Networks·41,424 discussions

Configuring wireless interface on Cisco 877W

Locked

Please can someone advise the best source of a good basic step by step for connecting a laptop to a Cisco 877W wirelessly to browse the internet and local LAN. Just can’t figure it out bu trial and error, now just need it sorting out quickly. Vista laptop.

Topic

Clarifications

In reply to Configuring wireless interface on Cisco 877W

Clarifications

Might Help

In reply to Configuring wireless interface on Cisco 877W

Not sure of your specific problem, so hopefully this link will be of some help. Good Luck.

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/wireless.html

Thanks for the link

In reply to Configuring wireless interface on Cisco 877W

Thanks, Michael, for taking the time to reply. Specifically, I can quite easily now set up a radio interface which gives limited connectivity but cannot get the laptop to connect to the internet, so the router setup is incomplete, obviously. I need to know what is an outside/inside interface and what ip to assign where – thought it should all be the same subnet but this doesn’t work, as I have ‘overlapping addresses'(??). Must read up on these, the term is new to me. Also not sure if I should set up for bridging or routing. It’ll only be one laptop, so just a simple cxn which lets me browse internet and connect to one other station on the ethernet LAN is all that’s needed. Have applied the procedure in your recommended paper to no avail, so just need to know where to go for help. I don’t want to bother anybody unduly, but would a forum be a good place to ask? Does anybody have any further ideas? Very grateful again for all your help.

No Problem

In reply to Thanks for the link

It might be best if you publish the existing configuration on this thread. That way the members can see what is setup and what else would be required.

The router has two two interfaces. Outside refers to the interface that points toward the Internet and that interface needs to be configured with information given to you by your ISP. The internal interface points toward your internal computers. That interface also needs to be configured. Things like DHCP, Default Gateway and DNS need to be setup so that your computers will have IP addresses assigned to them as well know where to send traffic.

Curent Running Config

In reply to No Problem

Many thanks for that – I’m finding this incredibly useful. As a reminder for all members, then, I’m trying to attach one wireless laptop to a Cisco 877W router to allow internet and LAN connectivity. Not sure about bridging and routing, whether I need both or just one. I would like the laptop to pick up DHCP from the router.

Here is the current running config – what am I missing to make this work please?

Building configuration…

Current configuration : 13077 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router877
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$fRXt$oUuQQlUinm5fUtG3l1Zix1
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login local_authen local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec local_author local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 212.159.6.10 212.159.6.9
default-router 192.168.0.1
!
!
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH 802-11-iapp
ip inspect name SDM_HIGH tcp
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 212.159.6.9
ip name-server 212.159.6.10
ip ssh time-out 60
ip ssh authentication-retries 2
!
appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-3967697490
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3967697490
revocation-check none
rsakeypair TP-self-signed-3967697490
!
!
crypto pki certificate chain TP-self-signed-3967697490
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393637 36393734 3930301E 170D3032 30333031 30323431
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39363736
39373439 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C400 DB784AC7 4F20EC9E D7218274 18EE8B1C D390A795 8797505B 4EAA6B91
403B469C E4242487 BC73971D F7C175AE 79FF9661 CBDFA037 E13E388C 62794474
0A87FA58 704C375F 779C6111 E41E1A10 FAACBCDC 24034C87 DFD7BA83 628184CF
09334D78 1858121F 6A2441BA 8058C12F F570637E 3C825481 6135D5A1 A11B9813
5CC50203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18526F75 74657238 37372E79 6F757264 6F6D6169 6E2E636F
6D301F06 03551D23 04183016 8014100B 89076848 C6D65C65 0C9EC692 8018847D
BBA8301D 0603551D 0E041604 14100B89 076848C6 D65C650C 9EC69280 18847DBB
A8300D06 092A8648 86F70D01 01040500 03818100 1C977078 13F52B7C 92546208
B965B9C5 51666767 AC170784 7076F0FF 5C9D26A7 F63F2742 C230D6D1 2BC37AA0
12FBDC4F 84CFA385 65A9D212 50EBCAD2 0C164AEB 1D1996E5 C84B006B 2E1EB3D9
382F6728 F5BCD7A4 3978B4E3 54FACA79 614D472F 3F2F1B47 DEE1913B A681A8F0
D06BFCFC 4CFD4958 59541065 596E4F34 D4B4C9F4
quit
username ********* privilege 15 secret 5 **************
!
!
crypto isakmp policy 1
encr 3des
group 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto ipsec client ezvpn *********
connect auto
mode client
peer 217.180.76.2
username ******* password *******
xauth userid mode local
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to217.180.76.2
set peer 217.180.76.2
set transform-set ESP-3DES-SHA
match address 102
!
!
!
interface Null0
no ip unreachables
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_HIGH in
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
encryption key 1 size 128bit 7 2761ABBB8212F86EFF4FCF2A8106 transmit-key
encryption mode wep mandatory
!
ssid Turnstones
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_HIGH in
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
crypto ipsec client ezvpn ******** inside
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
ip access-group sdm_dialer0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname ***************
ppp chap password ***************
crypto ipsec client ezvpn **********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-top-talkers
top 10
sort-by bytes
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat outside source static 80.229.20.70 192.168.0.2
!
ip access-list extended sdm_bvi1_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_dialer0_out
remark SDM_ACL Category=1
permit ip any any
remark SDM_ACL Category=1
remark SDM_ACL Category=1
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for EzVPN (udp-10000) ********
access-list 101 permit udp host ************ any eq 10000
access-list 101 remark IPSec Rule
access-list 101 permit ip 217.180.0.0 0.0.255.255 192.168.0.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark ******** Public Address
access-list 101 permit ip host ************ any
access-list 101 permit udp host ************ any eq non500-isakmp
access-list 101 permit udp host ************ any eq isakmp
access-list 101 permit esp host ************ any
access-list 101 permit ahp host ************ any
access-list 101 permit udp host 212.159.6.9 eq domain any
access-list 101 permit udp host 212.159.6.10 eq domain any
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for EzVPN (udp-10000) *****
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark Ashville Public Address
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for EzVPN (udp-10000) *****
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark ***** Public Address
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.0.0 0.0.0.255 217.180.0.0 0.0.255.255
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 105 remark VTY Access-class list
access-list 105 remark SDM_ACL Category=1
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
access-list 105 deny ip any any
access-list 105 remark VTY Access-class list
access-list 105 remark SDM_ACL Category=1
access-list 105 remark VTY Access-class list
access-list 105 remark SDM_ACL Category=1
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 103
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
banner login ^CCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 105 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Many thanks then – also if I have any huge security holes, please tell me!

Many thanks in anticipation

Whew

In reply to Curent Running Config

First, I would like to know exactly how the 877 is connected to the network, all interfaces. Second was this router used for something else at one time? The configuration is pretty involved and has a great many ACL’s that may or not pertain to your situation.

I am by no means an expert on Cisco CLI, so hopefully another member can help you in that regard. I just kind of stumble through simple configurations. I also wonder if you have tried to use the SDM on the 877, it appears to be enabled? That might be an easier and more understandable method to configure the router. I only mention this as that is how I would configure it if possible and not a reflection on anyone’s ability to understand Cisco’s CLI. I mean no offense, I am just not aware of your abilities.

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_data_sheet0900aecd800fd118.html

No, that’s fine….

In reply to Whew

That’s ok, I set up the router from new using SDM, so the ACL entries are just the default firewall settings. There is one ADSL (ATM0), four Fast Ethernet cxns, of which only one is used at present, one radio -Dotradio 0 (dotradio0.1 is the higher frequency radio, not used), one Vlan to group all the ethernet cxns together and NAT translates these across to the outside interface, Dialer 0. All I want to do is link dotradio 0 to the Dialer 0 outside interface, but don’t know if I should set up a bridge cxn (and BVI group with IP address) or routing, likewise with an IP address. All attempts at this have failed, it won’t let me use the 192.168.0.1 – 255 range for the BVI as it ‘overlaps’ with the Vlan – I thought it would have to be on the same subnet, but apparently not. SDM overwrites SDM Basic and disables it, but since I have the wired ethernet working fine and connecting to the net I’m not about to undo all that work by putting SDM Basic back on. Need an SDM whizz! Many thanks for all your help.

[Author]

Replies