Sample configuration example of an 871W ISR VERSIN 3 Haga clic para ver el historial del documento Introduction:This configuration

example has 2 vlans, vlan 1 and vlan 2 , each mapped to a dif ferent SSID with WPA-PSK security Configuration Example:sh run Building configuration... Current configuration : 2452 bytes ! ! Last configuration change at 23:53:27 UTC Wed Mar 27 2002 ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$.lNK$ellDG1B2CZJnj82Wqn8iL0 ! no aaa new-model ! ! dot11 syslog ! dot11 ssid GUESTRITS vlan 2 <<<vlan 2 mapped to GUESTRITS SSID. ..Use the vlan as per the network configuration authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 cisco123 ! dot11 ssid INTERNAL vlan 1 <<<<<<<vlan 1 mapped to INTERNAL SSID authentication open authentication key-management wpa wpa-psk ascii 0 cisco123 ! ip source-route ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.254 ! ip dhcp pool GUESTRITS <<<<We have a DHCP pool for GUESTRI TS SSID...wireless users connecting to this SSID will get IP from this pool network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 ! ip cef !

cwmp agent management server username 00000C-CISCO871W%2dG%2dA%2dK9V05-FHK12502AJ2 ! bridge irb ! ! interface FastEthernet0 switchport trunk allowed vlan 1,2,1002-1005 <<<We are allowing only the vlan s meant for wireless access...Modify this as per the needs switchport mode trunk ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 no ip address shutdown duplex auto speed auto ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers tkip <<<tkip is the cipher ! encryption vlan 2 mode ciphers tkip ! ssid GUESTRITS ! ssid INTERNAL ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native <<<vlan 1 is native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.2 encapsulation dot1Q 2 bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 spanning-disabled bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding ! interface Vlan1 no ip address bridge-group 1

interface Vlan2 no ip address bridge-group 2 ! interface BVI1 ip address 10.0.0.2 255.255.255.0 ! interface BVI2 ip address 192.168.1.1 255.255.255.0 ! ip forward-protocol nd no ip http server no ip http secure-server ! ! control-plane ! bridge 1 protocol ieee <<<Bridge group 1 is always used for bridging native vlan traffic to the radio interface... <<< bridge gro up 2 for bridging vlan 2 with radio interface here... bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 password cisco login ! exception data-corruption buffer truncate scheduler max-task-time 5000 end Router#