Table Of Contents
Configuring a Wireless LAN Connection
The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN transceivers.
You can configure and monitor the routers using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). This chapter describes how to configure the router using the CLI. Use the interface dot11radio global configuration CLI command to place the device into radio configuration mode.
See the Cisco Access Router Wireless Configuration Guide for more detailed information about configuring these Cisco routers in a wireless LAN application.
Figure 9-1 shows a wireless network deployment.
Figure 9-1 Wireless Connection to the Cisco Router
Wireless LAN (with multiple networked devices)
Cisco 850 or Cisco 870 series access router connected to the Internet
In the configuration example that follows, a remote user is accessing the Cisco 850 or Cisco 870 series access router using a wireless connection. Each remote user has his own VLAN.
Perform the following tasks to configure this network scenario:
A configuration example showing the results of these configuration tasks is provided in the "Configuration Example" section.
Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1 "Basic Router Configuration," Chapter 3 "Configuring PPP over Ethernet with NAT," and Chapter 4 "Configuring PPP over ATM with NAT," as appropriate for your router. You may have also configured DHCP, VLANs, and secure tunnels.
Configure the Root Radio Station
Perform these steps to create and configure the root radio station for your wireless LAN, beginning in global configuration mode:
interface name number
Example:Router(config)# interface dot11radio 0Router(config-if)#
Enters interface configuration mode for the radio interface.
broadcast-key [vlan vlan-id] change seconds
Example:Router(config-if)# broadcast-key vlan 1 change 45Router(config-if)#
Specifies the time interval, in seconds, between rotations of the broadcast encryption key used for clients.
Note Client devices using static Wired Equivalent Privacy (WEP) cannot use the access point when you enable broadcast key rotation—only wireless client devices using 802.1x authentication (such as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access point.
Note This command is not supported on bridges.
See the Cisco IOS Commands for Access Points and Bridges for more details.
encryption method algorithm key
Example:Router(config-if)# encryption vlan 1 mode ciphers tkipRouter(config-if)#
Specifies the encryption method, algorithm, and key used to access the wireless interface.
The example uses the VLAN with optional encryption method of data ciphers.
Example:Router(config-if)# ssid ciscoRouter(config-if-ssid)#
Creates a Service Set ID (SSID), the public name of a wireless network.
Note All of the wireless devices on a WLAN must employ the same SSID to communicate with each other.
Example:Router(config-if-ssid)# vlan 1Router(config-if-ssid)#
Binds the SSID with a VLAN.
Example:Router(config-if-ssid)# authentication openRouter(config-if-ssid)# authentication network-eap eap_methodsRouter(config-if-ssid)# authentication key-management wpa
Sets the permitted authentication methods for a user attempting access to the wireless LAN.
More than one method can be specified, as shown in the example.
Exits SSID configuration mode, and enters interface configuration mode for the radio interface.
Example:Router(config-if)# basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0Router(config-if)#
(Optional) Specifies the required and allowed rates, in Mbps, for traffic over the wireless connection.
rts [retries | threshold]
Example:Router(config-if)# rts threshold 2312Router(config-if)#
(Optional) Specifies the Request to Send (RTS) threshold or the number of times to send a request before determining the wireless LAN is unreachable.
power [client | local] [cck [number | maximum] | ofdm [number | maximum]]
Example:Router(config-if)# power local cck 50Router(config-if)# power local ofdm 30Router(config-if)#
(Optional) Specifies the radio transmitter power level.
See the Cisco Access Router Wireless Configuration Guide for available power level values.
channel [number | least-congested]
Example:Router(config-if)# channel 2462Router(config-if)#
(Optional) Specifies the channel on which communication occurs.
See the Cisco Access Router Wireless Configuration Guide for available channel numbers.
station-role [repeater | root]
Example:Router(config-if)# station-role rootRouter(config-if)#
(Optional) Specifies the role of this radio interface.
You must specify at least one root interface.
Exits interface configuration mode, and enters global configuration mode.
Configure Bridging on VLANs
Perform these steps to configure integrated routing and bridging on VLANs, beginning in global configuration mode:
Configure Radio Station Subinterfaces
Perform these steps to configure subinterfaces for each root station, beginning in global configuration mode:
Repeat these steps to configure more subinterfaces, as needed.
The following configuration example shows a portion of the configuration file for the wireless LAN scenario described in the preceding sections.!bridge irb!interface Dot11Radio0no ip address!broadcast-key vlan 1 change 45!!encryption vlan 1 mode ciphers tkip!ssid ciscovlan 1authentication openwpa-psk ascii 0 cisco123authentication key-management wpa!ssid ciscowepvlan 2authentication open!ssid ciscowpavlan 3authentication open!speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0rts threshold 2312power local cck 50power local ofdm 30channel 2462station-role root!interface Dot11Radio0.1description Cisco Openencapsulation dot1Q 1 nativeno cdp enablebridge-group 1bridge-group 1 subscriber-loop-controlbridge-group 1 spanning-disabledbridge-group 1 block-unknown-sourceno bridge-group 1 source-learningno bridge-group 1 unicast-flooding!interface Dot11Radio0.2encapsulation dot1Q 2bridge-group 2bridge-group 2 subscriber-loop-controlbridge-group 2 spanning-disabledbridge-group 2 block-unknown-sourceno bridge-group 2 source-learningno bridge-group 2 unicast-flooding!interface Dot11Radio0.3encapsulation dot1Q 3bridge-group 3bridge-group 3 subscriber-loop-controlbridge-group 3 spanning-disabledbridge-group 3 block-unknown-sourceno bridge-group 3 source-learningno bridge-group 3 unicast-flooding!interface Vlan1no ip addressbridge-group 1bridge-group 1 spanning-disabled!interface Vlan2no ip addressbridge-group 2bridge-group 2 spanning-disabled!interface Vlan3no ip addressbridge-group 3bridge-group 3 spanning-disabled!interface BVI1ip address 10.0.1.1 255.255.255.0!interface BVI2ip address 10.0.2.1 255.255.255.0!interface BVI3ip address 10.0.3.1 255.255.255.0!