Guide to transform Cisco IR829 router into an Access Point - Wyliodrin/cisco829 GitHub Wiki
Guide to transform Cisco IR829 router into an Access Point
A Cisco router can act as a simple access point router, like the one at your home. Some CLI commands must be executed before this can be possible.
We will connect through serial port and use the following variables SSID (what the router broadcasts as a name): WYLIODRIN Password (what the wireless password will be): password123 Network : 192.168.7.0/24 Gateway : 192.168.7.1 Channel : 1
Change the SSID and password as needed
We will give 2 sets of commands. One for the Router, one for the integrated wireless access point(abbreviated from now on as AP).
##Commands for Router
| Command | Purpose |
|---|---|
IR800> enable |
Get to privileged EXEC mode |
IR800# configure terminal |
Get to global configuration mode |
IR800(config)# interface wlan-ap0 |
Enter configuration mode for interface which connects to the Access Point |
IR800(config-if)# ip add 10.21.0.20 255.255.255.0 |
Put an IP address on it |
IR800(config-if)# no shutdown |
Make sure the interface is up |
IR800(config-if)# exit |
Exit to global configuration mode |
IR800(config)# interface vlan1 |
Enter configuration mode for the default VLAN interface (1) which, at the start, is present on all switchports |
IR800(config-if)# ip address 10.10.0.30 255.255.255.0 |
Put an IP address on it |
IR800(config-if)# no shutdown |
Make sure the interface is up |
IR800(config-if)# exit |
Exit to global configuration mode |
IR800(config)# interface range gigabit1-4 |
Enter configuration mode for all 4 Gigabit Ethernet ports at the same time |
IR800(config-if-range)# switchport mode access |
Make them be in access mode |
IR800(config-if-range)# switchport access vlan 1 |
When in access mode, make them be in VLAN 1 |
IR800(config-if-range)# end |
Exit to privileged EXEC mode |
IR800# service-module wlan-ap0 session |
Command to telnet to the Access Point's console through wlan-ap0 |
Now we are connected through telnet to the AP's console, a whole new environment with the same IOS commands.
After we press Enter once, we will be presented with a login to AP console prompt. The default username is cisco and the default password is cisco.
| Command | Purpose |
|---|---|
ap# enable |
Get to privileged EXEC mode |
ap(config)# configure terminal |
Get to global configuration mode |
ap(config-if)# dot11 ssid WYLIODRIN |
Configuration mode for the SSID WYLIODRIN |
ap(config-ssid)# authentication open |
Allow clients to connect openly |
ap(config-ssid)# guest-mode |
Broadcast the SSID (do not hide the network) |
ap(config-ssid)# exit |
Exit to global configuration mode |
ap(config)# int dot11radio 0 |
Configuration mode for physical wireless equipment |
ap(config-if)# ssid WYLIODWRIN |
Link it to SSID WYLIODRIN |
ap(config-if)# channel 1 |
Force channel 1, otherwise it will choose the best channel after a scan |
ap(config-if)# no shutdown |
Make sure the interface is up |
ap(config-if)# exit |
Exit to global configuration mode |
ap(config)# ip dhcp excluded-address 192.168.7.1 |
Exclude the AP's IP address from the DHCP pool |
ap(config-if)# ip dhcp pool WIRELESS |
Enter configuration mode for DHCP pool |
ap(dhcp-config)# network 192.168.7.0 255.255.255.0 |
Network and subnet mask for the pool |
ap(dhcp-config)# default-router 192.168.7.1 |
Default gateway for the pool |
ap(dhcp-config)# exit |
Exit to global configuration mode |
ap(config)# bridge 1 protocol ieee |
Make bridge 1 use ieee protocol |
ap(config)# bridge 1 route ip |
Make bridge 1 route IP packets |
ap(config)# int dot11radio 0 |
Configuration mode for physical wireless equipment |
ap(config-if)# bridge-group 1 |
Make the interface belong to bridge 1 |
ap(config-if)# exit |
Exit to global configuration mode |
ap(config)# int bvi1 |
Configuration mode for bridge 1 |
ap(config-if)# ip address 192.168.7.1 255.255.255.0 |
AP's IP address |
ap(config-if)# no shutdown |
Make sure the interface is up |
ap(config-if)# exit |
Exit to global configuration mode |
Now the Router will have wireless enabled and open for anyone to connect.
We can put a password on it (WPA2-PSK - the most secure protocol to date for wireless). Execute the following on the AP:
| Command | Purpose |
|---|---|
ap(config)# int dot11radio 0 |
Configuration mode for physical wireless equipment |
ap(config-if)# encryption mode ciphers aes-ccm tkip |
Make it use AES and TKIP encryption protocols |
ap(config-if)# exit |
Exit to global configuration mode |
ap(config-if)# dot11 ssid WYLIODRIN |
Configuration mode for the SSID WYLIODRIN |
ap(config-ssid)# authentication key-management wpa version 2 |
Make it use WPA2 connection protocol |
ap(config-ssid)# wpa-psk ascii 0 password123 |
Put the WPA2 password in clear text |
ap(config-ssid)# exit |
Exit to global configuration mode |
Now your Cisco IR829 Router is now a Wireless Access Point.
#EXTRA
If you want to tweak with your wireless other advanced settings, you can use the following OPTIONAL commands (use ? and TAB for auto-completion):
| Command | Purpose |
|---|---|
ap(config)# int dot11radio 0 |
Configuration mode for physical wireless equipment |
|
ap(config-if)# station-role | Sets the wireless device's role
ap(config-if)# speed | Sets the wireless device's speed
ap(config-if)# power local | Set the transmit power of the wireless device
ap(config-if)# power client | Sets the maximum power level allowed on client devices that associate to the wireless device.
ap(config-if)# antenna receive | Sets the antenna(s) which can receive
ap(config-if)# antenna transmit | Sets the antenna(s) which can transmit
|
ap(config-if)# exit | Exit to global configuration mode