Configure Cisco Enterprise Access Point 1142N As Home AP - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, November 10, 2018

Configure Cisco Enterprise Access Point 1142N As Home AP

Early of 2018, I got a chance to buy a Cisco Wireless Access Point with only $30, which is a great deal for AIR-LAP1142N-x-K9 - Dual-band Controller-based 802.11a/g/n. It is not 802.11ac ready AP, but as a replacement for my home wireless router, it is already enough.

Since this device is enterprise product, the configuration is not that straightforward, even after read some Cisco documents, it is still quite cumbersome to understand.

After a couple of hours working on it, I managed to bring both 2.4G and 5G radio up and set up two SSID for both radios. Here are my steps (Simplest steps to follow) with screenshots and video:

1. Log into Web GUI Interface
Default username and password is Cisco / Cisco.

You should be able to find out your Cisco Wireless AP 1142N's ip from your router / modem's DHCP pool. My ip is 192.168.2.141. You can use any browser to open it.

2. Home interface after logged in. 

3. Configure your management IP for your device, and configure a Radio 2.4G SSID.




4. Similar step for 5G SSID.



5. Review / Edit your SSID Configuration


That is it, all steps. Of course, there are much more advanced features waiting me to explore. At this moment, it is enough for me to run my home Wireless.

There is one thing I could not do it from GUI is to schedule a time to reboot. Eventually I found it is do-able from command line.

login as: cisco
Using keyboard-interactive authentication.
Password:Cisco
CiscoAP1142>
CiscoAP1142>
CiscoAP1142>en
Password:Cisco
CiscoAP1142#

CiscoAP1142#reload at 1:30 11 Nov reason CleanSystem
Reload scheduled for 01:30:00 -0500 Sun Nov 11 2018 (in 4 hours and 23 minutes) by cisco on vty0 (192.168.2.22)
Reload reason: CleanSystem
Proceed with reload? [confirm]
CiscoAP1142#
CiscoAP1142#show run
Building configuration...

Current configuration : 2439 bytes
!
! No configuration change since last restart
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAP1142
!
!
logging rate-limit console 9
enable secret 5 $1$IRIR$THbu.Defg3UirZ3ZLddnK1
!
no aaa new-model
clock timezone -0500 -5 0
clock summer-time -0400 recurring
no ip source-route
no ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 1.1.1.1
!
!
!
!
dot11 syslog
!
dot11 ssid lobby
   vlan 1
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 0512170D701D1F5848544435A5D
!
dot11 ssid lobby5G
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 061F1E231D1F5848544635A5D55
!
!
!
no ipv6 cef
!
!
username Cisco password 7 106D000A018
username john privilege 15 password 7 131C0615C59537B
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 ssid Bobby
 !
 antenna gain 0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.11
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm
 !
 ssid Bobby5G
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.11
!
interface BVI1
 mac-address 4403.a701.4206
 ip address 192.168.2.5 255.255.255.0
!
ip default-gateway 192.168.2.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
sntp server 0.ca.pool.ntp.org
sntp server 1.ca.pool.ntp.org
sntp broadcast client
end

CiscoAP1142#





I also made a quick YouTube Video to present how I did it:











No comments:

Post a Comment