Help Configuring Wireless Interface on Cisco 1811 Router

[Dubsix]

Hi all,

I'm a programmer by trade, that has been given the task of configuring my company's new cisco router. I've never done any of this stuff before, but have managed to stumble my way though the CLI setting up the basics. However, I haven't been able to figure the wireless part out as of yet as I'm having trouble finding enough information to describe how to setup/configure a Dot11Radio interface on a Cisco router.

My environment is as follows:
- We have 2 companies (both owned by same owner) working in the same building.
- We have 2 DSL lines coming in (one for each company) each with their own modem. Both modems will be connected to the Cisco 1811 router via Fa0 and Fa1 ethernet ports.
- Inside the router I have 3 vlans setup:
VLAN 10 for Company A [10.10.10.0]
VLAN 20 for Company B [10.10.20.0]
VLAN 30 for Guests [10.10.30.0]


I have 2 Dot11Radio interfaces on the router. What I would like to do is attach Dot11Radio-0 to VLAN 10, giving Company A wireless access to their network. Then on Dot11Radio-1 I would like to setup as the sole access point for VLAN 30, so that guests can only get access to the internet via a wireless connection.

I've gone through the steps found on Cisco's website shown here

http://www.cisco.com/en/US/docs/ios...ts_Configuration_Guide_Chapter.html#wp1059830

but it doesn't seem to be properly configuring the wireless interface as I can't get any wireless connection.

Please explain [with enough info for a newbie to understand] what I need to do to set this up.

Below is my current config from the router:

!
version 12.4
no service config
no service timestamps debug datetime msec
no service timestamps log datetime msec
no service password-encryption
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone PCTime -5
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.150
ip dhcp excluded-address 10.10.10.200 10.10.10.255
ip dhcp excluded-address 10.10.20.1 10.10.20.150
ip dhcp excluded-address 10.10.20.200 10.10.20.255
!
ip dhcp pool 10.10.10.0/24
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
ip dhcp pool 10.10.20.0/24
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
ip dhcp pool 10.10.30.0/24
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
!
ip cef
ip domain name xxxxxx.com
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
no ipv6 cef
!
multilink bundle-name authenticated
!
!
username xxxxx privilege 15 password xxxxx
archive
log config
hidekeys
!
!
!
!
interface FastEthernet0
description $Company A Gateway$
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description $Company B Gateway$
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
switchport access vlan 10
!
interface FastEthernet3
switchport access vlan 10
!
interface FastEthernet4
switchport access vlan 10
!
interface FastEthernet5
switchport access vlan 10
!
interface FastEthernet6
switchport access vlan 10
!
interface FastEthernet7
switchport access vlan 10
!
interface FastEthernet8
switchport access vlan 10
!
interface FastEthernet9
switchport access vlan 20
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
no cdp enable
!
interface Vlan1
no ip address
no ip nat inside
shutdown
!
interface Vlan10
description $Company A Network Block$
ip address 10.10.10.1 255.255.255.0
ip access-group 110 in
ip nat inside
ip virtual-reassembly
!
interface Vlan20
description $Company B Network Block$
ip address 10.10.20.1 255.255.255.0
ip access-group 120 in
ip nat inside
ip virtual-reassembly
!
interface Vlan30
description $Guest Network Block$
ip address 10.10.30.1 255.255.255.0
ip access-group 130 in
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
no ip route-cache
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source list 2 interface FastEthernet1 overload
!
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 2 permit 10.10.30.0 0.0.0.255
access-list 101 permit tcp any any established
access-list 110 permit ip host 10.10.10.5 host 10.10.20.5
access-list 110 permit ip host 10.10.10.5 host 10.10.20.6
access-list 110 permit ip host 10.10.10.6 host 10.10.20.5
access-list 110 permit ip host 10.10.10.6 host 10.10.20.6
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 110 deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255
access-list 110 permit ip any any
access-list 120 permit ip host 10.10.20.5 host 10.10.10.5
access-list 120 permit ip host 10.10.20.5 host 10.10.10.6
access-list 120 permit ip host 10.10.20.6 host 10.10.10.5
access-list 120 permit ip host 10.10.20.6 host 10.10.10.6
access-list 120 deny ip 10.10.20.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 120 deny ip 10.10.20.0 0.0.0.255 10.10.30.0.0.0.0.255
access-list 120 permit ip any any
access-list 130 deny ip 10.10.30.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 deny ip 10.10.30.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 130 permit ip any any
!
!
control-plane
!
!
banner login ^
---------------------------------------------------------
Only authorized Company A Employee's may access this device.
If you are NOT an authorized user, disconnect now!!!
---------------------------------------------------------
^
!
!
line con 0
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password xxxxxx
login
!
no process cpu extended
no process cpu autoprofile hog
end

 

[unclerico]

if you go back into that whitepaper that you linked to you will find a module for a basic wireless setup where it shows you step by step how to get it configured. be sure to visit the security module also so that your wlans are properly secured. if, after reading those two modules you can't get it to work, post back with your updated config.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[MrOyvind]

Ekample from my 1812w:

dot11 ssid myhouse
authentication open
guest-mode (broadcast SSID)

interface Dot11Radio1
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security private
no logging event link-status
!
encryption key 1 size 128bit 7 9588A9B88A7DB7C993E0C17C974F transmit-key
encryption mode ciphers aes-ccm tkip wep128
!
ssid myhouse
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root

Hope it helps, but this is not WPA2

 

[MrOyvind]

For VLANS you need brdging, something like this example:



!
bridge irb
!
interface Dot11Radio0
no ip address
!
broadcast-key vlan 1 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
authentication open
authentication network-eap eap_methods
authentication key-management wpa
!
ssid ciscowep
vlan 2authentication open
!
ssid ciscowpa
vlan 3
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 50
power local ofdm 30
channel 2462
station-role root
!
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Vlan3
no ip address
bridge-group 3
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.0.1.1 255.255.255.0
!
interface BVI2
ip address 10.0.2.1 255.255.255.0
Chapter 9 Configuring a Wireless LAN Connection
Configuration Example
!
interface BVI3
ip address 10.0.3.1 255.255.255.0