No announcement yet.

Can WPA2-PSK be enabled on Cisco 871W???

  • Filter
  • Time
  • Show
Clear All
new posts

  • Can WPA2-PSK be enabled on Cisco 871W???

    Hi Guys,

    I just hooked up my new router and all is working fine (all most)
    I am trying to secure the wireless access using WPA2-PSK, however I am strugling and have no clue how this can be done.

    As a info, I can tell that I used the web based interface (Cisco SDM Express) but I could not see anyting there which could enable this.

    I hope that some of you have tried to enable this and can give me some detailed info on how this works (at least I live in the hope!)

    Best regards,

    This is the configuration of the router:

    ! Last configuration change at 22:16:21 PCTime Wed Apr 8 2009 by admin
    ! NVRAM config last updated at 22:07:30 PCTime Wed Apr 8 2009 by cisco
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname yourname
    logging buffered 51200
    logging console critical
    enable secret 5 $1$IutR$/cPJdrss793.egjhUwKbk0
    no aaa new-model
    clock timezone PCTime 1
    clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
    crypto pki trustpoint TP-self-signed-1801357042
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1801357042
    revocation-check none
    rsakeypair TP-self-signed-1801357042
    crypto pki certificate chain TP-self-signed-1801357042
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383031 33353730 3432301E 170D3039 30343038 32303038
    34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38303133
    35373034 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100A60A AC4E71B0 5004A9EB 11E02890 67ECBEA6 E83DC3EF 1E25BA5C 72D2DEB4
    C5B74C8D 6FB6E4F8 6EF9181C DC0B4891 49EF684F 227F8999 A6D9E079 8DA6A4E0
    A898E7C6 CF9E1545 EF0BC3F6 E5DA04BF 1524DBD6 1E22D6E9 8361EF46 10428D82
    00C51695 EFD0ADEA 3A6F15CD 1C154B64 1538589B 1A1EF23D BD51256A 653C4365
    623D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 1420413D B74F0D6F F49EF174 D4AF5C0B 05CDB2F1
    92301D06 03551D0E 04160414 20413DB7 4F0D6FF4 9EF174D4 AF5C0B05 CDB2F192
    300D0609 2A864886 F70D0101 04050003 81810073 10C4FB8A B2F664BA B527271C
    7934BC9C 2B87BA65 48D75910 22E3128D 42AC5AA2 6BA5ACBD 887B5557 497B8D0D
    B6A68FDD 7CAAC6DE 69CE8F86 E1E711A0 9D017DD5 6C90001E 367CE1F2 B71B4E79
    DFC92AB2 AE6A6983 6480E3B8 6345F043 589C4ED6 2A8A3309 72D255E9 503F09A8
    80677F5C 3E304DF0 87A150D0 86F4E1EF 1FCAC6
    dot11 syslog
    dot11 ssid kmf-cisco
    authentication open
    no ip source-route
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address
    ip dhcp pool sdm-pool1
    import all
    no ip bootp server
    no ip domain lookup
    ip domain name
    username admin privilege 15 secret 5 $1$KknfrefeF3$XJylYCLYWJ
    log config
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    class-map type inspect match-any sdm-cls-insp-traffic
    match protocol cuseeme
    match protocol dns
    match protocol ftp
    match protocol h323
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol netshow
    match protocol shell
    match protocol realmedia
    match protocol rtsp
    match protocol smtp extended
    match protocol sql-net
    match protocol streamworks
    match protocol tftp
    match protocol vdolive
    match protocol tcp
    match protocol udp
    class-map type inspect match-all sdm-insp-traffic
    match class-map sdm-cls-insp-traffic
    class-map type inspect match-any sdm-cls-icmp-access
    match protocol icmp
    class-map type inspect match-all sdm-invalid-src
    match access-group 100
    class-map type inspect match-all sdm-icmp-access
    match class-map sdm-cls-icmp-access
    class-map type inspect match-all sdm-protocol-http
    match protocol http
    class-map type inspect match-all sdm-nat-ftp-1
    match access-group 101
    match protocol ftp
    policy-map type inspect sdm-permit-icmpreply
    class type inspect sdm-icmp-access
    class class-default
    policy-map type inspect sdm-pol-NATOutsideToInside-1
    class type inspect sdm-nat-ftp-1
    class class-default
    policy-map type inspect sdm-inspect
    class type inspect sdm-invalid-src
    drop log
    class type inspect sdm-insp-traffic
    class type inspect sdm-protocol-http
    class class-default
    policy-map type inspect sdm-permit
    class class-default
    zone security out-zone
    zone security in-zone
    zone-pair security sdm-zp-self-out source self destination out-zone
    service-policy type inspect sdm-permit-icmpreply
    zone-pair security sdm-zp-out-self source out-zone destination self
    service-policy type inspect sdm-permit
    zone-pair security sdm-zp-in-out source in-zone destination out-zone
    service-policy type inspect sdm-inspect
    zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zo
    service-policy type inspect sdm-pol-NATOutsideToInside-1
    bridge irb
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    description $FW_OUTSIDE$$ES_WAN$
    ip address dhcp client-id FastEthernet4
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    zone-member security out-zone
    ip route-cache flow
    duplex auto
    speed auto
    interface Dot11Radio0
    no ip address
    ssid kmf-cisco
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface Vlan1
    no ip address
    ip tcp adjust-mss 1452
    bridge-group 1
    interface BVI1
    description $ES_LAN$$FW_INSIDE$
    ip address
    ip nat inside
    ip virtual-reassembly
    zone-member security in-zone
    ip tcp adjust-mss 1412
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    logging trap debugging
    access-list 1 remark INSIDE_IF=BVI1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit
    access-list 100 remark SDM_ACL Category=128
    access-list 100 permit ip host any
    access-list 100 permit ip any
    access-list 101 remark SDM_ACL Category=0
    access-list 101 permit ip any host
    no cdp run
    bridge 1 protocol ieee
    bridge 1 route ip
    banner exec ^C
    % Password expiration warning.
    Cisco Router and Security Device Manager (SDM) is installed on this device and
    it provides the default username "cisco" for one-time use. If you have already
    used the username "cisco" to login to the router and your IOS image supports the
    "one-time" user option, then this username has already expired. You will not be
    able to login to the router with this username after you exit this session.
    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.
    username <myuser> privilege 15 secret 0 <mypassword>
    Replace <myuser> and <mypassword> with the username and password you want to
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    line con 0
    login local
    no modem enable
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500