Cisco 871W Configuration Example
Description:
Cisco 871W routers are old and considered end of life. However many are available for budget cost on Ebay and other various retailers and they still make for a good home wireless solution. With that said, configuration of wireless from a Cisco CLI can be a unique challenge if you’ve never set it up before. Below is a full example configuration to get you started with wireless on IOS 12.4 for the 871W series router. Changes that you will need to make are annotated as comments throughout the config after ! symbols. The main things to change are various subnets, your login credentials, the SSID name, and encryption key that will be used to connect.
View the configuration:
Current configuration : 1982 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname WIFI-ROUTER-871W
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
! MODIFY THE FOLLOWING FOR YOUR ENABLE PASSWORD
enable secret 0 cisco123!!
!
no aaa new-model
!
!
dot11 syslog
!
! MODIFY THE FOLLOWING LINE SSID, MATCH THE SAME SSID BELOW
dot11 ssid WIRELESS-SSID-NAME
vlan 10
authentication open
authentication key-management wpa
guest-mode
! MODIFY THE FOLLOWING TO SET YOUR WIRELESS KEY
wpa-psk ascii 0 WIFI-PASSWORD
!
ip source-route
!
!
! SEE THE POOL COMMENT BELOW, MODIFY THIS BASED ON WHAT YOUR VLAN IP IS
ip dhcp excluded-address 10.0.10.1
!
! CHANGE THIS TO MATCH WHAT YOUR WIRELESS CLIENTS SUBNET IS
ip dhcp pool wireless
import all
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
!
!
ip cef
ip domain name RLAN
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
vtp domain WIRELESS
vtp mode transparent
! CHANGE THE FOLLOWING TO MODIFY THE LOCAL LOGIN ACCOUNT
username cisco privilege 15 secret 0 cisco123!!
!
!
!
archive
log config
hidekeys
!
!
vlan 10
name WIRELESS
!
ip ssh version 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
! OPTIONAL LAN CONNECTION TO A SWITCH. MODIFY AS NEEDED.
interface FastEthernet4
description LAN
ip address 10.0.0.4 255.255.255.0
duplex auto
speed auto
!
interface Dot11Radio0
description MAIN WIRELESS
no ip address
!
encryption vlan 10 mode ciphers aes-ccm
!
! MODIFY THE FOLLOWING FOR WHAT YOUR WIRELESS WILL DISPLAY AS
ssid WIRELESS-SSID-NAME
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
! MODIFY THE FOLLOWING TO MATCH YOUR WIRELESS SUBNET -- THIS CORRESPONDS TO YOUR DHCP POOL ABOVE ALSO
interface Dot11Radio0.10
description Local WIFI LAN
encapsulation dot1Q 10 native
ip address 10.0.10.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
!
ip forward-protocol nd
! CHANGE THE FOLLOWING LINE TO SET YOUR DEFAULT GATEWAY. EITHER POINT IT AT YOUR MODEM OR ISP's IP ADDRESS
ip route 0.0.0.0 0.0.0.0 X.X.X.X
no ip http server
no ip http secure-server
!
!
! CHANGE THE FOLLOWING TO MATCH YOUR SUBNET TO RESTRICT WHO CAN REMOTE IN VIA SSH
ip access-list extended mgmt
permit ip 10.0.0.0 0.0.0.255 any
deny ip any any log
!
logging trap notifications
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
access-class mgmt in
! ENSURE YOU GENERATE AN SSH KEY TO USE THE FOLLOWING LINE. REMOVE IT IF YOUR IOS DOES NOT SUPPORT THIS!
transport input ssh
!
scheduler max-task-time 5000
end
Edit and Use:
