I'm going through the motions for building a portable lab whereby I can test various applications and software and features and one of my initial considerations was how to get Internet access to the lab. I've got a 1841 with a 3G HWIC module inside it so I could buy a sim and configure that but the plans for 'non-mobile' devices are crazy expensive, plus I'm already paying for an unlimited internet package for my phone so it just feels wrong spending more money. The other option is tethering the phone to the LAN in some way - either via a USB to RJ45 adapter (but then I can't charge and tether my phone at the same time) or 2ndly some way wireless-ly, and it turns out this is very possible with a feature called universal client mode.
Universal Client Mode allows the router / AP to connect to a wireless device as though it was a client, very cool! So I able to use the portable hot-spot functionality of the phone, and connect to the phone from the router as though it was a client, below is a rough diagram of the setup:
"Free" access for my Lab.
So now here's the important bit, the configuration. I couldn't find any other bogs etc where people have done this, there are similar things but not exactly this and as such I spent some time figuring this out so I'm putting it here for future reference, and hopefully it'll help someone else out in the future.
! first of all you need to configure the radio:
interface Dot11Radio0
! Tells the router to act in universal client mode
station-role non-root
! Set the IP address to be obtained using DHCP
ip address dhcp
! create the ssid - has to be the same as the ssid advertised from the phone
dot11 ssid SSID_NAME
!set the authentication - I've used open
authentication open
! Go back into the dot11 radio interface and associate the ssid to the interface
interface Dot11Radio0
ssid SSID_NAME
At this point you should have a virtual-dot11radio interface configured and it should receive and IP address from the phone.
And from here you just create a default route, setup NAT and "jobs a good 'un".
A couple of notes: you have to make sure there is no vlan X command because Universal Client Mode needs to use the native vlan (I.E. no vlan configured)
Also, when I added the default route I had to manually set the IP address of the phone I.E. 192.168.43.1 (in my case) it didn't work when I set the exit interface as either dot11radio0 or the virtual-dot11radio0. I don't know why, perhaps someone can comment? But that's well worth noting.
Excellent!
Here's a quick update, if you are not happy without any encryption you can add WPA2 encryption with a Pre-Shared Key (PSK) with these commands:
!Under the dot11 SSID config:
authentication key-management wpa
wpa-psk ascii 0 password
!Under the dot11radio interface:
encryption mode ciphers aes-ccm
!!Update number 2!!
So I managed to break my NAT translations, I was playing with settings and "cleaning up the config" and I noticed that my lab VMs had lost internet connectivity.
I've since fixed it but my method is not 100% conventional. I had to change my NAT statement to refer to the pool of IP addresses being translated rather than the exist interface (virtual-dot11radio0) for some reason my NAT statement and default route doesn't work if I point to the virtual-dot11radio0 interface. The simple fix is to use the IP address rather than the interface but I'm a little wary because IP addresses can change. We'll see, if I find away around this I will update again. Anyway for the time being, here are the revised NAT statements:
ip nat pool NAT-POOL 192.168.43.183 192.168.43.183 netmask 255.255.255.0
ip nat inside source list PERMIT-NAT pool NAT-POOL overload
ip access-list standard PERMIT-NAT
permit 172.16.213.0 0.0.0.255
No comments:
Post a Comment