C H A P T E R 9

Configuring a Wireless LAN Connection

The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless LAN
solution that combines mobility and flexibility with the enterprise-class features required by networking
professionals. With a management system based on Cisco IOS software, the Cisco routers act as access
points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN transceivers.
You can configure and monitor the routers using the command-line interface (CLI), the browser-based
management system, or Simple Network Management Protocol (SNMP). This chapter describes how to
configure the router using the CLI. Use the interface dot11radio global configuration CLI command to
place the device into radio configuration mode.
See the Cisco Access Router Wireless Configuration Guide for more detailed information about
configuring these Cisco routers in a wireless LAN application.
Figure 9-1 shows a wireless network deployment.

Figure 9-1 Wireless Connection to the Cisco Router

3
1

2
4
129282

1 Wireless LAN (with multiple networked devices)

2 Cisco 850 or Cisco 870 series access router connected to the Internet
3 VLAN 1
4 VLAN 2

In the configuration example that follows, a remote user is accessing the Cisco 850 or Cisco 870 series
access router using a wireless connection. Each remote user has his own VLAN.

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 9-1
 Chapter 9 Configuring a Wireless LAN Connection
Configure the Root Radio Station

Configuration Tasks
Perform the following tasks to configure this network scenario:
• Configure the Root Radio Station
• Configure Bridging on VLANs
• Configure Radio Station Subinterfaces
A configuration example showing the results of these configuration tasks is provided in the
“Configuration Example” section on page 9-7.

Note The procedures in this chapter assume that you have already configured basic router features as well as
PPPoE or PPPoA with NAT. If you have not performed these configurations tasks, see Chapter 1, “Basic
Router Configuration,” Chapter 3, “Configuring PPP over Ethernet with NAT,” and Chapter 4,
“Configuring PPP over ATM with NAT,” as appropriate for your router. You may have also configured
DHCP, VLANs, and secure tunnels.

Configure the Root Radio Station

Perform these steps to create and configure the root radio station for your wireless LAN, beginning in
global configuration mode:

Command Purpose
Step 1 interface name number Enters interface configuration mode for the
radio interface.
Example:
Router(config)# interface dot11radio 0
Router(config-if)#

Step 2 broadcast-key [vlan vlan-id] change seconds Specifies the time interval, in seconds, between
rotations of the broadcast encryption key used
Example: for clients.
Router(config-if)# broadcast-key vlan 1 Note Client devices using static Wired
change 45
Equivalent Privacy (WEP) cannot use
Router(config-if)#
the access point when you enable
broadcast key rotation—only wireless
client devices using 802.1x
authentication (such as Light Extensible
Authentication Protocol [LEAP],
Extensible Authentication
Protocol–Transport Layer Security
[EAP-TLS], or Protected Extensible
Authentication Protocol [PEAP]) can
use the access point.

Note This command is not supported on

bridges.

See the Cisco IOS Commands for Access Points

and Bridges for more details.

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
9-2 OL-5332-01
Chapter 9 Configuring a Wireless LAN Connection
Configure the Root Radio Station

Command Purpose
Step 3 encryption method algorithm key Specifies the encryption method, algorithm, and
key used to access the wireless interface.
Example: The example uses the VLAN with optional
Router(config-if)# encryption vlan 1 mode encryption method of data ciphers.
ciphers tkip
Router(config-if)#

Step 4 ssid name Creates a Service Set ID (SSID), the public

name of a wireless network.
Example: Note All of the wireless devices on a WLAN
Router(config-if)# ssid cisco must employ the same SSID to
Router(config-if-ssid)#
communicate with each other.

Step 5 vlan number Binds the SSID with a VLAN.

Example:
Router(config-if-ssid)# vlan 1
Router(config-if-ssid)#

Step 6 authentication type Sets the permitted authentication methods for a

user attempting access to the wireless LAN.
Example: More than one method can be specified, as
Router(config-if-ssid)# authentication open shown in the example.
Router(config-if-ssid)# authentication
network-eap eap_methods
Router(config-if-ssid)# authentication
key-management wpa

Step 7 exit Exits SSID configuration mode, and enters

interface configuration mode for the radio
Example: interface.
Router(config-if-ssid)# exit
Router(config-if)#

Step 8 speed rate (Optional) Specifies the required and allowed

rates, in Mbps, for traffic over the wireless
Example: connection.
Router(config-if)# basic-1.0 basic-2.0
basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
Router(config-if)#

Step 9 rts [retries | threshold] (Optional) Specifies the Request to Send (RTS)
threshold or the number of times to send a
Example: request before determining the wireless LAN is
Router(config-if)# rts threshold 2312 unreachable.
Router(config-if)#

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 9-3
 Chapter 9 Configuring a Wireless LAN Connection
Configure Bridging on VLANs

Command Purpose
Step 10 power [client | local] [cck [number | maximum] | (Optional) Specifies the radio transmitter power
ofdm [number | maximum]] level.
See the Cisco Access Router Wireless
Example: Configuration Guide for available power level
Router(config-if)# power local cck 50 values.
Router(config-if)# power local ofdm 30
Router(config-if)#

Step 11 channel [number | least-congested] (Optional) Specifies the channel on which

communication occurs.
Example: See the Cisco Access Router Wireless
Router(config-if)# channel 2462 Configuration Guide for available channel
Router(config-if)#
numbers.

Step 12 station-role [repeater | root] (Optional) Specifies the role of this radio
interface.
Example: You must specify at least one root interface.
Router(config-if)# station-role root
Router(config-if)#

Step 13 exit Exits interface configuration mode, and enters

global configuration mode.
Example:
Router(config-if)# exit
Router(config)#

Configure Bridging on VLANs

Perform these steps to configure integrated routing and bridging on VLANs, beginning in global
configuration mode:

Command or Action Purpose

Step 1 bridge [number | crb | irb |mac-address-table] Specifies the type of bridging.
The example specifies integrated routing and
Example: bridging.
Router(config)# bridge irb
Router(config)#

Step 2 interface name number Enters interface configuration mode.

We want to set up bridging on the VLANs, so the
Example: example enters the VLAN interface
Router(config)# interface vlan 1 configuration mode.
Router(config)#

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
9-4 OL-5332-01
Chapter 9 Configuring a Wireless LAN Connection
Configure Bridging on VLANs

Command or Action Purpose

Step 3 bridge-group number Assigns a bridge group to the interface.

Example:
Router(config)# bridge-group 1
Router(config)#

Step 4 bridge-group number parameter Sets other bridge parameters for the bridging
interface.
Example:
Router(config)# bridge-group 1
spanning-disabled
Router(config)#

Step 5 interface name number Enters configuration mode for the virtual bridge
interface.
Example:
Router(config)# interface bvi 1
Router(config)#

Step 6 bridge number route protocol Specifies the protocol for the bridge group.

Example:
Router (config) # bridge 1 route ip
Router(config)#

Step 7 ip address address mask Specifies the address for the virtual bridge
interface.
Example:
Router(config)# ip address 10.0.1.1
255.255.255.0
Router(config)#

Repeat Step 2 through Step 7 above for each VLAN that requires a wireless interface.

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 9-5
 Chapter 9 Configuring a Wireless LAN Connection
Configure Radio Station Subinterfaces

Configure Radio Station Subinterfaces

Perform these steps to configure subinterfaces for each root station, beginning in global configuration
mode:

Command Purpose
Step 1 interface type number Enters subinterface configuration mode for the
root station interface.
Example:
Router(config)# interface dot11radio 0.1
Router(config-subif)#

Step 2 description string Provides a description of the subinterface for the

administrative user.
Example:
Router(config-subif)# description Cisco open
Router(config-subif)#

Step 3 encapsulation dot1q vlanID [native | Specifies that IEEE 802.1Q (dot1q)
second-dot1q] encapsulation is used on the specified
subinterface.
Example:
Router(config-subif)# encapsulation dot1q 1
native
Router(config-subif)#

Step 4 no cdp enable Disables the Cisco Discovery Protocol (CDP) on

the wireless interface.
Example:
Router(config-subif)# no cdp enable
Router(config-subif)#

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
9-6 OL-5332-01
Chapter 9 Configuring a Wireless LAN Connection
Configuration Example

Command Purpose
Step 5 bridge-group number Assigns a bridge group to the subinterface.
Note When the bridge-group command is
Example: enabled, the following commands are
Router(config-subif)# bridge-group 1 automatically enabled, and cannot be
Router(config-subif)#
disabled. If you disable these commands
you may experience an interruption in
wireless device communication.

bridge-group 1
subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1
block-unknown-source

Step 6 exit Exits subinterface configuration mode, and

enters global configuration mode.
Example:
Router(config-subif)# exit
Router(config)#

Repeat these steps to configure more subinterfaces, as needed.

Configuration Example
The following configuration example shows a portion of the configuration file for the wireless LAN
scenario described in the preceding sections.
!
bridge irb
!
interface Dot11Radio0
no ip address
!
broadcast-key vlan 1 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
authentication open
wpa-psk ascii 0 cisco123
authentication key-management wpa
!
ssid ciscowep
vlan 2
authentication open
!
ssid ciscowpa
vlan 3
authentication open

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 9-7
 Chapter 9 Configuring a Wireless LAN Connection
Configuration Example

!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 50
power local ofdm 30
channel 2462
station-role root
!
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Vlan3
no ip address
bridge-group 3
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.0.1.1 255.255.255.0
!
interface BVI2
ip address 10.0.2.1 255.255.255.0
!
interface BVI3
ip address 10.0.3.1 255.255.255.0
!

Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
9-8 OL-5332-01