Cisco 871w access point
Skrevet af: Karsten Birch-Johansen i 
Technorati Tags:
Jeg fik fornøjelsen af forleden at kigge lidt på Ciscos 871 trådløse router, dvs. den også fungerer som access point. Selve enheden kommer med et fint webinterface som du kan konfigurere enheden med eller du kan kaste dig over det indbyggede CLI kommando sprog. Sidstnævnte kan dog godt være en langhåret oplevelse, og jeg vil klart anbefale denne artikel læses; Configuring the Cisco 871w router.
Du kan tilgå din router via telnet. Hertil kan der somsagt benyttes CLI og jeg fandt et par gode sider/links til hvordan og hvorledes du kan opsætte og ændre ved din router. Adventures with the Cisco router 871 (part 1) og Adventures with the Cisco router (part2) samt 10 things you can do with the Cisco IOS service command.
Nendefor min egen konfiguration der får sat switchen op og konfigureret det trådløse. God fornøjelse!
Building configuration...
Current configuration : 5529 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router_name
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$pHP3$/rSNmpTQAhckzDaXRpNZj.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip name-server 192.168.0.10
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
crypto pki trustpoint TP-self-signed-2856880070
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2856880070
revocation-check none
rsakeypair TP-self-signed-2856880070
!
!
crypto pki certificate chain TP-self-signed-2856880070
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383536 38383030 3730301E 170D3032 30333031 30303134
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38353638
38303037 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A8BC 1CE21F78 5EBEAE0C 410EBB30 AFC2DBC1 116EBEAD 0B6842BF 833D6515
BE258FD4 296585D2 3A0D5EF8 58D35573 2A66838B DE91FA5D 33FDAA77 9443471E
68920F17 D45ECC28 5FDF4F55 47287789 4B0910A3 6438E390 5CD049F2 4BCCD250
4E996DAA ABA2FBAB 916B274A 529C9A03 F0D8F298 11559AE3 2B25C367 7822BC7B
E0670203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A616664 6B2D726F 75746572 2E63736E 6F726469 632E6C6F
63616C30 1F060355 1D230418 30168014 4F4C1CCC 16B10619 5FFE37F9 DD6D1452
ED3452DF 301D0603 551D0E04 1604144F 4C1CCC16 B106195F FE37F9DD 6D1452ED
3452DF30 0D06092A 864886F7 0D010104 05000381 81009B1E 42E612E8 BFC4D98B
5A2AC75C 76DD49D3 2FAB3422 F9497D48 FE83D831 985B9698 EE5F9C9E 64E2765E
DFE33012 AB228482 9E66C460 1629B99A 99E7400F D04AD44D A7AA1265 28EF4A88
47DFF89C 66542795 C52F81FE 62CD538A 2AB9699D 6F370B24 A898B26C 9D3E97E1
4AA14325 06C2145A A943FE6B 83696368 DB204C9C CF02
quit
username internit privilege 15 secret 5 $1$uui5$3PvynQVOiu3bghfdoqQBT.
!
!
no ftp-server write-enable
!
bridge irb
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description Connected to Internet
no ip address
no ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no keepalive
no cdp enable
hold-queue 100 out
!
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
!
ssid afdk-ap1
authentication open
guest-mode
!
speed 1.0 2.0 5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2427
no preamble-short
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
hold-queue 100 out
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.99 255.255.255.0
ip access-group 100 in
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.168.0.10 eq domain any
access-list 100 permit udp host 192.168.0.21 eq domain any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CC
****************************************************************************
* ATTENTION: UNAUTHORISED ACCESS STRICTLY PROHIBITED
* All connections are logged and monitored and we are minutes from releasing
* the dogs.
****************************************************************************
^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
