Cisco 871w + WEP + VLans

Discussion in 'Cisco' started by jason.pearcy@gmail.com, Mar 2, 2006.

  1. Guest

    Here is my dilema. I have a cisco 871w with two SSID's. One SSID is
    bridged to the ethernet switch so it can communicate with a wired
    network. The other is just bridged to the wan port of the cisco. Each
    are vlans. I want to do open auth and wep on both SSID. but when I
    enter the wep key the cisco changes the key in the config totally even
    makes it a 28 char key instead of 26 I assume this is some kind of
    encryption. Well my wireless clients can associate with the router but
    cannot connect to the network. With encryption off everything works
    great. my config is attached.

    version 12.3
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname cameo
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 <removed>
    !
    username admin privilege 15 secret 5 <removed>
    clock timezone PCTime -5
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    no aaa new-model
    ip subnet-zero
    no ip source-route
    ip cef
    ip dhcp excluded-address 192.168.5.1 192.168.5.4
    ip dhcp excluded-address 192.168.5.251 192.168.5.254
    !
    ip dhcp pool GEPDHCP
    import all
    network 192.168.5.0 255.255.255.0
    domain-name cybermind-usa.net
    dns-server 65.161.0.135 65.161.0.136
    default-router 192.168.5.1
    !
    ip dhcp pool CameoWireless
    import all
    network 192.168.6.0 255.255.255.0
    domain-name cybermind-usa.net
    dns-server 65.161.0.135 65.161.0.136
    default-router 192.168.6.1
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name cybermind-usa.net
    ip name-server 65.161.0.135
    ip ssh time-out 60
    ip ssh authentication-retries 2
    no ftp-server write-enable
    !
    !
    !
    !
    !
    bridge irb
    !
    !
    interface FastEthernet0
    no ip address
    no cdp enable
    !
    interface FastEthernet1
    no ip address
    no cdp enable
    !
    interface FastEthernet2
    no ip address
    no cdp enable
    !
    interface FastEthernet3
    no ip address
    no cdp enable
    !
    interface FastEthernet4
    description $FW_OUTSIDE$$ES_WAN$
    ip address 192.168.2.20 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    no cdp enable
    !
    interface Dot11Radio0
    no ip address
    !
    encryption key 1 size 128bit 7 D10150216C72734100A238368974
    transmit-key
    encryption key 2 size 128bit 7 6D61637372756C65746F8961793E
    !
    encryption vlan 3 mode ciphers wep128
    !
    encryption vlan 2 mode ciphers wep128
    !
    ssid CMM
    vlan 3
    authentication open
    !
    ssid GEP
    vlan 2
    authentication open
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0
    54.0
    station-role root
    no cdp enable
    !
    interface Dot11Radio0.2
    encapsulation dot1Q 2
    ip address 192.168.5.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no cdp enable
    !
    interface Dot11Radio0.3
    encapsulation dot1Q 3
    ip address 192.168.6.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no cdp enable
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    no ip address
    bridge-group 1
    !
    interface BVI1
    description $ES_LAN$
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.2.1
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 5 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    !
    logging trap debugging
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 1 permit 192.168.5.0 0.0.0.255
    access-list 1 permit 192.168.6.0 0.0.0.255
    no cdp run
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    no modem enable
    transport preferred all
    transport output telnet
    line aux 0
    login local
    transport preferred all
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport preferred all
    transport input telnet ssh
    transport output all
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end
     
    , Mar 2, 2006
    #1
    1. Advertising

  2. cisconethead Guest

    wrote:
    but when I
    > enter the wep key the cisco changes the key in the config totally even
    > makes it a 28 char key instead of 26 I assume this is some kind of
    > encryption. Well my wireless clients can associate with the router but
    > cannot connect to the network. With encryption off everything works
    > great. my config is attached.



    When you say the cisco changed the key, I assume you're talking about
    this part of the config. :

    > encryption key 1 size 128bit 7 D10150216C72734100A238368974
    > transmit-key
    > encryption key 2 size 128bit 7 6D61637372756C65746F8961793E



    Yes, the Cisco router will encrypt what you type into the device, so
    that a person accessing the router, and looking at your config can not
    see what the actual key is, as an added security measure. Rest assured,
    however, that the router knows what the actual key is, and so the
    problem with your wireless clients has nothing to do with what you see
    in your config. Sorry I don't have an answer for you as to why your
    clients are having problems, but I hope this helps clear up the
    confusion.

    BTW, if you configure an enable secret password on the router, it will
    do the same thing. Also, if you enter the command "service
    password-encryption" the same will hold true if you have passwords
    assigned to the Console, AUX and VTY lines.
     
    cisconethead, Mar 2, 2006
    #2
    1. Advertising

  3. Guest

    >> encryption key 1 size 128bit 7 D10150216C72734100A238368974
    >> transmit-key
    >> encryption key 2 size 128bit 7 6D61637372756C65746F8961793E

    > Yes, the Cisco router will encrypt what you type into the device, so
    > that a person accessing the router, and looking at your config can not
    > see what the actual key is, as an added security measure.


    You should be aware that the "7" method encryption can be trivially
    reversed
    using software available on the internet.

    I have a few lines of Perl that does it nicely.

    The "secret" or "5" method cannot be reversed as I
    understand it. The "7" method therefore
    provides protection from someone looking over your shoulder
    (in the case of most observers anyway) but provides no protection
    from someone who has access to the config files.

    Hmmm! The above may not apply in the case here of
    the encryption key command. They do not reverse to anything
    nice looking. Maybe that's because that have been entered as hex?
     
    , Mar 2, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    610
  2. Johnny
    Replies:
    11
    Views:
    3,154
    Cerebrus
    Aug 4, 2006
  3. kharnal
    Replies:
    1
    Views:
    695
    Malke
    Jan 11, 2007
  4. JF Mezei

    871W: Routing between VLANs

    JF Mezei, Nov 29, 2009, in forum: Cisco
    Replies:
    4
    Views:
    3,234
    Curtis Starnes
    Dec 28, 2009
  5. ufdragon
    Replies:
    0
    Views:
    1,461
    ufdragon
    Mar 30, 2012
Loading...

Share This Page