From aa12ad717780a17e749da9c7aa4b62caa0429e9b Mon Sep 17 00:00:00 2001 From: Theo Maillart Date: Sun, 3 Dec 2017 16:29:31 +0100 Subject: [PATCH] wifi & dhcp TODO -> Radius --- Cisco/routeur | 40 ++++++++++++++++----------- Cisco/wifi | 64 ++++++++++++++++++++++++++++++++++++++++++-- host_conf/dhcpd.conf | 32 +++++++++++----------- 3 files changed, 102 insertions(+), 34 deletions(-) diff --git a/Cisco/routeur b/Cisco/routeur index b6ab2b4..3803d5b 100644 --- a/Cisco/routeur +++ b/Cisco/routeur @@ -1,13 +1,13 @@ -# VLAN -> Admin: 81 Personnel: 82 Invite: 83 +! VLAN -> Admin: 81 Personnel: 82 Invite: 83 -# reset conf +! reset conf enable write erase delete flash:vlan.dat reload -# base conf -## create VLAN +! base conf +!! create VLAN conf t vlan 81 name VLAN_ADM @@ -22,7 +22,7 @@ name VLAN_INVITE state active exit -## conf ip +!! conf ip int vlan 81 ip address 100.81.0.1 255.255.255.0 int vlan 82 @@ -30,20 +30,28 @@ ip address 10.0.82.1 255.255.255.0 int vlan 83 ip address 10.0.83.1 255.255.255.0 -## conf physic port +!! conf physic port int fastethernet0 switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,81-83,1002-1005 switchport trunk native vlan 81 -exit -exit +end + +!! conf physic port for wifi +int FastEthernet1 +switchport mode trunk +switchport trunk encapsulation dot1q +switchport trunk allowed vlan 81-83 +switchport trunk native vlan 81 +no shutdown +end -# save startup-conf +! save startup-conf write memory -# filtering -## allow icmp/http/ssh/ftp to outside +! filtering +!! allow icmp/http/ssh/ftp to outside access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo access-list 102 permit tcp any any eq 80 access-list 103 permit tcp any any eq 22 @@ -66,7 +74,7 @@ ip access-group 107 in ip access-group 108 in ip access-group 105 in -## ACL for vlan_pers +!! ACL for vlan_pers access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80 access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22 @@ -88,7 +96,10 @@ ip access-group 117 out ip access-group 118 out ip access-group 105 out -# NAT inside = priv outside =target +! PAT +ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80 + +! NAT inside = priv outside =target interface vlan 83 ip nat inside interface vlan 82 @@ -96,6 +107,3 @@ ip nat outside ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24 ip nat inside source list 9 pool ovrld overload access-list 9 permit 10.0.83.0 0.0.0.255 - -# PAT -ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80 diff --git a/Cisco/wifi b/Cisco/wifi index f243cd2..80d7810 100644 --- a/Cisco/wifi +++ b/Cisco/wifi @@ -1,2 +1,62 @@ -# VLAN -> Admin: 81 Personnel: 82 Invite: 83 -# address 100.81.0.5 +! VLAN -> Admin: 81 Personnel: 82 Invite: 83 +! address 100.81.0.5 +! SSID Personnel82 +! SSID Invite83 + +! configure connection to routeur - check MAC addr from DHCP conf +enable +conf t +int BVI 1 +ip address dhcp +end + +! channel choice +conf t +int Dot11radio0 +no shut +channel 06 +end +int Dot11radio1 +no shut +channel 06 +end + +! configure VLANs 82-83 via web interface + +! ssid conf +conf t +dot11 ssid Personnel82 +vlan 82 +authentication open +dot11 ssid Invite83 +vlan 83 +authentication open +int Dot11Radio0 +ssid pers +ssid invite +int Dot11Radio1 +ssid pers +ssid invite +end + +! configure WPA first then use radius +conf t +dot11 ssid Personnel82 +authentication key-management wpa version 2 +wpa-psk ascii UtiliserRadius +dot11 ssid Invite83 +authentication key-management wpa version 2 +wpa-psk ascii UtiliserRadius +end + +! SSID broadcast +conf t +dot11 ssid Personnel82 +mbssid guest-mode +dot11 ssid Invite83 +mbssid guest-mode +int Dot11Radio0 +mbssid +int Dot11Radio0 +mbssid +end diff --git a/host_conf/dhcpd.conf b/host_conf/dhcpd.conf index e97a2a7..93ca70d 100644 --- a/host_conf/dhcpd.conf +++ b/host_conf/dhcpd.conf @@ -1,3 +1,18 @@ + +subnet 100.81.0.0 netmask 255.255.255.0 { + range 100.81.0.10 100.81.0.70; +} +host ap-grapcli08{ + hardware ethernet 00:1f:ca:27:99:ce; + fixed-address 100.81.0.5; +} +subnet 10.0.82.0 netmask 255.255.255.0 { + range 10.0.82.10 10.0.82.70; +} +subnet 10.0.83.0 netmask 255.255.255.0 { + range 10.0.83.10 10.0.83.70; +} + # dhcpd.conf # # Sample configuration file for ISC dhcpd @@ -24,7 +39,7 @@ ddns-update-style none; # have to hack syslog.conf to complete the redirection). #log-facility local7; -# No service will be given on this subnet, but declaring it helps the +# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { @@ -105,18 +120,3 @@ ddns-update-style none; # range 10.0.29.10 10.0.29.230; # } #} - - -subnet 100.21.0.0 netmask 255.255.255.0 { - range 100.21.0.10 100.21.0.70; -} -host ap-grapcli02{ - hardware ethernet 00:1f:ca:27:99:ce; - fixed-address 100.21.0.3; -} -subnet 10.0.22.0 netmask 255.255.255.0 { - range 10.0.22.10 10.0.22.70; -} -subnet 10.0.23.0 netmask 255.255.255.0 { - range 10.0.23.10 10.0.23.70; -} -- GitLab