Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 871w + WEP + VLans

Reply
Thread Tools

Cisco 871w + WEP + VLans

 
 
jason.pearcy@gmail.com
Guest
Posts: n/a
 
      03-02-2006
Here is my dilema. I have a cisco 871w with two SSID's. One SSID is
bridged to the ethernet switch so it can communicate with a wired
network. The other is just bridged to the wan port of the cisco. Each
are vlans. I want to do open auth and wep on both SSID. but when I
enter the wep key the cisco changes the key in the config totally even
makes it a 28 char key instead of 26 I assume this is some kind of
encryption. Well my wireless clients can associate with the router but
cannot connect to the network. With encryption off everything works
great. my config is attached.

version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cameo
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 <removed>
!
username admin privilege 15 secret 5 <removed>
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
ip dhcp excluded-address 192.168.5.1 192.168.5.4
ip dhcp excluded-address 192.168.5.251 192.168.5.254
!
ip dhcp pool GEPDHCP
import all
network 192.168.5.0 255.255.255.0
domain-name cybermind-usa.net
dns-server 65.161.0.135 65.161.0.136
default-router 192.168.5.1
!
ip dhcp pool CameoWireless
import all
network 192.168.6.0 255.255.255.0
domain-name cybermind-usa.net
dns-server 65.161.0.135 65.161.0.136
default-router 192.168.6.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name cybermind-usa.net
ip name-server 65.161.0.135
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address 192.168.2.20 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 128bit 7 D10150216C72734100A238368974
transmit-key
encryption key 2 size 128bit 7 6D61637372756C65746F8961793E
!
encryption vlan 3 mode ciphers wep128
!
encryption vlan 2 mode ciphers wep128
!
ssid CMM
vlan 3
authentication open
!
ssid GEP
vlan 2
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0
54.0
station-role root
no cdp enable
!
interface Dot11Radio0.2
encapsulation dot1Q 2
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Dot11Radio0.3
encapsulation dot1Q 3
ip address 192.168.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 
Reply With Quote
 
 
 
 
cisconethead
Guest
Posts: n/a
 
      03-02-2006
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
but when I
> enter the wep key the cisco changes the key in the config totally even
> makes it a 28 char key instead of 26 I assume this is some kind of
> encryption. Well my wireless clients can associate with the router but
> cannot connect to the network. With encryption off everything works
> great. my config is attached.



When you say the cisco changed the key, I assume you're talking about
this part of the config. :

> encryption key 1 size 128bit 7 D10150216C72734100A238368974
> transmit-key
> encryption key 2 size 128bit 7 6D61637372756C65746F8961793E



Yes, the Cisco router will encrypt what you type into the device, so
that a person accessing the router, and looking at your config can not
see what the actual key is, as an added security measure. Rest assured,
however, that the router knows what the actual key is, and so the
problem with your wireless clients has nothing to do with what you see
in your config. Sorry I don't have an answer for you as to why your
clients are having problems, but I hope this helps clear up the
confusion.

BTW, if you configure an enable secret password on the router, it will
do the same thing. Also, if you enter the command "service
password-encryption" the same will hold true if you have passwords
assigned to the Console, AUX and VTY lines.

 
Reply With Quote
 
 
 
 
anybody43@hotmail.com
Guest
Posts: n/a
 
      03-02-2006
>> encryption key 1 size 128bit 7 D10150216C72734100A238368974
>> transmit-key
>> encryption key 2 size 128bit 7 6D61637372756C65746F8961793E

> Yes, the Cisco router will encrypt what you type into the device, so
> that a person accessing the router, and looking at your config can not
> see what the actual key is, as an added security measure.


You should be aware that the "7" method encryption can be trivially
reversed
using software available on the internet.

I have a few lines of Perl that does it nicely.

The "secret" or "5" method cannot be reversed as I
understand it. The "7" method therefore
provides protection from someone looking over your shoulder
(in the case of most observers anyway) but provides no protection
from someone who has access to the config files.

Hmmm! The above may not apply in the case here of
the encryption key command. They do not reverse to anything
nice looking. Maybe that's because that have been entered as hex?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
If AP set to be OPEN+WEP,the STA which use SHARE+WEP can access it? ufdragon Wireless Networking 0 03-30-2012 03:49 AM
871W: Routing between VLANs JF Mezei Cisco 4 12-28-2009 02:52 AM
Can't get my WAP (linksysWAP11) to prompt for WEP pass-code as opposed to WEP Key kharnal Wireless Networking 1 01-11-2007 09:30 PM
WEP authentication, why WEP authentication scheme is flawed and how it can be attacked Johnny MCSE 11 08-04-2006 11:43 AM
question about Mapping 802.1Q VLANs to ISL VLANs ilya@3ka.mipt.ru Cisco 0 01-11-2005 02:42 PM



Advertisments