Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
SR06
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Theo Maillart
SR06
Commits
aa12ad71
Commit
aa12ad71
authored
Dec 03, 2017
by
Theo Maillart
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
wifi & dhcp TODO -> Radius
parent
57b7ae6f
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
102 additions
and
34 deletions
+102
-34
Cisco/routeur
Cisco/routeur
+24
-16
Cisco/wifi
Cisco/wifi
+62
-2
host_conf/dhcpd.conf
host_conf/dhcpd.conf
+16
-16
No files found.
Cisco/routeur
View file @
aa12ad71
#
VLAN -> Admin: 81 Personnel: 82 Invite: 83
!
VLAN -> Admin: 81 Personnel: 82 Invite: 83
#
reset conf
!
reset conf
enable
write erase
delete flash:vlan.dat
reload
#
base conf
##
create VLAN
!
base conf
!!
create VLAN
conf t
vlan 81
name VLAN_ADM
...
...
@@ -22,7 +22,7 @@ name VLAN_INVITE
state active
exit
##
conf ip
!!
conf ip
int vlan 81
ip address 100.81.0.1 255.255.255.0
int vlan 82
...
...
@@ -30,20 +30,28 @@ ip address 10.0.82.1 255.255.255.0
int vlan 83
ip address 10.0.83.1 255.255.255.0
##
conf physic port
!!
conf physic port
int fastethernet0
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,81-83,1002-1005
switchport trunk native vlan 81
exit
exit
end
!! conf physic port for wifi
int FastEthernet1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 81-83
switchport trunk native vlan 81
no shutdown
end
#
save startup-conf
!
save startup-conf
write memory
#
filtering
##
allow icmp/http/ssh/ftp to outside
!
filtering
!!
allow icmp/http/ssh/ftp to outside
access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo
access-list 102 permit tcp any any eq 80
access-list 103 permit tcp any any eq 22
...
...
@@ -66,7 +74,7 @@ ip access-group 107 in
ip access-group 108 in
ip access-group 105 in
##
ACL for vlan_pers
!!
ACL for vlan_pers
access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22
...
...
@@ -88,7 +96,10 @@ ip access-group 117 out
ip access-group 118 out
ip access-group 105 out
# NAT inside = priv outside =target
! PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
! NAT inside = priv outside =target
interface vlan 83
ip nat inside
interface vlan 82
...
...
@@ -96,6 +107,3 @@ ip nat outside
ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24
ip nat inside source list 9 pool ovrld overload
access-list 9 permit 10.0.83.0 0.0.0.255
# PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
Cisco/wifi
View file @
aa12ad71
# VLAN -> Admin: 81 Personnel: 82 Invite: 83
# address 100.81.0.5
! VLAN -> Admin: 81 Personnel: 82 Invite: 83
! address 100.81.0.5
! SSID Personnel82
! SSID Invite83
! configure connection to routeur - check MAC addr from DHCP conf
enable
conf t
int BVI 1
ip address dhcp
end
! channel choice
conf t
int Dot11radio0
no shut
channel 06
end
int Dot11radio1
no shut
channel 06
end
! configure VLANs 82-83 via web interface
! ssid conf
conf t
dot11 ssid Personnel82
vlan 82
authentication open
dot11 ssid Invite83
vlan 83
authentication open
int Dot11Radio0
ssid pers
ssid invite
int Dot11Radio1
ssid pers
ssid invite
end
! configure WPA first then use radius
conf t
dot11 ssid Personnel82
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
dot11 ssid Invite83
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
end
! SSID broadcast
conf t
dot11 ssid Personnel82
mbssid guest-mode
dot11 ssid Invite83
mbssid guest-mode
int Dot11Radio0
mbssid
int Dot11Radio0
mbssid
end
host_conf/dhcpd.conf
View file @
aa12ad71
subnet
100
.
81
.
0
.
0
netmask
255
.
255
.
255
.
0
{
range
100
.
81
.
0
.
10
100
.
81
.
0
.
70
;
}
host
ap
-
grapcli08
{
hardware
ethernet
00
:
1
f
:
ca
:
27
:
99
:
ce
;
fixed
-
address
100
.
81
.
0
.
5
;
}
subnet
10
.
0
.
82
.
0
netmask
255
.
255
.
255
.
0
{
range
10
.
0
.
82
.
10
10
.
0
.
82
.
70
;
}
subnet
10
.
0
.
83
.
0
netmask
255
.
255
.
255
.
0
{
range
10
.
0
.
83
.
10
10
.
0
.
83
.
70
;
}
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
...
...
@@ -24,7 +39,7 @@ ddns-update-style none;
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
...
...
@@ -105,18 +120,3 @@ ddns-update-style none;
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet
100
.
21
.
0
.
0
netmask
255
.
255
.
255
.
0
{
range
100
.
21
.
0
.
10
100
.
21
.
0
.
70
;
}
host
ap
-
grapcli02
{
hardware
ethernet
00
:
1
f
:
ca
:
27
:
99
:
ce
;
fixed
-
address
100
.
21
.
0
.
3
;
}
subnet
10
.
0
.
22
.
0
netmask
255
.
255
.
255
.
0
{
range
10
.
0
.
22
.
10
10
.
0
.
22
.
70
;
}
subnet
10
.
0
.
23
.
0
netmask
255
.
255
.
255
.
0
{
range
10
.
0
.
23
.
10
10
.
0
.
23
.
70
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment