Commit aa12ad71 authored by Theo Maillart's avatar Theo Maillart

wifi & dhcp TODO -> Radius

parent 57b7ae6f
# VLAN -> Admin: 81 Personnel: 82 Invite: 83
! VLAN -> Admin: 81 Personnel: 82 Invite: 83
# reset conf
! reset conf
enable
write erase
delete flash:vlan.dat
reload
# base conf
## create VLAN
! base conf
!! create VLAN
conf t
vlan 81
name VLAN_ADM
......@@ -22,7 +22,7 @@ name VLAN_INVITE
state active
exit
## conf ip
!! conf ip
int vlan 81
ip address 100.81.0.1 255.255.255.0
int vlan 82
......@@ -30,20 +30,28 @@ ip address 10.0.82.1 255.255.255.0
int vlan 83
ip address 10.0.83.1 255.255.255.0
## conf physic port
!! conf physic port
int fastethernet0
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,81-83,1002-1005
switchport trunk native vlan 81
exit
exit
end
!! conf physic port for wifi
int FastEthernet1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 81-83
switchport trunk native vlan 81
no shutdown
end
# save startup-conf
! save startup-conf
write memory
# filtering
## allow icmp/http/ssh/ftp to outside
! filtering
!! allow icmp/http/ssh/ftp to outside
access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo
access-list 102 permit tcp any any eq 80
access-list 103 permit tcp any any eq 22
......@@ -66,7 +74,7 @@ ip access-group 107 in
ip access-group 108 in
ip access-group 105 in
## ACL for vlan_pers
!! ACL for vlan_pers
access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22
......@@ -88,7 +96,10 @@ ip access-group 117 out
ip access-group 118 out
ip access-group 105 out
# NAT inside = priv outside =target
! PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
! NAT inside = priv outside =target
interface vlan 83
ip nat inside
interface vlan 82
......@@ -96,6 +107,3 @@ ip nat outside
ip nat pool ovrld 10.0.82.1 10.0.82.1 prefix 24
ip nat inside source list 9 pool ovrld overload
access-list 9 permit 10.0.83.0 0.0.0.255
# PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
# VLAN -> Admin: 81 Personnel: 82 Invite: 83
# address 100.81.0.5
! VLAN -> Admin: 81 Personnel: 82 Invite: 83
! address 100.81.0.5
! SSID Personnel82
! SSID Invite83
! configure connection to routeur - check MAC addr from DHCP conf
enable
conf t
int BVI 1
ip address dhcp
end
! channel choice
conf t
int Dot11radio0
no shut
channel 06
end
int Dot11radio1
no shut
channel 06
end
! configure VLANs 82-83 via web interface
! ssid conf
conf t
dot11 ssid Personnel82
vlan 82
authentication open
dot11 ssid Invite83
vlan 83
authentication open
int Dot11Radio0
ssid pers
ssid invite
int Dot11Radio1
ssid pers
ssid invite
end
! configure WPA first then use radius
conf t
dot11 ssid Personnel82
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
dot11 ssid Invite83
authentication key-management wpa version 2
wpa-psk ascii UtiliserRadius
end
! SSID broadcast
conf t
dot11 ssid Personnel82
mbssid guest-mode
dot11 ssid Invite83
mbssid guest-mode
int Dot11Radio0
mbssid
int Dot11Radio0
mbssid
end
subnet 100.81.0.0 netmask 255.255.255.0 {
range 100.81.0.10 100.81.0.70;
}
host ap-grapcli08{
hardware ethernet 00:1f:ca:27:99:ce;
fixed-address 100.81.0.5;
}
subnet 10.0.82.0 netmask 255.255.255.0 {
range 10.0.82.10 10.0.82.70;
}
subnet 10.0.83.0 netmask 255.255.255.0 {
range 10.0.83.10 10.0.83.70;
}
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
......@@ -24,7 +39,7 @@ ddns-update-style none;
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
......@@ -105,18 +120,3 @@ ddns-update-style none;
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet 100.21.0.0 netmask 255.255.255.0 {
range 100.21.0.10 100.21.0.70;
}
host ap-grapcli02{
hardware ethernet 00:1f:ca:27:99:ce;
fixed-address 100.21.0.3;
}
subnet 10.0.22.0 netmask 255.255.255.0 {
range 10.0.22.10 10.0.22.70;
}
subnet 10.0.23.0 netmask 255.255.255.0 {
range 10.0.23.10 10.0.23.70;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment