Cisco 851W or 871W configuration: IOS standard

The Cisco 851W router is a relatively cheap multipurpose device (the lowest price is $ 292) that can support multiple virtual wireless LANs separated by firewalls.

Although the Cisco 871W router may perform more tasks, it costs between $ 500 - $ 700 depending on the somewhat expensive, bundled software for a router for home or small office.

However, the 871W version costs $ 500 no more than 851W, except that it has an external antenna connector that allows you to connect larger antennas. The $ 700 871W version really gives you outstanding features like BGP routing, VLAN support, priority traffic with QoS.

Advanced SOHO dual network architecture

Here is how to set up the Cisco 851W or 871W router according to the IOS ' SOH enhanced' security standard (small office / household) with:

• Status monitoring firewall (SPI)
• 2 virtual wireless LAN (maximum 10)
• 1 virtual LAN connected to a wireless LAN
• Both LANs are configured according to the WPA-PSK security protocol
• 1 wireless LAN acts as a guest network with limited access
• DSL PPPoE client
• DHCP server

Figure A is a logical diagram. The orange ring is the guest network, the green ring is the intranet. The entire switch is configured for VLAN1 because the IOS 'advanced security' standard of 851W and 871 does not support multiple VLANs. Only the 871W version running 'Advanced IP' IOS supports multiple VLANs. This means that only wireless 'InternalWLAN' can bridge the switch using the BVI 1.

Cisco 851W or 871W configuration: IOS standard Picture 1

Port F4 is a WAN interface configured to dial PPPoE to an ADSL modem. The orange wireless network 'GuestWLAN' will have full Internet access, but will not be able to access the green local network. The green intranet will have full access to the orange guest network and the Internet. The guest wireless LAN will have the SSID of GuestWLAN, and the internal wireless LAN will have the SSID of InternalWLAN. Currently Cisco 851W and 871W are only capable of transmitting 1 SSID, so GuestWLAN will be the only SSID transmitted. Future firmware will fix this shortcoming.

For those of you wondering if hiding SSID is good for security: Hide SSID is a useless security feature, like MAC filtering and some other features.

Initial hardware setup

After removing 851W or 871W from the box and plugging the adapter, connect the power cable to the appropriate serial port on your computer. If your laptop does not have a serial port, you will need to switch from a USB port - a serial port. It is best to prepare a laptop with wireless connectivity and a desktop computer. Plug the device into port F1 (Fast Ethernet 1) (the second port from left, Figure B , because the first port is F0). Most desktop computers have at least 1 COM1 port, so you can use this port as the configuration control computer. Plug an RJ45 jack of the control port into the rightmost RJ45 port with the word 'console'. If all you have is a laptop, you can use it to test wired and wireless functions.

Cisco 851W or 871W configuration: IOS standard Picture 2

Wipe the default configuration

The first thing to do with all new Cisco routers is to wipe the default configuration. Older routers are not assigned a username and password, and new devices are different. You must first log in with your username and password as 'cisco'. The 'c' in 'cisco' may have to be capitalized, depending on the router. After successful login, enter the following commands:

• enable
• write erase
• reload (confirm reboot)

After the router is restarted, you will see the message 'router>' and no need to enter the password anymore. Now enter the command 'config t' to enter the full configuration mode.

Sample CLI configuration for Cisco 851W and 871W

I always think that Cisco's configuration guide is not easy to use at all. So I created my own system configuration template in Excel.

The first template for DSL PPPoE. The second pattern is to configure DHCP or connect to the Internet via a cable network modem. Sample 3 for static WAN IPs.

How to use the CLI template

After downloading the sample tables for this tutorial, simply fill in the yellow boxes as shown in Figure C.

Cisco 851W or 871W configuration: IOS standard Picture 3

Figure D shows the reference table, with red variables in parentheses. The Replace button will copy the contents of the table referring to a new table named 871W (or any other name at will).

Cisco 851W or 871W configuration: IOS standard Picture 4

Configure configuration 851W or 871W

Once created, you can copy the Command column with your own custom settings and paste it into your driver. Note that this is an unformatted paste command, but some commands will take longer to execute than others. You will have to confirm with the command 'show run' and remember to enter the 'write mem' command to save the changes to keep the settings after restarting the router.

Check your multi-network router VLAN, WLAN

Your desktop must connect well with ports from F0 to F3. You must be able to obtain the intranet address. The default IP address will be 192.168.1.100. If all goes well, you will be able to ping 192.168.1.1 and 192.168.2.1.

If you can't ping the whole router, use the 'show ip int brief' command to check again as shown in Figure E.

Cisco 851W or 871W configuration: IOS standard Picture 5

If you can't ping any web page and you know that the page is still working, try pinging the DNS server address. If you can ping all of the addresses above, check your laptop by connecting to both wireless LANs. GuestWLAN network will be the only SSID displayed. From the guest network, try ping 192.168.1.1, if it fails, you can be sure that GuestACL works well. If you want to connect to the InternalWLAN network, you need to add the SSID information manually and then bring it to the top of the list. Then disconnect from the GuestWLAN and then refresh the wireless network detection window. Wait a while, you will be able to connect to InternalWLAN network. That's why I don't like the SSID hidden feature. It does not bring any benefit to security.