Configuring Cisco Autonomous AP

This is how to set up a Cisco 2702I AP in Autonomous mode. The 2702i AP (and others) have two radios, namely Dot11Radio0 and Dot11Radio1, where the former is 2.4 GHz radio and the latter is 5 GHz.

The AP is configured with

  • Static IP on management
  • 1 SSID both on 2.4 GHz and 5 GHz.
  • WPA2 only
  • PSK
  • AES and TKIP
  • 2.4 GHz radio
    • Channel 11
    • Disable rates lower than 12 MB/s
    • Rate 12 MB/s mandatory
  • 5 GHz radio
    • DFS channel
    • 80 MHz channel

First we assign an IP to the Access Point so we can manage it remotely, instead via console. This allows for easy management (from the couch).

interface bvi1
ip address 192.168.1.2 255.255.255.0
exit
ip default-gateway 192.168.1.1
end

Following best practice on accessing networking devices, we harden the AP. We use SSHv2 only with highest RSA encryption possible. In this case, 4096 bit encryption is the way to go.

configure terminal
username admin privilege 15 secret 5 admin
ip domain name home.net
ip ssh version 2
crypto key generate rsa modulus 4096
line vty 0 15
logging synchronous
transport input ssh
transport output ssh
exit
no ip http server
end

After preparing the AP, now is the time to configure the WiFi.

Configuring wireless on a Cisco AP is performed in a two-component way. We create an SSID, and this SSID is then paired with a radio. In this fashion, we can create an SSID which is broadcasted on both radios, one SSID on the 2.4 GHz radio and one SSID on the 5 GHz radio.
In this example we will create an SSID on both radios only.

We create the SSID and its authenication methods.

configure terminal
dot11 ssid MySSID
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 MyPreSharedKey
end

Before configuring the radios, shut them down.

configure terminal
interface Dot11Radio0
shutdown
interface Dot11Radio1
shutdown
end

Now we configure the radios. For 2.4 GHz radio we do;

configure terminal
interface Dot11Radio0
encryption mode ciphers aes-ccm tkip
ssid MySSID
channel 2462
speed basic-12.0 18 24 36 48 54 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
end

Next for 5 GHz radio we do;

configure terminal
interface Dot11Radio1
encryption mode ciphers aes-ccm tkip
ssid MySSID
channel width 80
channel dfs
end

Configuration is done, so we now open both radios again.

configure terminal
interface Dot11Radio0
no shutdown
interface Dot11Radio1
no shutdown
end

Remember to save our configuration. ­čśë

copy running-config startup-config

Below is the full config.

This entry was posted in Cisco, IOS, WiFi and tagged , , , . Bookmark the permalink.

Leave a Reply