Networking

Configuring the Cisco 851W or 871W: Standard IOS

Insert configuration on 851W or 871W

Once the output is created, you can copy the Command column with your customized settings (starting below the "Command" label) and paste it into your console. Note that all the Excel formatting will be excluded from the paste command, which is exactly what we want. Also note that some commands take longer than others to insert because the router has to think. I would recommend you do a small section at a time and verify each of the commands executed properly without errors (some warnings notices are okay). The console is also known to drop certain statements at times if you paste too fast, so make sure the router takes every command. You'll have to verify with the "show run" command. When you're satisfied, be sure to issue the "write mem" command to commit all the changes permanently so that the settings will remain the next time you reboot the router.

Note that on the reference page, I've labeled all of the commands with their purpose. This is for reference, learning, and documentation. It would be wise to look through the entire reference page so you'll understand what most of the lines are doing.

The final Excel file is perfect for initial setup and permanent documentation. Anyone with any knowledge of Cisco devices should readily understand what's going on with this template. The table format, the highlighting, and all the text formatting help make Cisco CLI more readable and understandable.

You can also change the Reference sheet if you want to modify the template to suit your own purposes. For example, you may not want to force your guests to use WPA-PSK security instead of WEP, and you may even want to leave it wide open and offer a free hotspot.

Test your multi-VLAN multi-WLAN router

Your desktop PC connected to port F0 through F3 should all work. You should be able to acquire an address in the internal network. If you left my IP scheme default, that should be an IP address of 192.168.1.100. You should be able to ping 192.168.1.1 and 192.168.2.1, which are the IP addresses of the BVI1 interface and the dot0.20 sub-radio interface. Once the configuration is finished, you'll need to log in with the username and password you configured. If even pinging doesn't work, you'll need to check the IP address configuration on your BVI or radio sub-interface.

Since you can't use telnet yet if you can't even ping the router, you'll need to use the console to troubleshoot. You can troubleshoot IP configuration with the "show ip int brief" command, which will show you a listing of all the interfaces in your Cisco router above.

You should also be able to ping something like http://www.techrepublic.com if you've entered a valid DNS server. If you can't ping any Web site you know should work, try pinging your DNS server and see if that's available. If that doesn't work, you'll need to troubleshoot and verify that your configuration is correct. A good thing to check is whether your Dialer1 interface has been assigned an IP address from your DSL provider yet. If this were a cable modem, it would simply be the FastEthernet4 interface configured in DHCP mode.

If you're able to ping everything mentioned above, test your wireless laptop by connecting to both wireless LANs. The GuestWLAN will be the only SSID visible because it's the only one broadcasting. From the guest network, you should try to ping 192.168.1.1 to make sure it fails to prove the Guest-ACL is working. Note that the Guest-ACL can be modified to have exceptions if, for example, you want your guests to be able to print. The guest network should be able to get to everything on the Internet.

Getting the InternalWLAN is a little trickier because you won't see it by browsing. You'll need to add the SSID profile manually and move it to the top of the list. Then, you'll have to disconnect from the GuestWLAN and try to refresh the wireless network browser in Windows XP SP2 or whatever wireless client software you're using. After awhile, it should be able to connect to the InternalWLAN. This is why I hate SSID hiding. It's such a pain to use, and it doesn't provide any security benefits.

If you still have problems, you can post your questions in the article discussion and send me a private TechRepublic message.