04-12-2011 01:02 AM - edited 11-18-2020 02:53 AM
Sample configuration example of an 871W ISR
This configuration example has 2 vlans, vlan 1 and vlan 2 , each mapped to a different SSID with WPA-PSK security
sh run
Building configuration...
Current configuration : 2452 bytes
!
! Last configuration change at 23:53:27 UTC Wed Mar 27 2002
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.lNK$ellDG1B2CZJnj82Wqn8iL0
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid GUESTRITS
vlan 2 <<<vlan 2 mapped to GUESTRITS SSID...Use the vlan as per the network configuration
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 cisco123
!
dot11 ssid INTERNAL
vlan 1 <<<<<<<vlan 1 mapped to INTERNAL SSID
authentication open
authentication key-management wpa
wpa-psk ascii 0 cisco123
!
ip source-route
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool GUESTRITS <<<<We have a DHCP pool for GUESTRITS SSID...wireless users connecting to this SSID will get IP from this pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
ip cef
!
cwmp agent
management server username 00000C-CISCO871W%2dG%2dA%2dK9V05-FHK12502AJ2
!
bridge irb
!
!
interface FastEthernet0
switchport trunk allowed vlan 1,2,1002-1005 <<<We are allowing only the vlans meant for wireless access...Modify this as per the needs
switchport mode trunk
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip <<<tkip is the cipher
!
encryption vlan 2 mode ciphers tkip
!
ssid GUESTRITS
!
ssid INTERNAL
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native <<<vlan 1 is native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
interface Vlan2
no ip address
bridge-group 2
!
interface BVI1
ip address 10.0.0.2 255.255.255.0
!
interface BVI2
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 protocol ieee <<<Bridge group 1 is always used for bridging native vlan traffic to the radio interface...
<<< bridge group 2 for bridging vlan 2 with radio interface here...
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
login
!
exception data-corruption buffer truncate
scheduler max-task-time 5000
end
Router#
Cisco 800 Series Routers Wireless Authentication Types on a Fixed ISR Configuration Example
Wireless, LAN (WLAN) Configuration Examples and TechNotes
Wireless, LAN (WLAN) Technology Q&A
Cisco 800 Series Routers Configuration Examples and TechNotes
Hi Ritika,
thanks for sharing the sample configuration example. keep it up . 5+
This is what I got and it has been working for me, and this includes the wireless setup. From my modem to my RV016 to my 871w. Once I figure out the PPPOE the 871w will be my only router running, and figure out the port forwarding, but most important I need to configure PPPOE.
mr-r1#sh star
Using 3825 out of 131072 bytes
!
! Last configuration change at 08:10:30 PCTime Sun Oct 28 2012 by ramosm
! NVRAM config last updated at 08:10:33 PCTime Sun Oct 28 2012 by ramosm
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname mr-r1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 64000
logging rate-limit 20
enable secret 5 $1$PDK9$YSz8GsnVsDYevR1hVGMG70
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3978252741
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3978252741
revocation-check none
rsakeypair TP-self-signed-3978252741
!
!
crypto pki certificate chain TP-self-signed-3978252741
certificate self-signed 01 nvram:IOS-Self-Sig#B.cer
dot11 syslog
!
dot11 ssid ramfam
vlan 55
authentication open
mbssid guest-mode
!
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.25.55.1 10.25.55.49
ip dhcp excluded-address 10.25.55.76 10.25.55.254
ip dhcp excluded-address 10.25.50.1 10.25.50.49
ip dhcp excluded-address 10.25.50.76 10.25.50.254
!
ip dhcp pool Data
import all
network 10.25.50.0 255.255.255.0
dns-server 10.55.55.1 4.2.2.1
domain-name MR-Lab1
default-router 10.25.50.1
lease 25
!
ip dhcp pool Wireless
import all
network 10.25.55.0 255.255.255.0
default-router 10.25.55.1
dns-server 10.55.55.1 4.2.2.2
lease 25
!
!
ip cef
ip domain name MR-Lab1.com
ip name-server 10.55.55.1
!
!
!
!
username ramosm privilege 15 secret 5 $1$J2cq$abQJlRlZgmIlEDPX/jd8A1
!
!
!
archive
log config
hidekeys
!
!
no ip ftp passive
!
bridge irb
!
!
interface FastEthernet0
description AirNet 1100
speed 100
spanning-tree portfast
!
interface FastEthernet1
description Extra cat5
spanning-tree portfast
!
interface FastEthernet2
description Ubuntu PC
spanning-tree portfast
!
interface FastEthernet3
description PS3
speed 100
spanning-tree portfast
!
interface FastEthernet4
description Internet Wan Port
ip address 10.55.55.105 255.255.255.0
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
!
encryption vlan 55 key 1 size 128bit 0 AB2081CA12B126DD2F95ABCF32 transmit-key
encryption vlan 55 mode wep mandatory
!
broadcast-key vlan 55 change 30
!
!
ssid ramfam
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
station-role root
!
interface Dot11Radio0.55
encapsulation dot1Q 55 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
ip address 10.25.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan55
no ip address
bridge-group 1
!
interface BVI1
ip address 10.25.55.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.55.55.1
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source list 2 interface FastEthernet4 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.25.50.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.25.55.0 0.0.0.255
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 30 0
password Cisco
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 20 0
password Cisco
logging synchronous
!
scheduler max-task-time 5000
end
mr-r1#
let me know what I can add or remove.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: