Difference between revisions of "Cisco 1941 with AIR-SAP 1602E-E-K9 Standalone"
Jump to navigation
Jump to search
Line 278: | Line 278: | ||
= Basic router config = | = Basic router config = | ||
<span style="color: blue"> | |||
! | |||
! Last configuration change at 00:50:58 UTC Wed Oct 23 2013 by tech | |||
version 15.2 | |||
service timestamps debug datetime msec | |||
service timestamps log datetime msec | |||
service password-encryption | |||
! | |||
hostname R1 | |||
! | |||
boot-start-marker | |||
boot-end-marker | |||
! | |||
! | |||
enable secret <span style="color: blue">secretpassword</span> | |||
! | |||
aaa new-model | |||
! | |||
! | |||
aaa authentication login default local | |||
aaa authorization exec default local | |||
! | |||
! | |||
! | |||
! | |||
! | |||
aaa session-id common | |||
! | |||
ip cef | |||
! | |||
! | |||
! | |||
ip dhcp excluded-address 10.0.10.1 10.0.10.10 | |||
ip dhcp excluded-address 10.0.11.240 10.0.11.254 | |||
ip dhcp excluded-address 10.0.20.1 10.0.20.10 | |||
ip dhcp excluded-address 10.0.21.240 10.0.21.254 | |||
ip dhcp excluded-address 10.0.99.100 | |||
ip dhcp excluded-address 10.0.99.1 10.0.99.10 | |||
! | |||
ip dhcp pool WIRELESS | |||
import all | |||
network 10.0.10.0 255.255.254.0 | |||
default-router 10.0.10.1 | |||
dns-server 10.0.10.1 8.8.8.8 | |||
domain-name lan.gateway | |||
lease 0 2 | |||
! | |||
ip dhcp pool WIRELESS-GUEST | |||
network 10.0.20.0 255.255.254.0 | |||
default-router 10.0.20.1 | |||
dns-server 10.0.20.1 8.8.8.8 | |||
domain-name lan-guest.gateway | |||
lease 0 2 | |||
! | |||
ip dhcp pool MANAGEMENT | |||
network 10.0.99.0 255.255.255.128 | |||
default-router 10.0.99.100 | |||
dns-server 10.0.99.100 8.8.8.8 | |||
domain-name lan.management | |||
lease 0 2 | |||
! | |||
ip dhcp pool AP1 | |||
host 10.0.99.1 255.255.255.128 | |||
client-identifier 01<span style="color: blue">7c.69f6.e1d8.7d</span> | |||
! | |||
ip dhcp pool AP2 | |||
host 10.0.99.2 255.255.255.128 | |||
client-identifier 01<span style="color: blue">7c.69f6.e1d9.18</span> | |||
! | |||
ip dhcp pool AP3 | |||
host 10.0.99.3 255.255.255.128 | |||
client-identifier 01<span style="color: blue">7c.69f6.e1d9.78</span> | |||
! | |||
! | |||
ip domain name lma.geteway | |||
no ipv6 cef | |||
multilink bundle-name authenticated | |||
! | |||
<span style="color: green">chat-script hspa "" "AT!SCACT=1,1" TIMEOUT 60 "OK"</span> | |||
! | |||
! | |||
license udi pid CISCO1941/K9 sn <span style="color: blue">routerserialnumber</span> | |||
! | |||
license accept end user agreement | |||
license boot module c1900 technology-package securityk9 disable | |||
license boot module c1900 technology-package datak9 disable | |||
! | |||
! | |||
username <span style="color: blue">****tech</span> privilege 0 secret 0 <span style="color: blue">techpassword</span> | |||
username <span style="color: blue">**neteng</span> privilege 15 secret 0 <span style="color: blue">netengpassword</span> | |||
! | |||
! | |||
<span style="color: green">controller Cellular 0/0</span> | |||
! | |||
ip ssh version 2 | |||
! | |||
! | |||
! | |||
! | |||
interface Embedded-Service-Engine0/0 | |||
no ip address | |||
shutdown | |||
! | |||
interface GigabitEthernet0/0 | |||
no ip address | |||
duplex auto | |||
speed auto | |||
! | |||
interface GigabitEthernet0/1 | |||
no ip address | |||
shutdown | |||
duplex auto | |||
speed auto | |||
! | |||
interface GigabitEthernet0/1/0 | |||
description Trunk Port to Cisco AP AIR-SAP1602 | |||
switchport trunk native vlan 99 | |||
switchport mode trunk | |||
no ip address | |||
! | |||
interface GigabitEthernet0/1/1 | |||
description Trunk Port to Cisco AP AIR-SAP1602 | |||
switchport trunk native vlan 99 | |||
switchport mode trunk | |||
no ip address | |||
! | |||
interface GigabitEthernet0/1/2 | |||
description Trunk Port to Cisco AP AIR-SAP1602 | |||
switchport trunk native vlan 99 | |||
switchport mode trunk | |||
no ip address | |||
! | |||
interface GigabitEthernet0/1/3 | |||
description Management VLAN99 access port | |||
switchport access vlan 99 | |||
no ip address | |||
! | |||
<span style="color: green">interface Cellular0/0/0 | |||
description WAN link to Vodafone-APN | |||
ip address negotiated | |||
ip nat enable | |||
encapsulation slip | |||
dialer in-band | |||
dialer string hspa | |||
dialer-group 1 | |||
async mode interactive | |||
! | |||
interface Cellular0/0/1 | |||
no ip address | |||
encapsulation slip</span> | |||
! | |||
interface Vlan1 | |||
no ip address | |||
! | |||
interface Vlan10 | |||
ip address 10.0.10.1 255.255.254.0 | |||
ip nat enable | |||
! | |||
interface Vlan20 | |||
ip address 10.0.20.1 255.255.254.0 | |||
ip nat enable | |||
! | |||
interface Vlan99 | |||
description Eherswitch Management Interface | |||
ip address 10.0.99.100 255.255.255.128 | |||
ip virtual-reassembly in | |||
! | |||
ip forward-protocol nd | |||
! | |||
no ip http server | |||
no ip http secure-server | |||
! | |||
ip dns server | |||
<span style="color: green">ip nat source list 1 interface Cellular0/0/0 overload</span> | |||
<span style="color: green">ip route 0.0.0.0 0.0.0.0 Cellular0/0/0</span> | |||
! | |||
<span style="color: green">access-list 1 permit any</span> | |||
<span style="color: green">dialer-list 1 protocol ip permit</span> | |||
! | |||
! | |||
snmp-server community contingency RO site | |||
snmp-server enable traps entity-sensor threshold | |||
! | |||
! | |||
! | |||
control-plane | |||
! | |||
! | |||
! | |||
line con 0 | |||
logging synchronous | |||
line aux 0 | |||
line 2 | |||
no activation-character | |||
no exec | |||
transport preferred none | |||
transport input all | |||
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh | |||
stopbits 1 | |||
line 0/0/0 | |||
exec-timeout 0 0 | |||
script dialer hspa | |||
script activation hspa | |||
modem InOut | |||
no exec | |||
rxspeed 21600000 | |||
txspeed 5760000 | |||
line 0/0/1 | |||
no exec | |||
line vty 0 4 | |||
logging synchronous | |||
transport input ssh | |||
! | |||
scheduler allocate 20000 1000 | |||
! | |||
end | |||
;Key: | |||
*<span style="color: blue">Blue - variables: passwords, host names, serial numbers</span> | |||
*<span style="color: green">Green - Cellular/3G card configuration</span> | |||
*<span style="color: purple">Purple - ATM/ADSL card configuration</span> | |||
= References = | = References = |
Revision as of 16:18, 26 October 2013
Here below you will find a basic configuration of AIR-SAP 1602E-E-K9 access point connected to 4-port EHWIC card inserted into Cisco 1941 ISR G2 modular router.
Product codding
Product/Model Number: AIR-SAP1602E-E-K9 IOS C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB2, RELEASE SOFTWARE (fc1) Regulatory Domain / AIR-SAP 1602E-E-K9 \ \_External antenna \_C_ stands for: Control and Provisioning of Wireless Access Points Protocol CAPWAP require WLC (Wireless Lan Controller) \_S_ stands for: Standalone AP
- Router
show inventory
#show inventory NAME: "CISCO1941/K9", DESCR: "CISCO1941/K9 chassis, Hw Serial#: ***********, Hw Revision: 1.0" PID: CISCO1941/K9 , VID: V05 , SN: *********** NAME: "3G WWAN EHWIC-QuadBand HSPA+R7/HSPA/UMTS QuadBand EDGE/GPRS and GPS on Slot 0 SubSlot 0", DESCR: "3G WWAN EHWIC-QuadBand HSPA+R7/HSPA/UMTS QuadBand EDGE/GPRS and GPS" PID: EHWIC-3G-HSPA+7 , VID: V01 , SN: *********** NAME: "Modem 0 on Cellular0/0/0", DESCR: "Sierra Wireless MC8705" PID: MC8705 , VID: 1.0, SN: *********** NAME: "4 Port GE POE EHWIC Switch on Slot 0 SubSlot 1", DESCR: "4 Port GE POE EHWIC Switch" PID: EHWIC-4ESG-P , VID: V01 , SN: *********** NAME: "C1941 AC-POE Power Supply", DESCR: "C1941 AC-POE Power Supply" PID: PWR-1941-POE , VID: , SN:
- Access point
show inventory
NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point" PID: AIR-SAP1602E-E-K9 , VID: V01, SN: ********x11
Please notice that access points are powered by Power Over Ethernet. There is a difference power consumption for AIR-CAP (managed) access point that uses 13W vs AIR-SAP (standalone) uses 15.4W.
#sh power inline PowerSupply SlotNum. Maximum Allocated Status ----------- -------- ------- --------- ------ INT-PS 0 80.000 46.200 PS GOOD Interface Config Device Powered PowerAllocated State --------- ------ ------ ------- -------------- ----- Gi0/1/0 auto Unknown Off 0.000 Watts NOT_PHONE Gi0/1/1 auto IEEE-3 On 15.400 Watts PHONE Gi0/1/2 auto IEEE-3 On 15.400 Watts PHONE Gi0/1/3 auto IEEE-3 On 15.400 Watts PHONE
- Default account credentials on the access point
Username: Cisco Password: Cisco Enabled mode: Cisco
Basic AP config with WPA2-PSK auth
- remember to issue 'no shutdown' on radio interfaces as these are administratively down on brand new switches. No shutdown is added in the config below for interface Dot11Radio0
- remember change 'password' and AP 'hostname' when deploying config
- not sure why but when applying config BVI1 interface does not take any changes
! Last configuration change at 01:54:45 UTC Mon Mar 1 1993 by tech version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ap1 ! ! logging rate-limit console 9 enable secret secretpassword ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! ! ! ! aaa session-id common no ip routing no ip cef ! ! ! dot11 syslog dot11 vlan-name Management vlan 99 dot11 vlan-name Wireless vlan 10 dot11 vlan-name Wireless-guest vlan 20 ! dot11 ssid DS_Guest vlan 20 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 0 guestpassword ! dot11 ssid DS_MGM vlan 99 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 0 managementpassword ! dot11 ssid DS_WPA2 vlan 10 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 0 wirelesspassword ! ! crypto pki token default removal timeout 0 ! ! username cisco privilege 1 secret 0 viewpassword username tech privilege 15 secret 0 techpassword ! ip ssh time-out 180 ip ssh authentication-retries 5 ip ssh version 2 bridge irb ! ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm ! encryption vlan 20 mode ciphers aes-ccm ! encryption vlan 99 mode ciphers aes-ccm ! ssid DS_Guest ! ssid DS_MGM ! ssid DS_WPA2 ! antenna gain 0 stbc beamform ofdm mbssid station-role root no shutdown ! interface Dot11Radio0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding ! interface Dot11Radio0.20 encapsulation dot1Q 20 no ip route-cache bridge-group 20 bridge-group 20 subscriber-loop-control bridge-group 20 spanning-disabled bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding ! interface Dot11Radio0.99 encapsulation dot1Q 99 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address no ip route-cache shutdown antenna gain 0 no dfs band block channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto no shutdown ! interface GigabitEthernet0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 10 bridge-group 10 spanning-disabled no bridge-group 10 source-learning ! interface GigabitEthernet0.20 encapsulation dot1Q 20 no ip route-cache bridge-group 20 bridge-group 20 spanning-disabled no bridge-group 20 source-learning ! interface GigabitEthernet0.99 encapsulation dot1Q 99 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface BVI1 ip address dhcp client-id GigabitEthernet0 no ip route-cache no shutdown ! ip forward-protocol nd ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 transport input ssh ! end
Configure WPA2 from WEB
- Security > Encription Manager
- Set Encryption Mode and Keys for VLAN: from drop down menu
- Tick Cipher and from drop down menu AES CCMP
- Security > SSID Manager
- Select <NEW>
- Type SSID_name into SSID box
- Select VLAN
- Tick Interface Radio0 (2.4 GHz)
- Key Management: Mandatory
- Tick: Enable WPA and select WPAv2 from drop down menu
- Enter your WPA Pre-shared Key into a box
- Enable SSID broadcast in beacons (requires enabling per SSID)
- Go to section: Multiple BSSID Beacon Settings
- Check: Set SSID as Guest Mode
- Press Apply
- Enable multiple SSIDs to be broadcasted (requires enabling once per AP/radio)
- Go to section: Guest Mode/Infrastructure SSID Settings
- Check: Multiple BSSID
- Press Apply
- Error message when ticking CCKM
ERROR: VLAN 99 cannot support CCKM. Set 'Encryption Mode' to 'Cipher' on all radio interfaces before selecting CCKM (See Security> Encryption Manager).
- Error message when enabling WPA
ERROR: VLAN 99 cannot support WPA optional. Set 'Encryption Mode' to 'Cipher', 'TKIP + WEP 40 bit' or 'TKIP + WEP 128 bit'
or 'AES CCMP + TKIP + WEP 40 bit', or 'AES CCMP + TKIP + WEP 128 bit' on all radio interfaces before selecting WPA.
(See Security> Encryption Manager) To set the correct 'Key Management', follow the steps below: STEP 1:Set the 'Key Management' to 'None'. STEP 2:Set the 'Cipher' to 'TKIP' or 'AES CCMP' or 'AES CCMP + TKIP'.(see Security>Encryption Manager) STEP 3:Set the 'Authenticated Key Management' to 'WPA' and 'Mandatory'.
Basic router config
! ! Last configuration change at 00:50:58 UTC Wed Oct 23 2013 by tech version 15.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! enable secret secretpassword ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local ! ! ! ! ! aaa session-id common ! ip cef ! ! ! ip dhcp excluded-address 10.0.10.1 10.0.10.10 ip dhcp excluded-address 10.0.11.240 10.0.11.254 ip dhcp excluded-address 10.0.20.1 10.0.20.10 ip dhcp excluded-address 10.0.21.240 10.0.21.254 ip dhcp excluded-address 10.0.99.100 ip dhcp excluded-address 10.0.99.1 10.0.99.10 ! ip dhcp pool WIRELESS import all network 10.0.10.0 255.255.254.0 default-router 10.0.10.1 dns-server 10.0.10.1 8.8.8.8 domain-name lan.gateway lease 0 2 ! ip dhcp pool WIRELESS-GUEST network 10.0.20.0 255.255.254.0 default-router 10.0.20.1 dns-server 10.0.20.1 8.8.8.8 domain-name lan-guest.gateway lease 0 2 ! ip dhcp pool MANAGEMENT network 10.0.99.0 255.255.255.128 default-router 10.0.99.100 dns-server 10.0.99.100 8.8.8.8 domain-name lan.management lease 0 2 ! ip dhcp pool AP1 host 10.0.99.1 255.255.255.128 client-identifier 017c.69f6.e1d8.7d ! ip dhcp pool AP2 host 10.0.99.2 255.255.255.128 client-identifier 017c.69f6.e1d9.18 ! ip dhcp pool AP3 host 10.0.99.3 255.255.255.128 client-identifier 017c.69f6.e1d9.78 ! ! ip domain name lma.geteway no ipv6 cef multilink bundle-name authenticated ! chat-script hspa "" "AT!SCACT=1,1" TIMEOUT 60 "OK" ! ! license udi pid CISCO1941/K9 sn routerserialnumber ! license accept end user agreement license boot module c1900 technology-package securityk9 disable license boot module c1900 technology-package datak9 disable ! ! username ****tech privilege 0 secret 0 techpassword username **neteng privilege 15 secret 0 netengpassword ! ! controller Cellular 0/0 ! ip ssh version 2 ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1/0 description Trunk Port to Cisco AP AIR-SAP1602 switchport trunk native vlan 99 switchport mode trunk no ip address ! interface GigabitEthernet0/1/1 description Trunk Port to Cisco AP AIR-SAP1602 switchport trunk native vlan 99 switchport mode trunk no ip address ! interface GigabitEthernet0/1/2 description Trunk Port to Cisco AP AIR-SAP1602 switchport trunk native vlan 99 switchport mode trunk no ip address ! interface GigabitEthernet0/1/3 description Management VLAN99 access port switchport access vlan 99 no ip address ! interface Cellular0/0/0 description WAN link to Vodafone-APN ip address negotiated ip nat enable encapsulation slip dialer in-band dialer string hspa dialer-group 1 async mode interactive ! interface Cellular0/0/1 no ip address encapsulation slip ! interface Vlan1 no ip address ! interface Vlan10 ip address 10.0.10.1 255.255.254.0 ip nat enable ! interface Vlan20 ip address 10.0.20.1 255.255.254.0 ip nat enable ! interface Vlan99 description Eherswitch Management Interface ip address 10.0.99.100 255.255.255.128 ip virtual-reassembly in ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip dns server ip nat source list 1 interface Cellular0/0/0 overload ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 ! access-list 1 permit any dialer-list 1 protocol ip permit ! ! snmp-server community contingency RO site snmp-server enable traps entity-sensor threshold ! ! ! control-plane ! ! ! line con 0 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line 0/0/0 exec-timeout 0 0 script dialer hspa script activation hspa modem InOut no exec rxspeed 21600000 txspeed 5760000 line 0/0/1 no exec line vty 0 4 logging synchronous transport input ssh ! scheduler allocate 20000 1000 ! end
- Key
- Blue - variables: passwords, host names, serial numbers
- Green - Cellular/3G card configuration
- Purple - ATM/ADSL card configuration
References
- Cisco Aironet 1600 Series Access Points Getting Started Guide, December, 2012 Revised: April 16, 2013
- Cisco Aironet 1600 Series Access Point Data Sheet
- Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
- Cisco IOS Software Configuration Guide for Cisco Aironet Access Points for Cisco IOS Releases 15.2(4)JA
- VLANs on Aironet Access Points Configuration Example
- Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.2(2)JB Default behavior changes on AP pior IOS15