Commit aa12ad71 authored by Theo Maillart's avatar Theo Maillart

wifi & dhcp TODO -> Radius

parent 57b7ae6f
# VLAN -> Admin: 81 Personnel: 82 Invite: 83 ! VLAN -> Admin: 81 Personnel: 82 Invite: 83
# reset conf ! reset conf
enable enable
write erase write erase
delete flash:vlan.dat delete flash:vlan.dat
reload reload
# base conf ! base conf
## create VLAN !! create VLAN
conf t conf t
vlan 81 vlan 81
name VLAN_ADM name VLAN_ADM
...@@ -22,7 +22,7 @@ name VLAN_INVITE ...@@ -22,7 +22,7 @@ name VLAN_INVITE
state active state active
exit exit
## conf ip !! conf ip
int vlan 81 int vlan 81
ip address 100.81.0.1 255.255.255.0 ip address 100.81.0.1 255.255.255.0
int vlan 82 int vlan 82
...@@ -30,20 +30,28 @@ ip address 10.0.82.1 255.255.255.0 ...@@ -30,20 +30,28 @@ ip address 10.0.82.1 255.255.255.0
int vlan 83 int vlan 83
ip address 10.0.83.1 255.255.255.0 ip address 10.0.83.1 255.255.255.0
## conf physic port !! conf physic port
int fastethernet0 int fastethernet0
switchport mode trunk switchport mode trunk
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,81-83,1002-1005 switchport trunk allowed vlan 1,81-83,1002-1005
switchport trunk native vlan 81 switchport trunk native vlan 81
exit end
exit
!! conf physic port for wifi
int FastEthernet1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 81-83
switchport trunk native vlan 81
no shutdown
end
# save startup-conf ! save startup-conf
write memory write memory
# filtering ! filtering
## allow icmp/http/ssh/ftp to outside !! allow icmp/http/ssh/ftp to outside
access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo
access-list 102 permit tcp any any eq 80 access-list 102 permit tcp any any eq 80
access-list 103 permit tcp any any eq 22 access-list 103 permit tcp any any eq 22
...@@ -66,7 +74,7 @@ ip access-group 107 in ...@@ -66,7 +74,7 @@ ip access-group 107 in
ip access-group 108 in ip access-group 108 in
ip access-group 105 in ip access-group 105 in
## ACL for vlan_pers !! ACL for vlan_pers
access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80 access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22 access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22
...@@ -88,7 +96,10 @@ ip access-group 117 out ...@@ -88,7 +96,10 @@ ip access-group 117 out
ip access-group 118 out ip access-group 118 out
ip access-group 105 out ip access-group 105 out
# NAT inside = priv outside =target ! PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
! NAT inside = priv outside =target
interface vlan 83 interface vlan 83
ip nat inside ip nat inside
interface vlan 82 interface vlan 82
...@@ -96,6 +107,3 @@ ip nat outside ...@@ -96,6 +107,3 @@ ip nat outside
ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24 ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24
ip nat inside source list 9 pool ovrld overload ip nat inside source list 9 pool ovrld overload
access-list 9 permit 10.0.83.0 0.0.0.255 access-list 9 permit 10.0.83.0 0.0.0.255
# PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
# VLAN -> Admin: 81 Personnel: 82 Invite: 83 ! VLAN -> Admin: 81 Personnel: 82 Invite: 83
# address 100.81.0.5 ! address 100.81.0.5
! SSID Personnel82
! SSID Invite83
! configure connection to routeur - check MAC addr from DHCP conf
enable
conf t
int BVI 1
ip address dhcp
end
! channel choice
conf t
int Dot11radio0
no shut
channel 06
end
int Dot11radio1
no shut
channel 06
end
! configure VLANs 82-83 via web interface
! ssid conf
conf t
dot11 ssid Personnel82
vlan 82
authentication open
dot11 ssid Invite83
vlan 83
authentication open
int Dot11Radio0
ssid pers
ssid invite
int Dot11Radio1
ssid pers
ssid invite
end
! configure WPA first then use radius
conf t
dot11 ssid Personnel82
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
dot11 ssid Invite83
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
end
! SSID broadcast
conf t
dot11 ssid Personnel82
mbssid guest-mode
dot11 ssid Invite83
mbssid guest-mode
int Dot11Radio0
mbssid
int Dot11Radio0
mbssid
end
subnet 100.81.0.0 netmask 255.255.255.0 {
range 100.81.0.10 100.81.0.70;
}
host ap-grapcli08{
hardware ethernet 00:1f:ca:27:99:ce;
fixed-address 100.81.0.5;
}
subnet 10.0.82.0 netmask 255.255.255.0 {
range 10.0.82.10 10.0.82.70;
}
subnet 10.0.83.0 netmask 255.255.255.0 {
range 10.0.83.10 10.0.83.70;
}
# dhcpd.conf # dhcpd.conf
# #
# Sample configuration file for ISC dhcpd # Sample configuration file for ISC dhcpd
...@@ -24,7 +39,7 @@ ddns-update-style none; ...@@ -24,7 +39,7 @@ ddns-update-style none;
# have to hack syslog.conf to complete the redirection). # have to hack syslog.conf to complete the redirection).
#log-facility local7; #log-facility local7;
# No service will be given on this subnet, but declaring it helps the # No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology. # DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 { #subnet 10.152.187.0 netmask 255.255.255.0 {
...@@ -105,18 +120,3 @@ ddns-update-style none; ...@@ -105,18 +120,3 @@ ddns-update-style none;
# range 10.0.29.10 10.0.29.230; # range 10.0.29.10 10.0.29.230;
# } # }
#} #}
subnet 100.21.0.0 netmask 255.255.255.0 {
range 100.21.0.10 100.21.0.70;
}
host ap-grapcli02{
hardware ethernet 00:1f:ca:27:99:ce;
fixed-address 100.21.0.3;
}
subnet 10.0.22.0 netmask 255.255.255.0 {
range 10.0.22.10 10.0.22.70;
}
subnet 10.0.23.0 netmask 255.255.255.0 {
range 10.0.23.10 10.0.23.70;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment