...
| Блок кода |
|---|
object-group network wnam_servers
ip address-range 100.110.1.44
exit
object-group network bras_users
ip address-range 192.168.3.20-192.168.3.250
exit
object-group urlnetwork defaultServicelocal
url http://100.110.1.44
exit |
...
| Блок кода |
|---|
bridge 1
description "MGMT_AP"
security-zone trusted
ip firewall disableip address-range 192.168.2.1-192.168.2.254
exit
object-group network local2
ip address-range 192.168.3.1-192.168.3.254
exit
object-group url defaultService
url http://100.110.1.44
exit |
Конфигурация Бриджей:
| Блок кода |
|---|
bridge 1.1/24
no spanning-tree
enable
exit
bridge 2
description "InternetMGMT_AP"
security-zone untrustedtrusted
ip firewall disable
ip address 100192.110168.01.246/1/24
no spanning-tree
enable
exit
bridge 2
description "Internet"
security-zone untrusted
ip firewall disable
ip address 100.110.0.246/23
service-policy dynamic upstream
no spanning-tree
enable
exit
bridge 3
description "SoftGRE_or_L2"
vlan 3
mtu 1458
history statistics
security-zone users
ip address 192.168.2.1/24
service-policy dynamic downstream
no spanning-tree
enable
exit
bridge 4
description "SoftGRE_or_L2-BRAS"
vlan 4
security-zone users
ip firewall disable
ip address 192.168.3.1/24
service-subscriber-control object-group bras_users
location data10
protected-ports local
no spanning-tree
enable
exit |
Конфигурация интерфейсовVlan:
| Блок кода |
|---|
interfacevlan 3
force-up
exit
vlan 4
name "FreeSSID"
force-up
exit
vlan 10
name "MNMG-L2"
exit |
Конфигурация интерфейсов:
| Блок кода |
|---|
interface gigabitethernet gigabitethernet 1/0/1
spanning-tree disable
exit
interface gigabitethernet 1/0/1.1000
description "to-WNAM"
bridge-group 2
exit
interface gigabitethernet 1/0/4
lldp receive
exit
interface gigabitethernet 1/0/4.4
description "L2_BRAS"
bridge-group 4
exit
interface gigabitethernet 1/0/4.10
description "MNGT_AP"
bridge-group 1
exit |
...
| Блок кода |
|---|
ip access-list extended BYPASS
rule 10
action permit
match protocol udp
match source-port 68
match destination-port 67
enable
exit
rule 11
action permit
match protocol udp
match destination-port 53
enable
exit
exit
ip access-list extended WELCOME
rule 10
action permit
match protocol tcp
match destination-port 443
enable
exit
rule 30
action permit
match protocol tcp
match destination-port 80
enable
exit
exit
ip access-list extended INTERNET
rule 10
action permit
enable
exit
exit |
Конфигурация BRAS:
| Подсказка |
|---|
|
При конфигурации default-action redirect всегда используется шаблон "http://<ip-address WNAM>/cp/eltexwlc", где <ip-address WNAM> сетевой адрес сервера Netams WNAM.
В случае указания другого url авторизация работать не будет.
|
| Блок кода |
|---|
subscriber-control |
| Блок кода |
|---|
subscriber-control
aaa das-profile bras_das
aaa sessions-radius-profile bras_radius
aaa services-radius-profile bras_radius
nas-ip-address 100.110.0.246
session mac-authentication
bypass-traffic-acl BYPASS
default-service
class-map BYPASS
filter-name local defaultService
filter-action permit
default-action redirect http://100.110.1.44/cp/eltexwlc
session-timeout 600
exit
enable
exit |
...
|
При конфигурации default-action redirect всегда используется шаблон "http://<ip-address WNAM>/cp/eltexwlc", где <ip-address WNAM> сетевой адрес сервера Netams WNAM.
В случае указания другого url авторизация работать не будет.
|
Настройка RADIUS
| Блок кода |
|---|
radius-server |
| Блок кода |
|---|
radius-server local
nas ap
key ascii-text encrypted testing123
network 192.168.1.0/24
exit
nas local
key ascii-text encrypted testing123
network 127.0.0.1/32
exit
domain default
exit
virtual-server default
enable
exit
enable
exit
radius-server host 100.110.1.44
key ascii-text encrypted wnampass
source-address 100.110.0.246
exit
radius-server host 127.0.0.1
key ascii-text encrypted testing123
exit
aaa radius-profile bras_radius
radius-server host 100.110.1.44
exit
aaa radius-profile default_radius
radius-server host 127.0.0.1
exit
das-server das
key ascii-text encrypted wnampass
port 3799
clients object-group wnam_servers
exit
aaa das-profile bras_das
das-server das
exit |
...
| Блок кода |
|---|
wlc
outside-address 192.168.1.1
service-activator
aps join auto
password private-crt-key ascii-text encrypted 8CB5107EA7005AFF
crypto private-key wlc-sa.key
crypto cert wlc-sa.pem
exit
airtune
enable
exit
ap-location default-location
description default-location
mode tunnel
ap-profile default-ap
ssid-profile default-ssid
ssid-profile freeSSID_bras
exit
ssid-profile default-ssid
description F.E.wlc-30_PSK
ssid F.E.wlc-30_PSK
vlan-id 3
security-mode WPA2
key-wpa ascii-text encrypted C4EC5B35E85710A3
802.11kv
band 2g
band 5g
enable
exit
ssid-profile freeSSID_bras
description F.E.free
ssid F.E.freeSSID
vlan-id 4
band 2g
band 5g
enable
exit
ap-profile default-ap
password ascii-text encrypted 8CB5107EA7005AFF
services
ip ssh server
ip http server
exit
exit
radius-profile default-radius
auth-address 192.168.1.1
auth-password ascii-text encrypted 8CB5107EA7005AFF
domain default
exit
ip-pool default-ip-pool
description default-ip-pool
ap-location default-location
exit
enable
exit |
Конифгурация Softgre-controller:
| Блок кода |
|---|
softgre-controller
nas-ip-address 127.0.0.1
data-tunnel configuration wlc
aaa radius-profile default_radius
keepalive-disable
service-vlan add 3-4
enable
exit |
Конфигурация DHCP сервера:
| Блок кода |
|---|
ip dhcp-server
ip dhcp-server pool ap-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
dns-server 192.168.1.1
option 42 ip-address 192.168.1.1
vendor-specific
suboption 12 ascii-text "192.168.1.1"
suboption 15 ascii-text "https://192.168.1.1:8043"
exit
exit
ip dhcp-server pool users-pool
network 192.168.2.0/24
address-range 192.168.2.2-192.168.2.254
default-router 192.168.2.1
dns-server 192.168.2.1
exit
ip dhcp-server pool ap-pool2
network 192.168.3.0/24
address-range 192.168.3.20-192.168.3.250
default-router 192.168.3.1
dns-server 192.168.3.1
exit |
Конфигурация NAT:
| Блок кода |
|---|
nat source
pool translate
ssid F.E.freeSSID
ip vlanaddress-id 4range 100.110.0.246
exit
bandruleset 2gSNAT
bandto 5g
interface enablegigabitethernet 1/0/1.1000
exit
ap-profile default-ap
rule 1
password ascii-text encrypted 8CB5107EA7005AFF
match source-address object-group serviceslocal
action ipsource-nat sshpool servertranslate
ip http serverenable
exit
exit
radius-profile default-radiusrule 2
auth-address 192.168.1.1
auth-password ascii-text encrypted 8CB5107EA7005AFF
domain default
exit
ip-pool default-ip-pool match source-address object-group local2
action source-nat pool translate
description default-ip-pool enable
ap-location default-locationexit
exit
enable
exitexit |
Полная конфигурация приведена в файле:
| View file |
|---|
| name | wlc-30_bars-wnam_hotspot.conf |
|---|
| height | 250 |
|---|
|
