Na WiFi AP AIRONET 1602i potřebuji vytvořit 2 oddělené sítě
(jednu pro zaměstnance a jednu pro návštěvníky).
Každá bude padat do té správné VLANy.
Návštěvnická bude mít pouze možnost přístupu pouze do Internetu
Zaměstnanecká bude mít přístup jak do Internetu, tak i do LAN firmy.
Navíc ta zaměstnanecká bude na své zvláštní VLANě mít i svoje vlastní adresování
(tím dojde k omezení šíření zbytečného provozu - broadcastů).
Na centrálním switchi tedy vytvořím VLAN, na přístupovém switch Cisco 2960S vytvořím konfiguraci.
A pak jen provedu konfiguraci AP CISCO Aironet 1602i.
na centrálním CATALYST 4506-E
enable
configure terminal
vlan 19
name FIRMA_WiFi
interface Vlan19
ip address 172.28.19.1 255.255.255.0
ip helper-address 172.27.1.102
end
write memory
configure terminal
vlan 19
name FIRMA_WiFi
interface gi1/0/30
switchport mode trunk
switchport trunk native vlan 19
switchport trunk allowed vlan add 5,19
switchport nonegotiate
end
write memory
----------------ladici prikazy---
show interface trunk
na CISCO AIRONET 1602i
erase nvram:
reload
... ... ...
enable
----------------config jmeno, web srv, route, net map, cas---------------
configure terminal
hostname aironet1602i
username admin privilege 15 password 1234
no username Cisco
enable secret 5678
ip http server
ip domain-name bajty.info
no ip http secure-server
!crypto key generate rsa modulus 1024
ip ssh version 1
ip ssh time-out 120
line con 0
line vty 0 4
login local
transport input all
sntp server 172.27.1.101
sntp broadcast client
clock timezone +0100 1 0
!!!!!!!!!!config fyzicky interface---------------------
interface bvi 1
ip address 172.28.19.21 255.255.255.0
ip default-gateway 172.28.19.1
ip route 0.0.0.0 0.0.0.0 172.28.19.1
interface gi 0.1
encapsulation dot1q 19 native
no ip address
bridge-group 1
cdp enable
no shutdown
interface gi 0.5
encapsulation dot1q 5
no ip address
bridge-group 5
cdp enable
no shutdown
!!!!!!!!!!definice SSID--------------------------
dot11 syslog
dot11 band-select parameters
cycle-count 3
cycle-threshold 200
expire-supression 20
expire-dual-band 60
client-rssi 80
dot11 network-map
dot11 arp-cache
dot11 ssid free
vlan 5
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 1234
dot11 ssid lan
vlan 19
authentication open
authentication key-management wpa
wpa-psk ascii 5678
!!!!!!!!!!nastaveni interface radio 0 + 1-----------
interface Dot11Radio 0
no ip route-cache
encryption vlan 19 mode ciphers tkip
encryption vlan 5 mode ciphers tkip
mbssid
ssid lan
ssid free
speed range
channel least-congested
station-role root
rts threshold 2312
no cdp enable
no shutdown
interface Dot11Radio1
no ip route-cache
encryption vlan 19 mode ciphers tkip
encryption vlan 5 mode ciphers tkip
mbssid
ssid free
ssid lan
speed range
channel least-congested
station-role root
rts threshold 2312
no cdp enable
no shutdown
!!!!!!!!!!vytvoreni interface radio 0.1 + 0.5---------
interface Dot11Radio 0.1
encapsulation dot1q 19 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
no cdp enable
no shutdown
interface Dot11Radio0.5
encapsulation dot1q 5
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
no cdp enable
no shutdown
interface Dot11Radio1.1
encapsulation dot1Q 19 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
no cdp enable
no shutdown
interface Dot11Radio1.5
encapsulation dot1Q 5
bridge-group 5
bridge-group 5 subscriber-loop-control
bridge-group 5 block-unknown-source
no bridge-group 5 source-learning
no bridge-group 5 unicast-flooding
bridge-group 5 spanning-disabled
no cdp enable
no shutdown
!!!!!!!!!!nastaveni routing and bridging-------------
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
bridge 5 protocol ieee
bridge 5 route ip
end
write memory
copy running-config startup-config
--------------------diagnostika-------------
show dot11 bssid
show dot11 associations
show vlans dot1q
show vlans
show ip ssh
show ssh
Žádné komentáře:
Okomentovat