This is how to set up a Cisco 2702I AP in Autonomous mode. The 2702i AP (and others) have two radios, namely Dot11Radio0 and Dot11Radio1, where the former is 2.4 GHz radio and the latter is 5 GHz.
The AP is configured with
- Static IP on management
- 1 SSID both on 2.4 GHz and 5 GHz.
- WPA2 only
- PSK
- AES and TKIP
- 2.4 GHz radio
- Channel 11
- Disable rates lower than 12 MB/s
- Rate 12 MB/s mandatory
- 5 GHz radio
- DFS channel
- 80 MHz channel
First we assign an IP to the Access Point so we can manage it remotely, instead via console. This allows for easy management (from the couch).
|
1 2 3 4 5 |
interface bvi1 ip address 192.168.1.2 255.255.255.0 exit ip default-gateway 192.168.1.1 end |
Following best practice on accessing networking devices, we harden the AP. We use SSHv2 only with highest RSA encryption possible. In this case, 4096 bit encryption is the way to go.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
configure terminal username admin privilege 15 secret 5 admin ip domain name home.net ip ssh version 2 crypto key generate rsa modulus 4096 line vty 0 15 logging synchronous transport input ssh transport output ssh exit no ip http server end |
After preparing the AP, now is the time to configure the WiFi.
Configuring wireless on a Cisco AP is performed in a two-component way. We create an SSID, and this SSID is then paired with a radio. In this fashion, we can create an SSID which is broadcasted on both radios, one SSID on the 2.4 GHz radio and one SSID on the 5 GHz radio.
In this example we will create an SSID on both radios only.
We create the SSID and its authenication methods.
|
1 2 3 4 5 6 7 |
configure terminal dot11 ssid MySSID authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 MyPreSharedKey end |
Before configuring the radios, shut them down.
|
1 2 3 4 5 6 |
configure terminal interface Dot11Radio0 shutdown interface Dot11Radio1 shutdown end |
Now we configure the radios. For 2.4 GHz radio we do;
|
1 2 3 4 5 6 7 |
configure terminal interface Dot11Radio0 encryption mode ciphers aes-ccm tkip ssid MySSID channel 2462 speed basic-12.0 18 24 36 48 54 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. end |
Next for 5 GHz radio we do;
|
1 2 3 4 5 6 7 |
configure terminal interface Dot11Radio1 encryption mode ciphers aes-ccm tkip ssid MySSID channel width 80 channel dfs end |
Configuration is done, so we now open both radios again.
|
1 2 3 4 5 6 |
configure terminal interface Dot11Radio0 no shutdown interface Dot11Radio1 no shutdown end |
Remember to save our configuration. 😉
|
1 |
copy running-config startup-config |