Инструменты пользователя
cisco:air-lap
Различия
Здесь показаны различия между двумя версиями данной страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
cisco:air-lap [2020/02/16 09:13] alex |
cisco:air-lap [2021/07/07 06:19] (текущий) alex |
||
|---|---|---|---|
| Строка 1: | Строка 1: | ||
| ===== Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242 ===== | ===== Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242 ===== | ||
| + | ==== Настройка одного ssid ==== | ||
| + | |||
| + | Подключаюсь консолью (9600) удаляю старые настройки и перегружаю | ||
| + | erase nvram: | ||
| + | Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] | ||
| + | [OK] | ||
| + | Erase of nvram: complete | ||
| + | reload | ||
| + | |||
| + | После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). | ||
| + | enable | ||
| + | |||
| + | Смотрю IP настроенные в точке доступа | ||
| - | Подключаюсь консолью и смотрю IP настроенные в точке доступа | ||
| sh ip interface br | sh ip interface br | ||
| Interface IP-Address OK? Method Status Protocol | Interface IP-Address OK? Method Status Protocol | ||
| - | BVI1 10.215.130.124 YES NVRAM up up | + | BVI1 10.215.130.124 YES other up up |
| - | Dot11Radio0 unassigned YES NVRAM up up | + | Dot11Radio0 unassigned YES unset administratively down down |
| - | Dot11Radio1 unassigned YES NVRAM up up | + | Dot11Radio1 unassigned YES unset administratively down down |
| - | FastEthernet0 unassigned YES NVRAM up up | + | FastEthernet0 unassigned YES other up up |
| - | или | + | |
| + | или | ||
| sh ip aliases | sh ip aliases | ||
| Address Type IP Address Port | Address Type IP Address Port | ||
| Interface 10.215.130.124 | Interface 10.215.130.124 | ||
| + | |||
| + | Отключаю функцию поиска по DNS | ||
| + | no ip domain lookup | ||
| + | |||
| + | Отключаю web | ||
| + | (config)#no ip http server | ||
| При необходимости меняю адрес | При необходимости меняю адрес | ||
| Строка 20: | Строка 39: | ||
| (config)#exit | (config)#exit | ||
| - | Задаю имя, домен и пароль | + | Задаю имя точки доступа, пароль на вход и enable режим |
| #configure terminal | #configure terminal | ||
| (config)#hostname ИМЯ | (config)#hostname ИМЯ | ||
| (config)#enable secret PASSWORD1 | (config)#enable secret PASSWORD1 | ||
| (config)#username USER privilege 15 secret PASSWORD2 | (config)#username USER privilege 15 secret PASSWORD2 | ||
| - | Удаляю пользователя Cisco | + | или так |
| + | (config)#username USER privilege 15 password PASSWORD2 | ||
| + | |||
| + | Удаляю пользователя Cisco или не удаляю :) | ||
| (config)#no username Cisco | (config)#no username Cisco | ||
| (config)#exit | (config)#exit | ||
| - | Настрайка SSID | + | Настройка SSID |
| #configure terminal | #configure terminal | ||
| (config)#dot11 ssid NAME1 | (config)#dot11 ssid NAME1 | ||
| Строка 103: | Строка 125: | ||
| Video Report: Cnt Rate Retries/Tot | Video Report: Cnt Rate Retries/Tot | ||
| 8021x auth in prog 0 allowed 0 | 8021x auth in prog 0 allowed 0 | ||
| - | |||
| - | Ссылки:\\ | + | ==== Настройка multi ssid ==== |
| + | |||
| + | Подключаюсь консолью (9600) удаляю старые настройки и перегружаю | ||
| + | #erase nvram: | ||
| + | Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] | ||
| + | [OK] | ||
| + | Erase of nvram: complete | ||
| + | #reload | ||
| + | Proceed with reload? [confirm] | ||
| + | |||
| + | После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). | ||
| + | enable | ||
| + | |||
| + | Смотрю IP настроенные в точке доступа | ||
| + | >sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 10.215.130.124 YES other up up | ||
| + | Dot11Radio0 unassigned YES unset administratively down down | ||
| + | Dot11Radio1 unassigned YES unset administratively down down | ||
| + | FastEthernet0 unassigned YES other up up | ||
| + | |||
| + | При необходимости меняю адрес | ||
| + | >enable | ||
| + | Password: | ||
| + | #configure terminal | ||
| + | Enter configuration commands, one per line. End with CNTL/Z. | ||
| + | (config)#interface BVI1 | ||
| + | (config-if)#ip address 192.168.0.100 255.255.255.0 | ||
| + | (config-if)#ex | ||
| + | |||
| + | Отключаю функцию поиска по DNS | ||
| + | (config)#no ip domain lookup | ||
| + | |||
| + | Отключаю web | ||
| + | (config)#no ip http server | ||
| + | |||
| + | Задаю имя точки доступа, пароль на вход и enable режим | ||
| + | #conf t | ||
| + | (config)#hostname ИМЯ | ||
| + | (config)#enable secret PASSWORD1 | ||
| + | (config)#username USER privilege 15 secret PASSWORD2 | ||
| + | или так | ||
| + | (config)#username USER privilege 15 password PASSWORD2 | ||
| + | |||
| + | Настройка SSID | ||
| + | (config)#dot11 ssid NAME1 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#wpa-psk ascii 7 хэш пароля | ||
| + | или | ||
| + | (config-ssid)#wpa-psk ascii 0 пароль | ||
| + | (config-ssid)#vlan 1 | ||
| + | (config-ssid)#mbssid guest-mode | ||
| + | (config-ssid)#exit | ||
| + | |||
| + | (config)#dot11 ssid NAME2 | ||
| + | (config-ssid)#authentication open | ||
| + | (config-ssid)#authentication key-management wpa | ||
| + | (config-ssid)#wpa-psk ascii 0 пароль | ||
| + | (config-ssid)#vlan 3 | ||
| + | (config-ssid)#mbssid guest-mode | ||
| + | (config-ssid)#ex | ||
| + | |||
| + | Настраиваю радио интерфейс для первого вэлана | ||
| + | (config)#int d0.1 | ||
| + | (config-subif)#encapsulation dot1Q 1 native | ||
| + | (config-subif)#bridge-group 1 | ||
| + | (config-subif)#ex | ||
| + | |||
| + | Настраиваю радио интерфейс для третьего вэлана | ||
| + | (config)#int d0.3 | ||
| + | (config-subif)#encapsulation dot1Q 3 | ||
| + | (config-subif)#bridge-group 3 | ||
| + | (config-subif)#ex | ||
| + | |||
| + | Настраиваю сетевые интерфейсы под вэланы | ||
| + | (config)#int fastEthernet 0.1 | ||
| + | (config-subif)#encapsulation dot1Q 1 native | ||
| + | (config-subif)#bridge-group 1 | ||
| + | (config-subif)#ex | ||
| + | (config)#int fastEthernet 0.3 | ||
| + | (config-subif)#encapsulation dot1Q 3 | ||
| + | (config-subif)#bridge-group 3 | ||
| + | (config-subif)#ex | ||
| + | (config)#ex | ||
| + | |||
| + | Проверяю что получилось | ||
| + | #sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 192.168.0.100 YES NVRAM up up | ||
| + | Dot11Radio0 unassigned YES NVRAM administratively down down | ||
| + | Dot11Radio0.1 unassigned YES unset administratively down down | ||
| + | Dot11Radio0.3 unassigned YES unset administratively down down | ||
| + | Dot11Radio1 unassigned YES NVRAM administratively down down | ||
| + | FastEthernet0 unassigned YES NVRAM up up | ||
| + | FastEthernet0.1 unassigned YES unset up up | ||
| + | FastEthernet0.3 unassigned YES unset up up | ||
| + | |||
| + | Настраиваю радио интерфейс для мульти ssid | ||
| + | #conf t | ||
| + | (config)#int d0 | ||
| + | (config-if)#mbssid | ||
| + | (config-if)#encryption vlan 1 mode ciphers aes-ccm | ||
| + | (config-if)#encryption vlan 3 mode ciphers aes-ccm | ||
| + | (config-if)#ssid My-WI-FI | ||
| + | (config-if)#ssid banana | ||
| + | (config-if)#channel 2457 | ||
| + | (config-if)#no shutdown | ||
| + | |||
| + | #sh ip interface br | ||
| + | Interface IP-Address OK? Method Status Protocol | ||
| + | BVI1 10.215.130.124 YES NVRAM up up | ||
| + | Dot11Radio0 unassigned YES NVRAM up up | ||
| + | Dot11Radio0.1 unassigned YES unset up up | ||
| + | Dot11Radio0.3 unassigned YES unset up up | ||
| + | Dot11Radio1 unassigned YES NVRAM administratively down down | ||
| + | FastEthernet0 unassigned YES NVRAM up up | ||
| + | FastEthernet0.1 unassigned YES unset up up | ||
| + | FastEthernet0.3 unassigned YES unset up up | ||
| + | garage# | ||
| + | |||
| + | garage#sh running-config | ||
| + | Building configuration... | ||
| + | |||
| + | |||
| + | |||
| + | Просмотр подключенных клиентов | ||
| + | sh dot11 associations all-client | ||
| + | Address : ace3.4265.d64e Name : NONE | ||
| + | IP Address : 10.215.130.195 Interface : Dot11Radio 0 | ||
| + | Device : unknown Software Version : NONE | ||
| + | CCX Version : NONE Client MFP : Off | ||
| + | |||
| + | State : Assoc Parent : self | ||
| + | SSID : My-WI-FI | ||
| + | VLAN : 1 | ||
| + | Hops to Infra : 1 Association Id : 2 | ||
| + | Clients Associated: 0 Repeaters associated: 0 | ||
| + | Tunnel Address : 0.0.0.0 | ||
| + | Key Mgmt type : WPAv2 PS Encryption : AES-CCMP | ||
| + | Current Rate : 54.0 Capability : WMM ShortHdr | ||
| + | Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 | ||
| + | Voice Rates : disabled | ||
| + | Signal Strength : -67 dBm Connected for : 23 seconds | ||
| + | Signal to Noise : 29 dB Activity Timeout : 60 seconds | ||
| + | Power-save : On Last Activity : 0 seconds ago | ||
| + | Apsd DE AC(s) : NONE | ||
| + | |||
| + | Packets Input : 172 Packets Output : 100 | ||
| + | Bytes Input : 16567 Bytes Output : 13117 | ||
| + | Duplicates Rcvd : 0 Data Retries : 10 | ||
| + | Decrypt Failed : 0 RTS Retries : 0 | ||
| + | MIC Failed : 0 MIC Missing : 0 | ||
| + | Packets Redirected: 0 Redirect Filtered: 0 | ||
| + | Session timeout : 0 seconds | ||
| + | Reauthenticate in : never | ||
| + | |||
| + | Address : a020.a611.c946 Name : NONE | ||
| + | IP Address : 192.168.100.102 Interface : Dot11Radio 0 | ||
| + | Device : unknown Software Version : NONE | ||
| + | CCX Version : NONE Client MFP : Off | ||
| + | |||
| + | State : Assoc Parent : self | ||
| + | SSID : banana | ||
| + | VLAN : 3 | ||
| + | Hops to Infra : 1 Association Id : 1 | ||
| + | Clients Associated: 0 Repeaters associated: 0 | ||
| + | Tunnel Address : 0.0.0.0 | ||
| + | Key Mgmt type : WPAv2 PS Encryption : AES-CCMP | ||
| + | Current Rate : 54.0 Capability : WMM ShortHdr | ||
| + | Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 | ||
| + | Voice Rates : disabled | ||
| + | Signal Strength : -70 dBm Connected for : 283 seconds | ||
| + | Signal to Noise : 30 dB Activity Timeout : 51 seconds | ||
| + | Power-save : Off Last Activity : 9 seconds ago | ||
| + | Apsd DE AC(s) : NONE | ||
| + | |||
| + | Packets Input : 158 Packets Output : 158 | ||
| + | Bytes Input : 18282 Bytes Output : 15776 | ||
| + | Duplicates Rcvd : 0 Data Retries : 66 | ||
| + | Decrypt Failed : 0 RTS Retries : 0 | ||
| + | MIC Failed : 0 MIC Missing : 0 | ||
| + | Packets Redirected: 0 Redirect Filtered: 0 | ||
| + | Session timeout : 0 seconds | ||
| + | Reauthenticate in : never | ||
| + | ==== Ссылки: ==== | ||
| http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9\\ | http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9\\ | ||
| - | https://study-ccna.com/encrypt-local-usernames-and-passwords | + | https://study-ccna.com/encrypt-local-usernames-and-passwords\\ |
| + | https://www.youtube.com/watch?v=zSX3ekJmPtI\\ | ||
| + | http://maxblogs.ru/articles/nastroika-dvukh-ssid-na-tochke-dostupa-wifi-ot-cisco | ||
cisco/air-lap.1581844431.txt.gz · Последние изменения: 2020/02/16 09:13 — alex
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: GNU Free Documentation License 1.3
