Configuring a Cisco Accesspoint

Hi there,

 

It has been a time ago since my last post. I figured to post today something about hardware: Cisco Aironet 3502i Accesspoints.

These accesspoints provide a cheap way to get enterprise class network hardware into your home nowadays.

These accesspoints run two diffrent types of IOS (Cisco’s Firmware/OS):

Autonomous and Lightweight.

Let’s first start with what these terms means: Autonomous accesspoints just work like you should expect. You config each Accesspoint seperate , like SSID/WPA Passphrase etc.

Ideal if you have a small amount of AP’s to configure and have a static environment.

 

Lightweight Accesspoints only work in combination with a controller. once an accesspoint has joined a controller it downloads its config from this controller. This means that every setting needs to be configured at the controller.

A controller is just a device which can be found by accesspoints on the network by configuring a DNS name (CAPWAP-CONTROLLER) of option 43 in DHCP. In contrary tot he size, Cisco Wireless Controllers (WLC) are expensive, especially the licences (can be bought in 5, 10 or 25+ packs). Controller functions can save a lot of time configuring AP’s and are actually essential if you use these in enterprise environment. In this case we just use it for fun and i’ll try to cover both (Lightweight and Autonoumous) in this post today.

Choose

Unless you’re crazy like me, you just want to have an Autonomous image on your Accesspoint if you use it at home. Usually these AP’s are shipped with Lightweight images. iOS images are cisco proprietary off course and can only be obtained when you have a Cisco support contract. You can also check the cisco downloadsite for the filename and google this filename, you properly find an alternative source. But please check the MD5 hash before using it.

Once the image has been downloaded, you need to have it installed on the AP, to get that job done you need the following things:

  • iOS image
  • TFTPD32
  • Console connection to AP.

Image download steps

First extract iOS to the base dir of TFTPD32 and call it ap3g1.default.tar

Set your Ethernet interface to 10.0.0.2/8 and start TFTPD32.

Make sure that all security settings are disabled in the TFTP server tab and let it bind to 10.0.0.2.

You need to restart TFTPD.

Plug your Console port into your COM port. Hold the MODE button and power the AP on by plugging it in. After a while the LED turns blinking red and release it. The AP wil search for a TFTP server in the 10.0.0.2-10.0.0.10 range. It’ll download the image.

With some bootloaders you’ll get a AP: prompt. Use the following commands to download the image:

set IP_ADDR 10.0.0.1

set NETMASK 255.0.0.0

set DEFAULT_ROUTER 10.0.0.2

tftp_init

 

tar -xtract tftp://10.0.0.2/ap3g1-k9w7-tar.default flash:

 

It takes a while before the image is downloaded to your AP.  If the AP will automaticlyt reboot unless you’ve used the manual TFTP commands; you should use boot.

Configuration steps

After a while your AP wil boot and request an IP address trough DHCP.

The next steps lead you trough a basic configuration to get your AP working.

Check your DHCP Leases to find out your AP’s IP and browse to it.

Use the following credentials

User: Cisco

Pass: Cisco

 

 

Go to Security > Encryption manager.

Choose Cipher and AES CCMP.

Choose Apply-ALL on the buttom of the page

 

 

Go to SSID Manager

Fill in your SSID

Choose both interfaces (2.4 and 5.0GHz)

Choose Mandatory in the key management dropdown field and tick Enable WPA and choose WPAv2

Fill in your password in the WPA Pre-Shared key field(minimum 8 characters).

Choose Guest mode to broadcast the network, this makes it visible to your wireless clients.

Choose apply.

If you have 1 SSID, choose Set Single Guest Mode SSID and select your network, apply this also to 5GHz, and click apply.

 

Afther that, you need to enable the radios:

 

Choose Enable Radio > Enable:

Click Apply

Apply the same tot he 5GHz interface

 

 

Afhter that, you need to set your password for the web interface

Go to Security > Admin Access:

Fill in your credentials and read-Write and click apply.

Tick Local User List Only and apply

Finally you can save the configuration (upper right) to save your config

 

In the next post we will configure the controller in combination with a CAP3502i.

Categories: Uncategorized

Leave a Reply