Инструменты пользователя
cisco:air-lap
Различия
Здесь показаны различия между двумя версиями данной страницы.
| Следующая версия | Предыдущая версия | ||
|
cisco:air-lap [2020/02/15 21:56] alex создано |
cisco:air-lap [2021/07/07 06:19] (текущий) alex |
||
|---|---|---|---|
| Строка 1: | Строка 1: | ||
| ===== Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242 ===== | ===== Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242 ===== | ||
| + | ==== Настройка одного ssid ==== | ||
| - | Ссылки:\\ | + | Подключаюсь консолью (9600) удаляю старые настройки и перегружаю |
| - | http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9 | + | erase nvram: |
| + | Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] | ||
| + | [OK] | ||
| + | Erase of nvram: complete | ||
| + | reload | ||
| + | |||
| + | После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). | ||
| + | enable | ||
| + | |||
| + | Смотрю IP настроенные в точке доступа | ||
| + | |||
| + | sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 10.215.130.124 YES other up up | ||
| + | Dot11Radio0 unassigned YES unset administratively down down | ||
| + | Dot11Radio1 unassigned YES unset administratively down down | ||
| + | FastEthernet0 unassigned YES other up up | ||
| + | |||
| + | или | ||
| + | sh ip aliases | ||
| + | Address Type IP Address Port | ||
| + | Interface 10.215.130.124 | ||
| + | |||
| + | Отключаю функцию поиска по DNS | ||
| + | no ip domain lookup | ||
| + | |||
| + | Отключаю web | ||
| + | (config)#no ip http server | ||
| + | |||
| + | При необходимости меняю адрес | ||
| + | #configure terminal | ||
| + | (config)#interface BVI1 | ||
| + | (config-if)#ip address 192.168.0.100 255.255.255.0 | ||
| + | (config-if)#exit | ||
| + | (config)#exit | ||
| + | |||
| + | Задаю имя точки доступа, пароль на вход и enable режим | ||
| + | #configure terminal | ||
| + | (config)#hostname ИМЯ | ||
| + | (config)#enable secret PASSWORD1 | ||
| + | (config)#username USER privilege 15 secret PASSWORD2 | ||
| + | или так | ||
| + | (config)#username USER privilege 15 password PASSWORD2 | ||
| + | |||
| + | Удаляю пользователя Cisco или не удаляю :) | ||
| + | (config)#no username Cisco | ||
| + | (config)#exit | ||
| + | |||
| + | Настройка SSID | ||
| + | #configure terminal | ||
| + | (config)#dot11 ssid NAME1 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#guest-mode | ||
| + | (config-ssid)#wpa-psk ascii 0 KEY | ||
| + | (config-ssid)#exit | ||
| + | (config)#dot11 ssid NAME2 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#guest-mode | ||
| + | (config-ssid)#wpa-psk ascii 0 KEY | ||
| + | (config-ssid)#exit | ||
| + | |||
| + | Настройка радио-интерфейсов | ||
| + | #configure terminal | ||
| + | (config)#interface Dot11Radio0 | ||
| + | (config-if)#encryption mode ciphers aes-ccm | ||
| + | (config-if)#ssid NAME1 | ||
| + | (config-if)#speed basic-54.0 54.0 | ||
| + | (config-if)#channel 2412 | ||
| + | (config-if)#station-role root access-point | ||
| + | (config-if)#no shutdown | ||
| + | (config-if)#exit | ||
| + | #configure terminal | ||
| + | (config)#interface Dot11Radio1 | ||
| + | (config-if)#encryption mode ciphers aes-ccm | ||
| + | (config-if)#ssid NAME2 | ||
| + | (config-if)#speed basic-54.0 54.0 | ||
| + | (config-if)#channel 5260 (1242 только dfs) | ||
| + | (config-if)#station-role root access-point | ||
| + | (config-if)#no shutdown | ||
| + | (config-if)#exit | ||
| + | (config)#exit | ||
| + | #write memory | ||
| + | |||
| + | Проверка подключенных клиентов | ||
| + | #show dot11 statistics client-traffic | ||
| + | |||
| + | Dot11Radio0: -- Client Statistics | ||
| + | ---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL | ||
| + | Client-ACL WebAuth-ACL L2-ACL | ||
| + | RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail | ||
| + | (Client) MaxPri DefUniPri DefMultPri WiredProt | ||
| + | IP Address Pauses Idle RateTx RateDataTx RSC | ||
| + | Video Report: Cnt Rate Retries/Tot | ||
| + | 8021x auth in prog 0 allowed 0 | ||
| + | |||
| + | AID Hold list | ||
| + | |||
| + | |||
| + | Dot11Radio1: -- Client Statistics | ||
| + | ---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL | ||
| + | Client-ACL WebAuth-ACL L2-ACL | ||
| + | 001e.65ab.77e6 1 1 00 40140 000 07E 5 0-0 (0) 0180 200 0-10 00FF000000000000000 006C 048 - - - | ||
| + | - - | ||
| + | RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail | ||
| + | 001e.65ab.77e6 84 15 0 0 0 0 19 2 11 63 35 0 0 | ||
| + | Tx Params Pri BA TxLt | ||
| + | 001e.65ab.77e6 0 0 4 | ||
| + | 001e.65ab.77e6 1 0 4 | ||
| + | 001e.65ab.77e6 2 0 4 | ||
| + | 001e.65ab.77e6 3 0 4 | ||
| + | 001e.65ab.77e6 4 0 4 | ||
| + | 001e.65ab.77e6 5 0 4 | ||
| + | 001e.65ab.77e6 6 0 4 | ||
| + | 001e.65ab.77e6 7 0 4 | ||
| + | (Client) MaxPri DefUniPri DefMultPri WiredProt | ||
| + | 001e.65ab.77e6 0 0 0 0 | ||
| + | IP Address Pauses Idle RateTx RateDataTx RSC | ||
| + | 001e.65ab.77e6 10.215.130.202 00000 000000 0 0 [0]0x51 [6]0x32 | ||
| + | Video Report: Cnt Rate Retries/Tot | ||
| + | 8021x auth in prog 0 allowed 0 | ||
| + | |||
| + | ==== Настройка multi ssid ==== | ||
| + | |||
| + | Подключаюсь консолью (9600) удаляю старые настройки и перегружаю | ||
| + | #erase nvram: | ||
| + | Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] | ||
| + | [OK] | ||
| + | Erase of nvram: complete | ||
| + | #reload | ||
| + | Proceed with reload? [confirm] | ||
| + | |||
| + | После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). | ||
| + | enable | ||
| + | |||
| + | Смотрю IP настроенные в точке доступа | ||
| + | >sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 10.215.130.124 YES other up up | ||
| + | Dot11Radio0 unassigned YES unset administratively down down | ||
| + | Dot11Radio1 unassigned YES unset administratively down down | ||
| + | FastEthernet0 unassigned YES other up up | ||
| + | |||
| + | При необходимости меняю адрес | ||
| + | >enable | ||
| + | Password: | ||
| + | #configure terminal | ||
| + | Enter configuration commands, one per line. End with CNTL/Z. | ||
| + | (config)#interface BVI1 | ||
| + | (config-if)#ip address 192.168.0.100 255.255.255.0 | ||
| + | (config-if)#ex | ||
| + | |||
| + | Отключаю функцию поиска по DNS | ||
| + | (config)#no ip domain lookup | ||
| + | |||
| + | Отключаю web | ||
| + | (config)#no ip http server | ||
| + | |||
| + | Задаю имя точки доступа, пароль на вход и enable режим | ||
| + | #conf t | ||
| + | (config)#hostname ИМЯ | ||
| + | (config)#enable secret PASSWORD1 | ||
| + | (config)#username USER privilege 15 secret PASSWORD2 | ||
| + | или так | ||
| + | (config)#username USER privilege 15 password PASSWORD2 | ||
| + | |||
| + | Настройка SSID | ||
| + | (config)#dot11 ssid NAME1 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#wpa-psk ascii 7 хэш пароля | ||
| + | или | ||
| + | (config-ssid)#wpa-psk ascii 0 пароль | ||
| + | (config-ssid)#vlan 1 | ||
| + | (config-ssid)#mbssid guest-mode | ||
| + | (config-ssid)#exit | ||
| + | |||
| + | (config)#dot11 ssid NAME2 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#wpa-psk ascii 0 пароль | ||
| + | (config-ssid)#vlan 3 | ||
| + | (config-ssid)#mbssid guest-mode | ||
| + | (config-ssid)#ex | ||
| + | |||
| + | Настраиваю радио интерфейс для первого вэлана | ||
| + | (config)#int d0.1 | ||
| + | (config-subif)#encapsulation dot1Q 1 native | ||
| + | (config-subif)#bridge-group 1 | ||
| + | (config-subif)#ex | ||
| + | |||
| + | Настраиваю радио интерфейс для третьего вэлана | ||
| + | (config)#int d0.3 | ||
| + | (config-subif)#encapsulation dot1Q 3 | ||
| + | (config-subif)#bridge-group 3 | ||
| + | (config-subif)#ex | ||
| + | |||
| + | Настраиваю сетевые интерфейсы под вэланы | ||
| + | (config)#int fastEthernet 0.1 | ||
| + | (config-subif)#encapsulation dot1Q 1 native | ||
| + | (config-subif)#bridge-group 1 | ||
| + | (config-subif)#ex | ||
| + | (config)#int fastEthernet 0.3 | ||
| + | (config-subif)#encapsulation dot1Q 3 | ||
| + | (config-subif)#bridge-group 3 | ||
| + | (config-subif)#ex | ||
| + | (config)#ex | ||
| + | |||
| + | Проверяю что получилось | ||
| + | #sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 192.168.0.100 YES NVRAM up up | ||
| + | Dot11Radio0 unassigned YES NVRAM administratively down down | ||
| + | Dot11Radio0.1 unassigned YES unset administratively down down | ||
| + | Dot11Radio0.3 unassigned YES unset administratively down down | ||
| + | Dot11Radio1 unassigned YES NVRAM administratively down down | ||
| + | FastEthernet0 unassigned YES NVRAM up up | ||
| + | FastEthernet0.1 unassigned YES unset up up | ||
| + | FastEthernet0.3 unassigned YES unset up up | ||
| + | |||
| + | Настраиваю радио интерфейс для мульти ssid | ||
| + | #conf t | ||
| + | (config)#int d0 | ||
| + | (config-if)#mbssid | ||
| + | (config-if)#encryption vlan 1 mode ciphers aes-ccm | ||
| + | (config-if)#encryption vlan 3 mode ciphers aes-ccm | ||
| + | (config-if)#ssid My-WI-FI | ||
| + | (config-if)#ssid banana | ||
| + | (config-if)#channel 2457 | ||
| + | (config-if)#no shutdown | ||
| + | |||
| + | #sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 10.215.130.124 YES NVRAM up up | ||
| + | Dot11Radio0 unassigned YES NVRAM up up | ||
| + | Dot11Radio0.1 unassigned YES unset up up | ||
| + | Dot11Radio0.3 unassigned YES unset up up | ||
| + | Dot11Radio1 unassigned YES NVRAM administratively down down | ||
| + | FastEthernet0 unassigned YES NVRAM up up | ||
| + | FastEthernet0.1 unassigned YES unset up up | ||
| + | FastEthernet0.3 unassigned YES unset up up | ||
| + | garage# | ||
| + | |||
| + | garage#sh running-config | ||
| + | Building configuration... | ||
| + | |||
| + | |||
| + | |||
| + | Просмотр подключенных клиентов | ||
| + | sh dot11 associations all-client | ||
| + | Address : ace3.4265.d64e Name : NONE | ||
| + | IP Address : 10.215.130.195 Interface : Dot11Radio 0 | ||
| + | Device : unknown Software Version : NONE | ||
| + | CCX Version : NONE Client MFP : Off | ||
| + | |||
| + | State : Assoc Parent : self | ||
| + | SSID : My-WI-FI | ||
| + | VLAN : 1 | ||
| + | Hops to Infra : 1 Association Id : 2 | ||
| + | Clients Associated: 0 Repeaters associated: 0 | ||
| + | Tunnel Address : 0.0.0.0 | ||
| + | Key Mgmt type : WPAv2 PS Encryption : AES-CCMP | ||
| + | Current Rate : 54.0 Capability : WMM ShortHdr | ||
| + | Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 | ||
| + | Voice Rates : disabled | ||
| + | Signal Strength : -67 dBm Connected for : 23 seconds | ||
| + | Signal to Noise : 29 dB Activity Timeout : 60 seconds | ||
| + | Power-save : On Last Activity : 0 seconds ago | ||
| + | Apsd DE AC(s) : NONE | ||
| + | |||
| + | Packets Input : 172 Packets Output : 100 | ||
| + | Bytes Input : 16567 Bytes Output : 13117 | ||
| + | Duplicates Rcvd : 0 Data Retries : 10 | ||
| + | Decrypt Failed : 0 RTS Retries : 0 | ||
| + | MIC Failed : 0 MIC Missing : 0 | ||
| + | Packets Redirected: 0 Redirect Filtered: 0 | ||
| + | Session timeout : 0 seconds | ||
| + | Reauthenticate in : never | ||
| + | |||
| + | Address : a020.a611.c946 Name : NONE | ||
| + | IP Address : 192.168.100.102 Interface : Dot11Radio 0 | ||
| + | Device : unknown Software Version : NONE | ||
| + | CCX Version : NONE Client MFP : Off | ||
| + | |||
| + | State : Assoc Parent : self | ||
| + | SSID : banana | ||
| + | VLAN : 3 | ||
| + | Hops to Infra : 1 Association Id : 1 | ||
| + | Clients Associated: 0 Repeaters associated: 0 | ||
| + | Tunnel Address : 0.0.0.0 | ||
| + | Key Mgmt type : WPAv2 PS Encryption : AES-CCMP | ||
| + | Current Rate : 54.0 Capability : WMM ShortHdr | ||
| + | Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 | ||
| + | Voice Rates : disabled | ||
| + | Signal Strength : -70 dBm Connected for : 283 seconds | ||
| + | Signal to Noise : 30 dB Activity Timeout : 51 seconds | ||
| + | Power-save : Off Last Activity : 9 seconds ago | ||
| + | Apsd DE AC(s) : NONE | ||
| + | |||
| + | Packets Input : 158 Packets Output : 158 | ||
| + | Bytes Input : 18282 Bytes Output : 15776 | ||
| + | Duplicates Rcvd : 0 Data Retries : 66 | ||
| + | Decrypt Failed : 0 RTS Retries : 0 | ||
| + | MIC Failed : 0 MIC Missing : 0 | ||
| + | Packets Redirected: 0 Redirect Filtered: 0 | ||
| + | Session timeout : 0 seconds | ||
| + | Reauthenticate in : never | ||
| + | ==== Ссылки: ==== | ||
| + | |||
| + | http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9\\ | ||
| + | https://study-ccna.com/encrypt-local-usernames-and-passwords\\ | ||
| + | https://www.youtube.com/watch?v=zSX3ekJmPtI\\ | ||
| + | http://maxblogs.ru/articles/nastroika-dvukh-ssid-na-tochke-dostupa-wifi-ot-cisco | ||
cisco/air-lap.1581803817.txt.gz · Последние изменения: 2020/02/15 21:56 — alex
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: GNU Free Documentation License 1.3
