Configuring a Wireless LAN Connection
The Cisco 1800 series integrated services fixed-configuration routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN transceivers.
You can configure and monitor the routers using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). This chapter describes how to configure the router using the CLI. Use the
interface dot11radio
global configuration CLI command to place the device into radio configuration mode.
See the
Cisco Access Router Wireless Configuration Guide
for more detailed information about configuring these Cisco routers in a wireless LAN application.
Figure 9-1 shows a wireless network deployment.
Figure 9-1 Sample Wireless LAN
|
Wireless LAN (with multiple networked devices)
|
|
Cisco 1800 series integrated services router connected to the Internet
|
|
VLAN 1
|
|
VLAN 2
|
In the configuration example that follows, a remote user is accessing the Cisco 1800 series integrated services router using a wireless connection. Each remote user has his own VLAN.
Configuration Tasks
Perform the following tasks to configure this network scenario:
An example showing the results of these configuration tasks is shown in the section “Configuration Example.”
Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see “Basic Router Configuration,” “Configuring PPP over Ethernet with NAT,” and “Configuring PPP over ATM with NAT,” as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels.
Configure the Root Radio Station
Perform these steps to create and configure the root radio station for your wireless LAN, beginning in global configuration mode:
|
|
|
Step 1
|
interface
name number
Example:
Router(config)# interface dot11radio 0
|
Enters interface configuration mode for the specified wireless interface.
|
Step 2
|
broadcast-key
[[
vlan
vlan-id
]
change
secs
] [
membership-termination
] [
capability-change
]
Example:
Router(config-if)# broadcast-key vlan 1 change 45
|
Specifies the time interval (in seconds) between rotations of the broadcast encryption key used for clients.
Note Client devices using static Wired Equivalent Privacy (WEP) cannot use the access point when you enable broadcast key rotation—only wireless client devices using 802.1x authentication (such as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access point.
Note This command is not supported on bridges.
See the
Cisco IOS Commands for Access Points and Bridges
document for more details.
|
Step 3
|
encryption
method
algorithm
key
Example:
Router(config-if)#
encryption vlan 1 mode ciphers tkip
|
Specifies the encryption method, algorithm, and key used to access the wireless interface.
The example uses the VLAN with optional encryption method of data ciphers.
|
Step 4
|
ssid
name
Example:
Router(config-if)#
ssid cisco
|
Creates a Service Set ID (SSID), the public name of a wireless network.
Note All of the wireless devices on a WLAN must employ the same SSID to communicate with each other.
|
Step 5
|
vlan
number
Example:
Router(config-if-ssid)#
vlan 1
|
Binds the SSID with a VLAN.
|
Step 6
|
authentication
type
Example:
Router(config-if-ssid)#
authentication open
Router(config-if-ssid)#
authentication network-eap eap_methods
Router(config-if-ssid)#
authentication key-management wpa
|
Sets the permitted authentication methods for a user attempting access to the wireless LAN.
More than one method can be specified, as shown in the example.
|
Step 7
|
exit
Example:
Router(config-if-ssid)#
exit
|
Exits SSID configuration mode, and enters interface configuration mode for the wireless interface.
|
Step 8
|
speed
rate
Example:
Router(config-if)#
basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
|
(Optional) Specifies the required and allowed rates, in Mbps, for traffic over the wireless connection.
|
Step 9
|
rts
[
retries
|
threshold
]
Example:
Router(config-if)#
rts threshold 2312
|
(Optional) Specifies the Request to Send (RTS) threshold or the number of times to send a request before determining the wireless LAN is unreachable.
|
Step 10
|
power
[
client
|
local
]
[
cck
[
number
|
maximum
] |
ofdm
[
number
|
maximum
]]
Example:
Router(config-if)#
power local cck 50
Router(config-if)#
power local ofdm 30
|
(Optional) Specifies the radio transmitter power level.
See the
Cisco Access Router Wireless Configuration Guide
for available power level values.
|
Step 11
|
channel
[
number
|
least-congested
]
Example:
Router(config-if)#
channel 2462
|
(Optional) Specifies the channel on which communication occurs.
See the
Cisco Access Router Wireless Configuration Guide
for available channel numbers.
|
Step 12
|
station-role
[
repeater
|
root
]
Example:
Router(config-if)#
station-role root
|
(Optional) Specifies the role of this wireless interface.
You must specify at least one root interface.
|
Step 13
|
exit
Example:
|
Exits interface configuration mode, and enters global configuration mode.
|
Configure Bridging on VLANs
Perform these steps to configure integrated routing and bridging on VLANs, beginning in global configuration mode:
|
|
|
Step 1
|
bridge
[
number
|
crb
|
irb
|
mac-address-table
]
Example:
Router(config)# bridge irb
|
Specifies the type of bridging.
The example specifies integrated routing and bridging.
|
Step 2
|
interface
name number
Example:
Router(config)# interface vlan 1
|
Enters interface configuration mode.
We want to set up bridging on the VLANs, so the example enters the VLAN interface configuration mode.
|
Step 3
|
bridge-group
number
Example:
Router(config)# bridge-group 1
|
Assigns a bridge group to the interface.
|
Step 4
|
bridge-group
parameter
Example:
Router(config)# bridge-group spanning-disabled
|
Sets other bridge parameters for the bridging interface.
|
Step 5
|
interface
name number
Example:
Router(config)# interface bvi 1
|
Enters configuration mode for the virtual bridge interface.
|
Step 6
|
ip address
address mask
Example:
Router(config)# ip address 10.0.1.1 255.255.255.0
|
Specifies the address for the virtual bridge interface.
|
Repeat Step 2 through Step 6 above for each VLAN that requires a wireless interface.
Configure Radio Station Subinterfaces
Perform these steps to configure subinterfaces for each root station, beginning in global configuration mode:
|
|
|
Step 1
|
interface
type number
Example:
Router(config)# interface dot11radio 0.1
|
Enters subinterface configuration mode for the root station interface.
|
Step 2
|
description
string
Example:
Router(config-subif)# description Cisco open
|
Provides a description of the subinterface for the administrative user.
|
Step 3
|
encapsulation dot1q
vlanID
[
native
|
second-dot1q
]
Example:
Router(config-subif)# encapsulation dot1q 1 native
|
Enables IEEE 802.1q encapsulation on the specified subinterface.
|
Step 4
|
no cdp enable
Example:
Router(config-subif)# no cdp enable
|
Disables the Cisco Discovery Protocol (CDP) on the wireless interface.
|
Step 5
|
bridge-group
number
Example:
Router(config-subif)# bridge-group 1
|
Assigns a bridge group to the subinterface.
|
Step 6
|
exit
Example:
Router(config-subif)# exit
|
Exits subinterface configuration mode, and enters global configuration mode.
|
Repeat these steps to configure more subinterfaces, as needed.
Configuration Example
The following configuration example shows a portion of the configuration file for the wireless LAN scenario described in the preceding sections.
broadcast-key vlan 1 change 45 encryption vlan 1 mode ciphers tkip authentication network-eap eap_methods authentication key-management wpa speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 encapsulation dot1Q 1 native bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 3 subscriber-loop-control bridge-group 3 spanning-disabled bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 1 spanning-disabled bridge-group 2 spanning-disabled bridge-group 3 spanning-disabled ip address 10.0.1.1 255.255.255.0 ip address 10.0.2.1 255.255.255.0 ip address 10.0.3.1 255.255.255.0