduction:-

This is a configuration example for 861W/881W/891W series ISRs. It has 2 vlans, vlan 1 for wired users and vlan 4 for wireless users. Each vlan has its dedicated DHCP pool.

Configuration Steps:-

Before we could access the AP module, we need to configure the router to open  a session between the AP module and the router module.


NOTE:-

1.   Define the router’s console interface to the wireless device. The interface is used for communication between the router’s           console and the wireless device. Always use port 0.


     Router(config)# interface wlan-ap0

     Router(config-if)#

   The following message appears:-


   "The wlan-ap 0 interface is used for managing the embedded AP. Please use the service-module wlan-ap 0 session                      command to console into the embedded AP".


2.   Specify the IP address and subnet mask


    Router(config-if)#ip unnumbered vlan 4

    Router(config-if)#no shut

    Router(config-if)#end

    Router#


    The IP address can be shared with the IP address assigned to the Cisco Integrated Services Router by using the ip unnumbered vlan4 command.



3. Open the connection between the wireless device and the router’s console.


    Router#service-module wlan-ap 0 session


    Example:-


    Router# service-module wlan-ap0 session


    Trying 10.0.0.1, 2002 ... Open

    ap>


4.  Afterwards, to close the session between the wireless device and the router’s console, perform the following steps:


    Wireless Device


    A.  Control-Shift-6 x

          Router

    B.  Disconnect

    C.  Press Enter twice.


5.  Configure AP module for wireless functionality with one SSID. Example given below.

6.  Configure router module for the desired vlans. Example given below.

ROUTER MODULE



Version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 800-12

!

boot-start-marker

boot system flash

boot-end-marker

!

no logging on

!

no aaa new-model

!

ip source-route

ip dhcp excluded-address 10.10.10.1                         <<<exclude IP addresses that need not be leased out

ip dhcp excluded-address 10.0.0.1                             <<<exclude IP addresses that need not be leased out

!

ip dhcp pool Wireless                                                       <<<<DHCP pool for wireless users

   network 10.0.0.0 255.255.255.0

   default-router 10.0.0.1                                                <<<<default gateway will be the wireless vlan IP ( vlan 4 )address

!

ip dhcp pool TEST                                                             <<<DHCP pool for other wired users

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1                                          <<default gateway for wired users is the wired vlan IP (vlan 1 )

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

ip inspect log drop-pkt

!

!

username cisco secret 5 $1$D.C.$gY/Pz9EJKgnfGYISyU4NR0

!

!

archive

log config

  hidekeys

!

bridge irb

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

interface wlan-ap0                                           <<<<<<<<<<<<<Service module interface to manage the embedded AP

description Service module interface to manage the embedded AP

ip unnumbered Vlan4                                         <<<This interface will use vlan 4 IP to manage the embedded AP

arp timeout 0

!

interface Wlan-GigabitEthernet0                             

description Internal switch interface connecting to the embedded AP

switchport trunk native vlan 4                               <<<Specifying the native vlan as 4

switchport mode trunk

!

interface Vlan1                                                              <<<<VLAN 1 for wired users

ip address 10.10.10.1 255.255.255.0

!

interface Vlan4                                                           <<<<VLAN4 network for wireless users

ip address 10.0.0.1 255.255.255.0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.76.75.65

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner exec ^C

AP MODULE:-


hostname ap

!

enable secret 5 $1$uoRD$Mz7Q8NVh9L0PYSoIKxghH/

!

no aaa new-model

!

dot11 ssid TEST                              <<<TEST SSID

   vlan 4                                             <<<TEST SSID mapped to vlan 4

   authentication open

   authentication key-management wpa

   guest-mode                                 <<<<To broadcast the SSID

   wpa-psk ascii 0 cisco123          <<<Preshared key is used   

!

username cisco privilege 15 secret 5 $1$JbKq$341Z9uDAkeHKcMTO6/WI00

!

bridge irb

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 4 mode ciphers tkip                 <<<<<Specifying TKIP cipher for the SSID

!

ssid TEST

!

station-role root

!

interface Dot11Radio0.4                              <<<<<<<Create sub interface for vlan 4 and specify it as native vlan

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.4                       <<<<<<<Create sub interface for vlan 4 and specify it as native vlan

encapsulation dot1Q 4 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address dhcp

no ip route-cache

!

ip default-gateway 10.0.0.1                   <<<<IP address of vlan 4 is the default gateway                   

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 protocol ieee

bridge 1 route ip

!

Related Document:-


Basic Wireless Configuration for 861W/881W/891W

Comments
Vinay Sharma
Level 7
Level 7

thanks Ritika for sharing this configuration example.

Vivien FRANCOIS
Level 1
Level 1

Thanks a lot, very useful !

ramosm1974
Level 1
Level 1

This is what I got and it has been working for me. From my modem to my RV016 to my 871w.  Once I figure out the PPPOE the 871w will be my only router running, and figure out the port forwarding, but most important I need to configure PPPOE.

mr-r1#sh star

Using 3825 out of 131072 bytes

!

! Last configuration change at 08:10:30 PCTime Sun Oct 28 2012 by ramosm

! NVRAM config last updated at 08:10:33 PCTime Sun Oct 28 2012 by ramosm

!

version 12.4

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

!

hostname mr-r1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

logging buffered 64000

logging rate-limit 20

enable secret 5 $1$PDK9$YSz8GsnVsDYevR1hVGMG70

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

clock timezone PCTime -8

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-3978252741

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3978252741

revocation-check none

rsakeypair TP-self-signed-3978252741

!

!

crypto pki certificate chain TP-self-signed-3978252741

certificate self-signed 01 nvram:IOS-Self-Sig#B.cer

dot11 syslog

!

dot11 ssid ramfam

vlan 55

authentication open

mbssid guest-mode

!

ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 10.25.55.1 10.25.55.49

ip dhcp excluded-address 10.25.55.76 10.25.55.254

ip dhcp excluded-address 10.25.50.1 10.25.50.49

ip dhcp excluded-address 10.25.50.76 10.25.50.254

!

ip dhcp pool Data

   import all

   network 10.25.50.0 255.255.255.0

   dns-server 10.55.55.1 4.2.2.1

   domain-name MR-Lab1

   default-router 10.25.50.1

   lease 25

!

ip dhcp pool Wireless

   import all

   network 10.25.55.0 255.255.255.0

   default-router 10.25.55.1

   dns-server 10.55.55.1 4.2.2.2

   lease 25

!

!

ip cef

ip domain name MR-Lab1.com

ip name-server 10.55.55.1

!

!

!

!

username ramosm privilege 15 secret 5 $1$J2cq$abQJlRlZgmIlEDPX/jd8A1

!

!

!

archive

log config

  hidekeys

!

!

no ip ftp passive

!

bridge irb

!

!

interface FastEthernet0

description AirNet 1100

speed 100

spanning-tree portfast

!

interface FastEthernet1

description Extra cat5

spanning-tree portfast

!

interface FastEthernet2

description Ubuntu PC

spanning-tree portfast

!

interface FastEthernet3

description PS3

speed 100

spanning-tree portfast

!

interface FastEthernet4

description Internet Wan Port

ip address 10.55.55.105 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface Dot11Radio0

no ip address

!

encryption vlan 55 key 1 size 128bit 0 AB2081CA12B126DD2F95ABCF32 transmit-key

encryption vlan 55 mode wep mandatory

!

broadcast-key vlan 55 change 30

!

!

ssid ramfam

!

mbssid

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0

station-role root

!

interface Dot11Radio0.55

encapsulation dot1Q 55 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

ip address 10.25.50.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan55

no ip address

bridge-group 1

!

interface BVI1

ip address 10.25.55.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.55.55.1

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source list 2 interface FastEthernet4 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.25.50.0 0.0.0.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 10.25.55.0 0.0.0.255

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 30 0

password Cisco

logging synchronous

no modem enable

line aux 0

line vty 0 4

exec-timeout 20 0

password Cisco

logging synchronous

!

scheduler max-task-time 5000

end

mr-r1#

ramosm1974
Level 1
Level 1

Let me know what you think? or what I can add or remove, but this is wahts working.

wilder7bc
Level 1
Level 1

I am unable to set my 891w router up.  I really need assistance.   I dont mind wiping and starting over I have multiple times.

Here is link from another post I have that nobody has answered or said anthing about yet.

https://supportforums.cisco.com/thread/2241210

I tried to use the example above in my router but vlan4 is down/down for some reason I went through copying pasting not sure what happened.

Basically I just want my router setup to broadcast wireless and have wpa pka protection, then I want to plug in my home lab with about 4 servers and routhers and such. 

I dont need dhcp or dns as I will set that up on my servers soon as I can get this router to work.

Any help would be great.

Below is my config. I cannot setup the wap because it says

-----------------------------

891W#service-module wlan-ap 0 session
Trying 10.0.0.1, 2002 ...
% Destination unreachable; gateway or host down

891W#

------------------------------

guessing something is wrong with vlan 4

------------------------------

891W#show ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
Async1                     unassigned      YES unset  down                  down

FastEthernet0              unassigned      YES unset  down                  down

FastEthernet1              unassigned      YES unset  down                  down

FastEthernet2              unassigned      YES unset  down                  down

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              unassigned      YES unset  down                  down

FastEthernet5              unassigned      YES unset  down                  down

FastEthernet6              unassigned      YES unset  down                  down

FastEthernet7              unassigned      YES unset  down                  down

FastEthernet8              unassigned      YES unset  administratively down down

GigabitEthernet0           unassigned      YES unset  administratively down down

Vlan1                      10.10.10.1      YES manual up                    up

Vlan4                      10.0.0.1        YES manual down                  down

Wlan-GigabitEthernet0      unassigned      YES unset  up                    up

wlan-ap0                   10.0.0.1        YES unset  up                    up

891W#

------------------------------------------------

I checked for vlans and got this:

891W#show vlans

No Virtual LANs configured.

891W#

--------------------------------------------

below is the full config:

===========================


891W#show running-config
Building configuration...

Current configuration : 4262 bytes
!
! Last configuration change at 17:16:36 UTC Sat Sep 21 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891W
!
boot-start-marker
boot system flash
boot-end-marker
!
!
no logging on
!
no aaa new-model
!
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1959322904
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1959322904
revocation-check none
rsakeypair TP-self-signed-1959322904
!
!
crypto pki certificate chain TP-self-signed-1959322904
certificate self-signed 01
(removed to save space)
        quit
ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool Wireless
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
!
ip dhcp pool TEST
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
!
ip cef
no ip domain lookup
ip domain name BWCAT.com
ip inspect log drop-pkt
no ipv6 cef
!
!
!
!
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
!
!
!
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FTX1423818V
!
!
archive
log config
  hidekeys
username myname secret 5 xxxxxxx
!
!
!
!
!
!
!
bridge irb
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan4
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 4
switchport mode trunk
no ip address
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
!
interface Vlan4
ip address 10.0.0.1 255.255.255.0
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 10.76.75.65
!
logging esm config
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
!
mgcp profile default
!
!
!
!
banner exec ^CC
DO NOT ACCESS WITHOUT PERMISSION
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
login
transport input all
!
end

891W#

========================================

wilder7bc
Level 1
Level 1

Not sure what happened but it just came up out of the blue...

===================

891W#show vlans

No Virtual LANs configured.

891W#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
891W(config)#vlan 4
891W(config-vlan)#name wireless
891W(config-vlan)#exit
891W(config)#end

%SYS-5-CONFIG_I: Configured from console by console891W#show vlans

No Virtual LANs configured.

891W#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan4, changed state to up
891W#show ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
Async1                     unassigned      YES unset  down                  down

FastEthernet0              unassigned      YES unset  down                  down

FastEthernet1              unassigned      YES unset  down                  down

FastEthernet2              unassigned      YES unset  down                  down

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              unassigned      YES unset  down                  down

FastEthernet5              unassigned      YES unset  down                  down

FastEthernet6              unassigned      YES unset  down                  down

FastEthernet7              unassigned      YES unset  down                  down

FastEthernet8              unassigned      YES unset  administratively down down

GigabitEthernet0           unassigned      YES unset  administratively down down

Vlan1                      10.10.10.1      YES manual up                    up

Vlan4                      10.0.0.1        YES manual up                    up

Wlan-GigabitEthernet0      unassigned      YES unset  up                    up

wlan-ap0                   10.0.0.1        YES unset  up                    up

891W#show vlans
891W#show vlans

No Virtual LANs configured.

891W#service
891W#service-module wlan
891W#service-module wlan-ap 0
891W#service-module wlan-ap 0 se
891W#service-module wlan-ap 0 session
Trying 10.0.0.1, 2002 ... Open

Connecting to AP console, enter Ctrl-^ followed by x,
then "disconnect" to return to router prompt
C
% Password change notice.

-------------------------------------------------------

I didnt do anyuthing but the vlan 4 and name thingie and then about 1 minute later it popped on.  I will try to use the second part for the WPA configuration now and see if that works.

Anis Momin
Level 1
Level 1

Please check below and help me with resolving Vlan issue with cisco 881 ROuter and Cisco SG500-52 siwtch

https://supportforums.cisco.com/thread/2252633

Thanks a lot really you helped me so much , but now i can ping from local computer to wireless devices but the wireless devices cant ping the local computers 

thanks if anybody can suggest me what to do ! 

Mark DeLong
Level 4
Level 4

Thank you! Worked in a pinch!

Eddy.Cuevas
Level 1
Level 1

Hello 

I hope you could help me. 

I have the Cisco 891FW box running IOS Version 15.4(1r)T1. I cannot find the encryption command to execute encryption vlan 4 mode ciphers tkip line. 

I am doing the exact example of Richauh 

 

Thank you

Luca Pecchiari
Level 1
Level 1

Post your show run.

 

The encryption vlan 4 mode ciphers tkip is post under interface Dot11RadioX

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: