Инструменты пользователя
Боковая панель
cisco:air-lap
Это старая версия документа!
Содержание
Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242
Настройка одного ssid
Подключаюсь консолью (9600) удаляю старые настройки и перегружаю
erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete reload
После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы).
enable
Смотрю IP настроенные в точке доступа
sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES other up up Dot11Radio0 unassigned YES unset administratively down down Dot11Radio1 unassigned YES unset administratively down down FastEthernet0 unassigned YES other up up
или sh ip aliases Address Type IP Address Port Interface 10.215.130.124
no ip domain lookup
При необходимости меняю адрес
#configure terminal (config)#interface BVI1 (config-if)#ip address 192.168.0.100 255.255.255.0 (config-if)#exit (config)#exit
Задаю имя точки доступа, пароль на вход и enable рижим
#configure terminal (config)#hostname ИМЯ (config)#enable secret PASSWORD1 (config)#username USER privilege 15 secret PASSWORD2
или так
(config)#username USER privilege 15 password PASSWORD2
Удаляю пользователя Cisco или не удаляю :)
(config)#no username Cisco (config)#exit
Настрайка SSID
#configure terminal (config)#dot11 ssid NAME1 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#guest-mode (config-ssid)#wpa-psk ascii 0 KEY (config-ssid)#exit (config)#dot11 ssid NAME2 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#guest-mode (config-ssid)#wpa-psk ascii 0 KEY (config-ssid)#exit
Настройка радио-интерфейсов
#configure terminal (config)#interface Dot11Radio0 (config-if)#encryption mode ciphers aes-ccm (config-if)#ssid NAME1 (config-if)#speed basic-54.0 54.0 (config-if)#channel 2412 (config-if)#station-role root access-point (config-if)#no shutdown (config-if)#exit #configure terminal (config)#interface Dot11Radio1 (config-if)#encryption mode ciphers aes-ccm (config-if)#ssid NAME2 (config-if)#speed basic-54.0 54.0 (config-if)#channel 5260 (1242 только dfs) (config-if)#station-role root access-point (config-if)#no shutdown (config-if)#exit (config)#exit #write memory
Проверка подключенных клиентов
#show dot11 statistics client-traffic
Dot11Radio0: -- Client Statistics
---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL
Client-ACL WebAuth-ACL L2-ACL
RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail
(Client) MaxPri DefUniPri DefMultPri WiredProt
IP Address Pauses Idle RateTx RateDataTx RSC
Video Report: Cnt Rate Retries/Tot
8021x auth in prog 0 allowed 0
AID Hold list
Dot11Radio1: -- Client Statistics
---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL
Client-ACL WebAuth-ACL L2-ACL
001e.65ab.77e6 1 1 00 40140 000 07E 5 0-0 (0) 0180 200 0-10 00FF000000000000000 006C 048 - - -
- -
RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail
001e.65ab.77e6 84 15 0 0 0 0 19 2 11 63 35 0 0
Tx Params Pri BA TxLt
001e.65ab.77e6 0 0 4
001e.65ab.77e6 1 0 4
001e.65ab.77e6 2 0 4
001e.65ab.77e6 3 0 4
001e.65ab.77e6 4 0 4
001e.65ab.77e6 5 0 4
001e.65ab.77e6 6 0 4
001e.65ab.77e6 7 0 4
(Client) MaxPri DefUniPri DefMultPri WiredProt
001e.65ab.77e6 0 0 0 0
IP Address Pauses Idle RateTx RateDataTx RSC
001e.65ab.77e6 10.215.130.202 00000 000000 0 0 [0]0x51 [6]0x32
Video Report: Cnt Rate Retries/Tot
8021x auth in prog 0 allowed 0
Настройка мулmти ssid
#erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete #reload Proceed with reload? [confirm]
>sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES other up up Dot11Radio0 unassigned YES unset administratively down down Dot11Radio1 unassigned YES unset administratively down down FastEthernet0 unassigned YES other up up >enable Password: #configure terminal Enter configuration commands, one per line. End with CNTL/Z. (config)#interface BVI1 (config-if)#ip address 10.215.130.124 255.255.255.0 (config-if)#ex
#sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES manual up up Dot11Radio0 unassigned YES unset administratively down down Dot11Radio1 unassigned YES unset administratively down down FastEthernet0 unassigned YES other up up
#conf t (config)#hostname garage (config)#enable secret Rk0nbr^2o2o (config)#username cisco privilege 15 password Rk0nbr^2o2o
(config)#dot11 ssid My-WI-FI (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#wpa-psk ascii 7 047F011216384A54361703060B0D (config-ssid)#vlan 1 (config-ssid)#mbssid guest-mode (config-ssid)#exit
(config)#dot11 ssid banana (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#wpa-psk ascii 7 047F011216384A54361703060B0D (config-ssid)#wpa-psk ascii 0 FR74#372794 (config-ssid)#vlan 3 (config-ssid)#mbssid guest-mode (config-ssid)#ex
(config)#int d0.1 (config-subif)#encapsulation dot1Q 1 native (config-subif)#bridge-group 1 (config-subif)#ex
(config)#int d0.3 (config-subif)#encapsulation dot1Q 3 (config-subif)#bridge-group 3 (config-subif)#ex
(config)#int fa (config)#int fastEthernet 0.1 (config-subif)#encapsulation dot1Q 1 native (config-subif)#bridge-group 1 (config-subif)#ex
(config)#int fastEthernet 0.3 (config-subif)#encapsulation dot1Q 3 (config-subif)#bridge-group 3 (config-subif)#ex (config)#ex
#sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES NVRAM up up Dot11Radio0 unassigned YES NVRAM administratively down down Dot11Radio0.1 unassigned YES unset administratively down down Dot11Radio0.3 unassigned YES unset administratively down down Dot11Radio1 unassigned YES NVRAM administratively down down FastEthernet0 unassigned YES NVRAM up up FastEthernet0.1 unassigned YES unset up up FastEthernet0.3 unassigned YES unset up up
#conf t Enter configuration commands, one per line. End with CNTL/Z. (config)#int d0 (config-if)#mbssid (config-if)#encryption vlan 1 mode ciphers aes-ccm (config-if)#encryption vlan 3 mode ciphers aes-ccm (config-if)#ssid My-WI-FI (config-if)#ssid banana (config-if)#channel 2457 (config-if)#no shutdown
garage#sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES NVRAM up up Dot11Radio0 unassigned YES NVRAM up up Dot11Radio0.1 unassigned YES unset up up Dot11Radio0.3 unassigned YES unset up up Dot11Radio1 unassigned YES NVRAM administratively down down FastEthernet0 unassigned YES NVRAM up up FastEthernet0.1 unassigned YES unset up up FastEthernet0.3 unassigned YES unset up up garage#
garage#sh running-config Building configuration...
Current configuration : 2466 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname garage ! enable secret 5 $1$PioM$4Nr3bXp6V/X6vtB0zIecw. ! no aaa new-model no ip domain lookup ip domain name klotik.ru ! ! ! dot11 ssid My-WI-FI vlan 1 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 047F011216384A54361703060B0D ! dot11 ssid banana vlan 3 authentication open authentication key-management wpa mbssid guest-mode wpa-psk ascii 7 052D3458750F1D5E4B524E46 ! power inline negotiation prestandard source ! ! username Cisco privilege 15 password 7 0336505B080D33721C064B0A ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 1 mode ciphers aes-ccm ! encryption vlan 3 mode ciphers aes-ccm ! ssid My-WI-FI ! ssid banana ! mbssid channel 2457 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 3 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown no dfs band block channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.3 encapsulation dot1Q 3 no ip route-cache bridge-group 3 no bridge-group 3 source-learning bridge-group 3 spanning-disabled ! interface BVI1 ip address 10.215.130.124 255.255.255.0 no ip route-cache ! ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local ! end #
sh dot11 associations all-client Address : ace3.4265.d64e Name : NONE IP Address : 10.215.130.195 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : My-WI-FI VLAN : 1 Hops to Infra : 1 Association Id : 2 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PS Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Signal Strength : -67 dBm Connected for : 23 seconds Signal to Noise : 29 dB Activity Timeout : 60 seconds Power-save : On Last Activity : 0 seconds ago Apsd DE AC(s) : NONE Packets Input : 172 Packets Output : 100 Bytes Input : 16567 Bytes Output : 13117 Duplicates Rcvd : 0 Data Retries : 10 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never Address : a020.a611.c946 Name : NONE IP Address : 192.168.100.102 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : banana VLAN : 3 Hops to Infra : 1 Association Id : 1 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PS Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Signal Strength : -70 dBm Connected for : 283 seconds Signal to Noise : 30 dB Activity Timeout : 51 seconds Power-save : Off Last Activity : 9 seconds ago Apsd DE AC(s) : NONE Packets Input : 158 Packets Output : 158 Bytes Input : 18282 Bytes Output : 15776 Duplicates Rcvd : 0 Data Retries : 66 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never
Ссылки:
cisco/air-lap.1625427290.txt.gz · Последние изменения: 2021/07/04 19:34 — alex
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: GNU Free Documentation License 1.3
