Thursday, January 21, 2010

Configuring Cisco 871W w/ WPA and MAC Access List

Configure The Cisco 871W Router for basic WIFI + WPA capabilities using a MAC address Access List to restrict WIFI access to specific devices.












!-- Basic Configuration
hostname WifiAP
service password-encryption
username cisco privilege 15 secret cisco
ip domain name cisco.com
no ip domain lookup

!-- Configure line con 0
line con 0
  login local
  logging synchronous
!

!-- Configure vty lines
line vty 0 4
  login local
  logging synchronous
  transport input ssh
!

!-- Configure bridging
!-- Enable Integrated routing and bridging
bridge irb

!-- Assign VLAN 1 to bridge group
int vlan 1
  bridge-group 1
!
 
!-- Configure BVI interface
int bvi 1
  ip address 172.16.41.1 255.255.255.0
!

!-- Enable Bridging with IEEE STP protocol
bridge 1 protocol ieee

!-- Allow routing of IP through BVI to other interfaces
bridge 1 route ip


!-- Configure DHCP
ip dhcp excluded-address 172.16.41.1 172.16.41.50
ip dhcp pool wifi
  network 172.16.41.0 255.255.255.0
  default-router 172.16.41.1
  dns-server 212.135.1.36 195.40.1.36
!

!-- Configure Radio Interface
int dot11radio 0
  ! Configure tkip cipher for vlan 1 for WPA
  encryption vlan 1 mode ciphers tkip
  ! Configure SSID for WPA and bind to VLAN 1. Use guess mode for clients
  ssid wifi1
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 cisco
  !
!

!-- Configure Radio subinterface for VLAN 1
int dot11radio 0.1
  encapsulation dot1q 1 native
  bridge-group 1


!-- Test
!-- Startup the dot11 radio and try to connect from your client
int dot11radio 0
  no shutdown
!

!-- Restrict Access to MAC addresses
!-- Create mac ACL and restrict access to specific mac addresses
dot11 association mac-list 700

!-- Create ACL entries
access-list 700 permit 0018.de66.aaee 0000.0000.0000


Troubleshooting
Confirm with the following commands
show dot11 ass
show ip dhcp binding
debug dot11 events

Posted by at
Labels: , , ,