Wireless
Current configuration
Hostname | Wireless IP | Wireless MAC | FastEthernet IP | BVI IP | Channel | Mode | Location | Config Status | Notes |
---|---|---|---|---|---|---|---|---|---|
bridge-a | 10.1.0.2 | 10.1.0.1 | 10.2.0.1 | 2412 | root bridge wireless-clients | GOD | OK | - | |
bridge-b | 10.1.0.4 | 10.1.0.3 | 10.2.0.2 | 2437 | root bridge wireless-clients | GOD | OK | - | |
bridge-c | 10.1.0.16 | 10.1.0.15 | 10.2.0.3 | root bridge wireless-clients | Monster | OK | - | ||
bridge-d | 10.1.0.18 | 10.1.0.17 | 10.2.0.4 | non-root bridge wireless-clients | OK | - | |||
bridge-e | 10.1.0.40 | 001f.9ed3.3fe0 | 10.1.0.41 | 10.2.0.40 | root bridge wireless-clients | Clive's Study | OK | - | |
bridge-f | 10.1.0.xx | 10.1.0.xx | 10.2.0.x | non-root bridge wireless-clients | Clive's Study | OK | - | ||
Bravo | 10.1.0.14 | 10.1.0.13 | 10.2.0.8 | root | God | OK | - | ||
Charlie | 10.1.0.11 | 10.1.0.12 | 10.2.0.11 | 2447 | root | Monster | ? | - | |
Delta | 10.1.0.10 | 10.1.0.9 | 10.2.0.6 | 2472 | root access-point | Stored | OK | - | |
Echo | 10.1.0.8 | 10.1.0.7 | 10.2.0.7 | Not Set | repeater | Hub | OK | - | |
Foxtrot | 10.1.0.6 | 10.1.0.5 | 10.2.0.5 | repeater | - | Failed to connect - 2017-09-15 | - | ||
Golf | 10.1.0.31 | 10.1.0.30 | 10.2.0.30 | 2447 | repeater | Navaar | OK | - | |
Hotel | 10.1.0.20 | 10.1.0.19 | 10.2.0.19 | Not Set | root | - | OK | - |
Capabilities
These radios operate in the 2.4Ghz microwave band, and support 802.11b/g wifi connections. We have many units:
12(?) x omnidirectional, indoor units, two with standard antennas, two with (high-gain?) antennas. (Aironet 1200 series)
6x weather-proofed point-to-point units with highly-directional integrated antennas, with separate (indoor) breakout boxes. (Aironet 1300 series)
Controlling the units
These wireless base-stations are sophisticated computers in their own right. They run the Cisco IOS operating system: specifically, version 12.3. By default, they can be controlled via a serial console, using the special cyan RJ45-DB9 serial cable provided or the cyan USB-serial cables.
They can also be controlled via telnet and have a web interface which is occasionally useful. By default, configured to use DHCP to acquire their own IP address, but we have over-ridden this for obvious reasons (it's hard to telnet to a device when you don't know what its address is ...).
Connecting
Windows XP
Use Hyperterminal to connect to a unit:
-> Use 9600 baud, no parity, 1 stop bit, and disable hardware flow control.
OSX/Linux
There should be a USB/Serial cable in the box. Clive will also have one in his bag of stuff. But if you lose his, it will be painful ...
- Find the port number in terminal:
$ ls -ltr /dev/*usb* crw-rw-rw- 1 root wheel 21, 2 7 Apr 16:33 /dev/tty.usbserial-AH0668GD crw-rw-rw- 1 root wheel 21, 3 7 Apr 16:33 /dev/cu.usbserial-AH0668GD
- You can use screen to connect:
$ screen /dev/tty.usbserial-AH0668GD 9600
Log in
If you've got things right, then if you have the cable plugged in when you turn a wireless base-unit on, you should see boot-time messages start to scroll past for about a minute after power-on.
Press <ENTER> when prompted to bring up control menu.
Prompt is displayed as: ap> -- or, if the device has been given a different hostname, either manually or via DHCP, then it will appear as: hostname>
Pressing '?' will display a list of commands. <TAB> will auto-complete unambiguous partial commands.
The access point default username is 'Cisco' and the default password is 'Cisco'.
Configuring units
Common
* Enter admin mode - Gain privileged access: "enable" - The default username and password is 'Cisco'. * Enter config mode. - Enter (configuration) context: "configure terminal" XXX XXX This doesn't work, or least, doesn't appear to have the desired effect. XXX Skip this for now. XXX * Set admin password XXX - Set password: "enable password NEWPASSWORD" XXX * Set the local hostname: - Set hostname: "hostname NEWHOSTNAME"
Note: this will change the default prompt from 'ap' to the hostname you specify.
* Configure AP to use a broadcast NTP time signal: - Enable the SNTP client, to listen to the first broadcast signal: "sntp broadcast client" * Configure AP to present a login banner: - Set the login banner: "
Profound Decisions: Network administrators only beyond this point.
- "
* Generate RSA keys for use with SSH: - "crypto key generate rsa general-keys label SSH" - When prompted, say, '2048'. * Set version of SSH to use: - "ip ssh version 2" * Enable SSH by telling it to use the 'SSH' RSA keypair: - "ip ssh rsa keypair-name SSH"
XXX XXX Note: While logs suggest that this is successful, testing has shown that XXX the APs are not listening on port 22 for SSH. Some investigation still required. XXX
* Configure AP to maintain a network map: - Enable network-map generation: "dot11 network-map 1"
* Configure AP with the PDCREW wireless network details: - Mint the new SSID: "dot11 ssid PDCREW" - Set the shared secret to connect to this AP: "authentication open" "authentication key-management wpa" "wpa-psk ascii PASSWORD"
NOTE: The WPA-PSK has to be 8 characters or longer.
- Allow to be used as an infrastructure ssid "infrastructure-ssid optional" - Set the SSID to be announced: "guest-mode" - Exit from SSID sub-mode: "exit"
* Turn the radio on, and add the PDCREW SSID to it: - Select a radio interface to add the SSID to: "interface dot11radio 0" - Tell the wireless system to use correct regional settings: "world-mode dot11d country-code GB outdoor" - Set the radio to optimise for range (as opposed to speed) "speed range" - Set the power settings to locally-permitted maximums. "power local cck maximum" "power local ofdm maximum" - Set to channel 1: "channel 1" - Turn the radio on: "no shutdown" - Configure encryption mode ciphers: "encryption mode ciphers tkip" - enable extensions: "dot11 extension aironet" - Add the SSID to this radio: "ssid PDCREW" - Set the ip address "ip address 10.1.0.x 255.0.0.0" - Exit SSID configuration mode: "exit"
* Configure the ethernet port - select interface "interface FastEthernet 0" - Set the ip address "ip address 10.1.0.x 255.0.0.0" - Exit SSID configuration mode: "exit" * Enable spanning-tree protocol on the local bridge: - bridge 1 protocol ieee
* Save your work "copy running-config startup-config"
Root bridge
* Configure radio to operation in a root bridge role: - Enable configuration mode: "configuration terminal" - Select 2.4Ghz radio: "interface dot11radio 0" - Set role: "station-role root bridge wireless-clients"
Non-root bridge
* Specify that the PDCREW network is the one to connect to: - Enable configuration mode: "configuration terminal" - Select the PDCREW network: "dot11 ssid PDCREW" - Specify that it should be used: "infrastructure-ssid optional" * Configure radio to operation in a non-root bridge role: - Select 2.4Ghz radio: "interface dot11radio 0" - Set role: "station-role non-root bridge wireless-clients"
Field AP
* The AP will, by default, operate in a root access-point mode.
Repeater
XXX This section is as-yet untested.
* Configure radio to operation in a repeater role: 3. Select 2.4Ghz radio: "interface dot11radio 0" 4. Set role: "station-role repeater"
Finish
* Review the current SSID list: - "show running-config ssid PDCREW"
You should see something like:
dot11 ssid PDCREW
authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 140716081E013D7D76
end
* Show the network-map: 1. show dot11 network-map
* Show live configuration: 1. show running-config * Commit live configuration as the new default: 1. copy running-config startup-config
* Show neighbouring Cisco equipment: 1. show cdp neighbors [detail]
Factory reset
1200 series
To return the wireless base-stations to factory settings, power off the device, then -- while holding the 'mode' button down -- power the wireless device back up. Continue to hold the 'mode' button down for a few seconds, then release.
1300 series
If you can login:
- Enter erase nvram to erase all NVRAM files including the startup configuration.
- Enter Y when the following CLI message appears: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm].
- Enter reload when the following CLI message appears: Erase of nvram: complete. This command reloads the operating system.
- Enter Y when the following CLI message appears: Proceed with reload? [confirm].
If you can't login, try really hard to log in. Otherwise:
- Open the CLI with a Telnet session or a connection to the bridge console port.
- Reboot the bridge by removing and reapplying power.
- Allow the bridge to boot until the command prompt appears and the bridge begins to inflate the image.
- Press ESC when you see lines that are similar to these on the CLI:
Loading "flash:/c1310-k9kw-7mx.v122_15_ja.200040314-k9w7-mx.v122_15_ja.20040314" ...#############################################################################
Note: In order to access the boot loader, you must press ESC twice. But this action depends on the terminal-emulation software that you use. Messages that are similar to these appear:
Error loading "flash:/c1310-k9kw-7mx.v122_15_ja.200040314-k9w7-mx.v122_15_ ja.20040314" Interrupt within 5 seconds to abort boot process. Boot process terminated. The system is unable to boot automatically. The BOOT environment variable needs to be set to a bootable image. C1310 Boot Loader (C1310-BOOT-M), Version 12.2 [BLD-v122_15-ja_throttle.20040314 100] bridge:
- At the bridge: prompt, issue the dir flash: command in order to view a directory of the Flash file system.
The directory is similar to this directory:
bridge: dir flash: Directory of flash:/ 2 -rwx 0 <date> env_vars 5 drwx 384 <date> C1310-k9w7-mx.v133_15_JA.20040314 3 -rwx 1128 <date> config.txt 4 -rwx 5 <date> private-config 3693568 bytes available (4047872 bytes used) bridge:
- Delete or rename the files config.txt and env_vars, and reboot the bridge.
- Note*: Do not forget the / character before the filenames.
bridge: delete flash:/config.txt Are you sure you want to delete flash:/config.txt (y/n)?y File "flash:/config.txt" deleted bridge: delete flash:/env_vars Are you sure you want to delete "flash:/env_vars" (y/n)?y File "flash:/env_vars" deleted
- Issue the boot command in order to reboot the bridge at the bridge: prompt, or simply power cycle the bridge.
Old bits from early experiments, probably not really worth keeping, but just might be
Aquarion's notes, essentially
==
Wireless Topology
Suggested wireless topology; at this point, only units 1-3 have been configured.
(- ~ ~ ~ ~ ~ -) v ~ ~ v ~ ~ v ~ ~ v [ GOD network ] ---- | | --- | | | | RB NRB AP R R R
#1 #2 #3 #4 #5 #6
RB : Root-bridge NRB: Non-root bridge AP : Root access point R : Wireless repeater. Wireless MAC Ethernet MAC channel #1 -- bridge-a 10.1.0.2 & 1 00:26:cb:6a:8d:b0 88:43:e1:d1:fd:ac 1 \ 1300-series #2 -- bridge-b 10.1.0.4 & 3 00:23:5e:0b:6b:40 00:23:5e:99:56:02 1 / #3 -- field-ap 10.1.0.6 & 5 00:14:69:2d:4a:10 00:14:6a:40:44:49 6 \ #4 -- repeater-1 10.1.0.8 & 7 11 1200-series #5 -- repeater-2 10.1.0.10 & 9 00:19:E8:8C:77:AC 13 #6 -- repeater-3 10.1.0.12 & 11 00:14:69:ee:3b:ab 8 / #7 -- repeater-4 10.1.0.13 00:13:80:ec:bb:b8 5
These are only suggested IPs; at present, they are all using DHCP to establish their own IP, and these
have not yet been configured in the AD.
Ideally, the repeaters will also be configured such that wired devices attached to them will be bridged onto the crew network. (Note: this has security implications - we don't want players to be able to do this!)
[ In practice, this appears not to be supported? ]
Performance
At Odyssey E1, 2013, bridge-[a/b] and the field-ap were all configured and test-deployed:
* bridge-a was propped up on a desk in GOD * bridge-b was propped up on a box outside the bar, in the ~middle of the IC field.
This was an initial test, but it proved to be unexpectedly successful. Despite there being in the way:
* Most of GOD * A wet hedgerow * Several (dampened) tents * A number of people milling about * A fair distance
... a solid signal could be established between the two bridge units, despite not having done any careful alignment. (Perhaps we were just lucky?)
'show dot11 statistics client-traffic' shows:
27-0026.cb6a.8db0 pak in 12503 bytes in 2295602 pak out 4385 bytes out 693295
dup 0 decrpyt err 0 mic mismatch 0 mic miss 0 tx retries 1159 data retries 1158 rts retries 1 signal strength 74 signal quality 18