Cisco 1240AG configurations
Help! I just need a working configuration now!
Copy the following out, replacing the bits in red with your own information. Click here if you want to see the explanations.
You should make sure that you SSH v2 switched on (ie have your done the generation stage already). If not, you can do this by doing the following from the command line:
conf term
ip domain-name your domain name
crypto key generate rsa usage-keys modulus 2048
This is the full working configuration (minus bits that are pertinent to my own connection):
version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname name-of-your-device
!
logging buffered 32000 informational
logging console informational
logging monitor informational
enable secret 5 password for your device
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login admin local
!
aaa session-id common
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip domain lookup
ip domain name your domain name
ip name-server IP address of your ISP DNS server
ip name-server Second IP address of your ISP DNS server
!
!
ip ssh time-out 60
ip ssh authentication-retries 1
ip ssh version 2
login block-for 60 attempts 3 within 30
login on-failure log
login on-success log
!
dot11 ssid name of your wireless network
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid
wpa-psk ascii 7 Your WPA key
!
power inline negotiation prestandard source
!
!
username username to connect to the AP password 7 password to connect to the AP
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid name of your wireless network
!
antenna gain numbered gain level of your antenna
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2432
station-role root access-point
world-mode dot11d country GB both
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-broup 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid name of your wireless network
!
no dfs band block
channel dfs
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address IP-assigned-to-your-access-point subnet-mask
no ip route-cache
!
ip default-gateway IP-of-your-upstream-router
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/wag
ip radius source-interface BVI1
!
logging history debugging
logging trap debugging
logging origin-id string string to identify this machine
logging IP address of syslog server
access-list 15 permit any
snmp-server community public RO
snmp-server location Location of this machine
snmp-server contact Your contact details
snmp-server chassis-id Identifier for machine
snmp-server enble traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-sever host IP address of snmp server public
no cdp enable
bridge 1 route ip
!
!
banner login ^C
This is machine name. Unauthorised access to this
machine is strictly prohibited. Please disconnect now unless you have
received prior authorisation for use. The systems administrator is
your name on your phone number.
^C
!
line con 0
access-class 15 in
password 7 your console password
stopbits 1
line vty 0 4
access-class 15 in
exec-timeout 5 0
login authentication admin
line vty 5 15
access-class 15 in
!
sntp server 193.0.0.228
sntp server 130.88.200.98
sntp server 158.152.1.76
end