Настройка wifi роутера cisco

Настройка wifi роутера cisco

This chapter describes how to configure the autonomous wireless device on the Cisco 880 Series Integrated Services Router (ISR).

Note To upgrade the autonomous software to Cisco Unified software on the embedded wireless device, see the «Upgrading to Cisco Unified Software» section for instructions.

The wireless device is embedded and does not have an external console port for connections. To configure the wireless device, use a console cable to connect a personal computer to the host router’s console port, and perform these procedures to establish connectivity and configure the wireless settings.

•Starting a Wireless Configuration Session

•Closing the Session

•Configuring Wireless Settings

•Configuring the Access Point in Hot Standby Mode (Optional)

•Upgrading to Cisco Unified Software

•Images Supported

•Related Documentation

Starting a Wireless Configuration Session

Note Before you configure the wireless settings in the router’s setup, you must follow these steps to open a session between the router and the access point.

Enter the following commands in global configuration mode on the router’s Cisco IOS CLI.

SUMMARY STEPS

1. interface wlan-ap0

2. ip address subnet mask

3. no shutdown

4. interface vlan1

5. ip address subnet mask

6. exit

7. exit

8. service-module wlan-ap 0 session

DETAILED STEPS

router(config)# interface wlan-ap0 
The wlan-ap 0 interface is used for managing the embedded AP. Please use the service-module wlan-ap 0 session command to console into the embedded AP.
router(config-if)# ip address 10.21.0.20 255.255.255.0
router(config-if)# ip unnumbered vlan1 
router(config-if)# no shutdown 
router(config-if)# interface vlan1 
router(config-if)# ip address 10.10.0.30 255.255.255.0
router# service-module wlan-ap0 session 
Trying 10.21.0.20, 2002 . Open 

Tip To create a Cisco IOS software alias for the console to session into the wireless device, enter the alias exec dot11radio service-module wlan-ap 0 session command at the EXEC prompt.

Closing the Session

To close the session between the wireless device and the router’s console, follow these steps:

Wireless Device

1. Control-Shift-6 x

Router

1. Type the disconnect command.

2. Press Enter.

Configuring Wireless Settings

Note If you are configuring the wireless device for the first time, you must start a configuration session between the access point and the router before you attempt to configure the basic wireless settings. See the «Starting a Wireless Configuration Session» section.

Configure the wireless device with the tool that matches the software on the device.

•Cisco Express Setup—Unified Software

•Cisco IOS Command Line Interface—Autonomous software

Note If you are running the wireless device in autonomous mode and would like to upgrade to Unified mode, see the «Upgrading to Cisco Unified Software» section for upgrade instructions.

Читайте также:  Плохо раздает интернет роутер

After upgrading to Cisco Unified Wireless software, use the web-browser interface to configure the device at the following URL:
http://cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap2-gui.html

Cisco Express Setup

To configure the autonomous wireless device, use the web-browser tool:

Step 1 Establish a console connection to the wireless device and get the Bridge-Group Virtual Interface (BVI) IP address by entering the show interface bvi1 Cisco IOS command.

Step 2 Open a browser window, and enter the BVI IP address in the browser-window address line. Press Enter. An Enter Network Password window appears.

Step 3 Enter your username. Cisco is the default username.

Step 4 Enter the wireless device password. Cisco is the default password. The Summary Status page appears. For details about using the web-browser configuration page, see the following URL:
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/configuration/guide/scg12410b-chap4-first.html#wp1103336

Cisco IOS Command Line Interface

To configure the autonomous wireless device, use the Cisco IOS CLI tool to perform the following tasks:

•Configuring the Radio

•Configuring Wireless Security Settings

•Configuring Wireless Quality of Service (Optional)

Configuring the Radio

Configure the radio parameters on the wireless device to transmit signals in autonomous or Cisco Unified mode. For specific configuration procedures, see the «Configuring Radio Settings» section .

Configuring Wireless Security Settings

Configuring Authentication

Authentication types are tied to the Service Set Identifiers (SSIDs) that are configured for the access point. To serve different types of client devices with the same access point, configure multiple SSIDs.

Before a wireless client device can communicate on your network through the access point, the client device must authenticate to the access point by using open or shared-key authentication. For maximum security, client devices should also authenticate to your network using MAC address or Extensible Authentication Protocol (EAP) authentication. Both authentication types rely on an authentication server on your network.

To select an authentication type, see Authentication Types for Wireless Devices at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html.

To set up a maximum security environment, see RADIUS and TACACS+ Servers in a Wireless Environment at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/SecurityRadiusTacacs_1.html.

Configuring Access Point as Local Authenticator

To provide local authentication service or backup authentication service for a WAN link failure or a server failure, you can configure an access point to act as a local authentication server. The access point can authenticate up to 50 wireless client devices using Lightweight Extensible Authentication Protocol (LEAP), Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), or MAC-based authentication. The access point performs up to five authentications per second.

You configure the local authenticator access point manually with client usernames and passwords because it does not synchronize its database with RADIUS servers. You can specify a VLAN and a list of SSIDs that a client is allowed to use.

For details about setting up the wireless device in this role, see Using the Access Point as a Local Authenticator at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/SecurityLocalAuthent.html.

Configuring WEP and Cipher Suites

Wired Equivalent Privacy (WEP) encryption scrambles the data transmitted between wireless devices to keep the communication private. Wireless devices and their wireless client devices use the same WEP key to encrypt and decrypt data. WEP keys encrypt both unicast and multicast messages. Unicast messages are addressed to one device on the network. Multicast messages are addressed to multiple devices on the network.

Читайте также:  Прошивка wifi роутера zte

Cipher suites are sets of encryption and integrity algorithms designed to protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM).

Cipher suites that contain Temporal Key Integrity Protocol (TKIP) provide the greatest security for your wireless LAN. Cipher suites that contain only WEP are the least secure.

For encryption procedures, see Configuring WEP and Cipher Suites at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/SecurityCipherSuitesWEP.html.

Configuring Wireless VLANs

If you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs by using any of the four security settings defined in the «Security Types» section. A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. A VLAN consists of a number of end systems, either hosts or network equipment (such as bridges and routers), that are connected by a single bridging domain. The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group of protocols for each VLAN.

For more information about wireless VLAN architecture, see Configuring Wireless VLANs at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/wireless_vlans.html.

Note If you do not use VLANs on your wireless LAN, the security options that you can assign to SSIDs are limited because the encryption settings and authentication types are linked on the Express Security page.

Assigning SSIDs

You can configure up to 16 SSIDs on a wireless device in the role of an access point, and you can configure a unique set of parameters for each SSID. For example, you might use one SSID to allow guests limited access to the network and another SSID to allow authorized users access to secure data.

For more about creating multiple SSIDs, see Service Set Identifiers at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/ServiceSetID.html .

Note Without VLANs, encryption settings (WEP and ciphers) apply to an interface, such as the 2.4-GHz radio, and you cannot use more than one encryption setting on an interface. For example, when you create an SSID with static WEP with VLANs disabled, you cannot create additional SSIDs with WPA authentication because the SSIDs use different encryption settings. If you find that the security setting for an SSID conflicts with the settings for another SSID, you can delete one or more SSIDs to eliminate the conflict.

Security Types

Table 4-1 describes the four security types that you can assign to an SSID.

Or

If your network does not have a RADIUS server, consider using an access point as a local authentication server.

SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured.
SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured.

Configuring Wireless Quality of Service

Configuring quality of service (QoS) can provide preferential treatment to certain traffic at the expense of other traffic. Without QoS, the device offers best-effort service to each packet, regardless of the packet contents or size. It sends the packets without any assurance of reliability, delay bounds, or throughput. To configure QoS for your wireless device, see Quality of Service in a Wireless Environment at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/QualityOfService.html.

Читайте также:  Личный кабинет вай фай роутера асус

Configuring the Access Point in Hot Standby Mode

In hot standby mode, an access point is designated as a backup for another access point. The standby access point is placed near the access point that it monitors and is configured exactly like the monitored access point. The standby access point associates with the monitored access point as a client and sends Internet Access Point Protocol (IAPP) queries to the monitored access point through the Ethernet and radio ports. If the monitored access point fails to respond, the standby access point comes online and takes the monitored access point’s place in the network.

Except for the IP address, the standby access point’s settings should be identical to the settings on the monitored access point. If the monitored access point goes offline and the standby access point takes its place in the network, matching settings ensure that client devices can switch easily to the standby access point. For more information, see Hot Standby Access Points at http://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/RolesHotStandby.html.

Upgrading to Cisco Unified Software

To run the access point in Cisco Unified mode, upgrade the software by performing the following procedures:

•Preparing for the Upgrade

•Performing the Upgrade

•Upgrading AP bootloader

•Downgrading the Software on the Access Point

•Recovering Software on the Access Point

Software Prerequisites

•Cisco 880 Series ISRs with embedded access points are eligible to upgrade from autonomous software to Cisco Unified software if the router is running the advipservices feature set and Cisco IOS Release15.2(4)M1 or later versions.

•To use the embedded access point in a Cisco Unified Architecture, the Cisco Wireless LAN Configuration (WLC) must be running the minimum versions for single radio (Cisco IOS Release 7.0.116.0 or later versions) and dual radio (Cisco IOS Release 7.2.110.0 or later versions).

Preparing for the Upgrade

Secure an IP Address on the Access Point

Secure an IP address on the access point so it that can communicate with the WLC and download the Unified image upon bootup. The host router provides the access point DHCP server functionality through the DHCP pool. The access point communicates with the WLC and setup option 43 for the controller IP address in the DHCP pool configuration. The following is a sample configuration:

ip dhcp pool embedded-ap-pool

Источник

Оцените статью
Adblock
detector