This was not a pleasant experience. No wonder I like CLI over GUI interfaces. With a command line, I get feedback as to what I'm doing wrong. With Cisco's SDM, it has some rudimentary user-interface checks before performing a post. On the other end, if you haven't put something into the UI correctly, at least for the wireless config pages, you don't even get a 'hey dummy' message, it just plain ignores you. No feedback, no hints, no nothing.
I simply wanted to get my wireless bit bridged to the vlan bit. The first step is to
select the setting in SDM GUI to bridge the wireless with the wired. This will create the
normal BVI interface. No problem there. After that, you go into the wireless configuration
web pages. I simply wanted to get a WPA-PSK (Pre-Shared Key) into the unit. There is no
obvious way to accomplish that task.
I ended up taking a configuration from a 1230 wireless access point, massaged it a bit,
and dropped it into the 871. Which yields another beef: there are variations in how
wireless is configured in a 1230 vs the 871. In the 871, the ssid and authentication stuff
is in the 'interface Dot11Radio0' section. In the 1230, it is outside. Cutting and pasting
therefore is not quite so simple.
So, after hours of diddling with the GUI, I did the following in a few minutes with the
CLI:
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid my ssid
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii mywpapsk
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
l2-filter bridge-group-acl
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description Wired Network
no ip address
ip virtual-reassembly
ip route-cache flow
load-interval 30
fair-queue
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 10.10.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452