Mike, We still have a remote office using IOS. Here's a few tweaks that haven't been mentioned yet. Some config maybe default, not sure.
# allow for ARP proxy dot11 arp-cache #Example radio config with some basic settings (some maybe default) and ACL to keep rogue dhcp servers at bay. interface Dot11Radio0.2 encapsulation dot1Q 3 ip access-group no_rogues_in in no ip route-cache bridge-group 2 bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group 2 source-learning no bridge-group 2 unicast-flooding bridge-group 2 spanning-disabled ! # rogue DHCP ACL ip access-list extended no_rogues_in deny udp any any eq bootpc permit ip any any ! I can shoot you the full config, if your interested. Cheers, steve From: Mike King <[email protected]<mailto:[email protected]>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]<mailto:[email protected]>> Date: Friday, November 1, 2013 3:11 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [WIRELESS-LAN] Cisco IOS Access points I've been asked to set up two access points for a charity, and I've come to the realization I've never configured Cisco IOS AP, only the WLC models. What I'm fishing for is deployment Idea's, with the use case of nobody technical is going to manage these things, unless they get another "volunteer". I've been in the web-interface, and created the SSID (WPA2-PSK). I'm going with the plan of leaving the IP DHCP, and not even trunking it, just letting serv off the VLAN it's plugged into. I'm also going to look to disable telnet and enable SSH (if it's not already) Any other suggestions? Mike ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
