...
Взаимодействие элементов системы
...
...
Конфигурование WLC
...
Конфигурация адресных объектов:
...
| Блок кода |
|---|
bridge 1 description "MGMT_AP" security-zone trusted ip firewall disable ip address 192.168.1.1/24 no spanning-tree enable exit bridge 2 description "Internet" security-zone untrusted ip firewall disable ip address 100.110.0.246/23 no spanning-tree enable exit bridge 3 description "SoftGRE_or_L2" vlan 3 mtu 1458 history statistics security-zone users ip address 192.168.2.1/24 no spanning-tree enable exit bridge 4 description "SoftGRE_or_L2-BRAS" vlan 4 security-zone users ip firewall disable ip address 192.168.3.1/24 service-subscriber-control object-group bras_users location data10 protected-ports local no spanning-tree enable exit |
...
Настройка RADIUS
| Блок кода |
|---|
radius-server local nas ap host 100.110.1.44 key ascii-text encrypted testing123wnampass network 192.168.1.0/24 exit nas local source-address 100.110.0.246 exit aaa radius-profile bras_radius radius-server host 100.110.1.44 exit das-server das key ascii-text encrypted testing123wnampass port 3799 network 127.0.0.1/32 exit domain default exit virtual-server default enable exit enable exit radius-server host 100.110.1.44 key ascii-text encrypted wnampass source-address 100.110.0.246 exit radius-server host 127.0.0.1 key ascii-text encrypted testing123 exit aaa radius-profile bras_radius radius-server host 100.110.1.44 exit aaa radius-profile default_radius radius-server host 127.0.0.1 exit das-server das key ascii-text encrypted wnampass port 3799 clients object-group wnam_servers exit aaa das-profile bras_das das-server das exit |
Конфигурация туннеля Softgre:
| Блок кода |
|---|
tunnel softgre 1
mode data
local address 192.168.1.1
default-profile
enable
exit |
Конфигурация режима WLC:
clients object-group wnam_servers
exit
aaa das-profile bras_das
das-server das
exit |
Конфигурация режима WLC:
| Блок кода |
|---|
wlc
ap-location default-location
description default-location
mode tunnel
ap-profile default-ap
ssid-profile default-ssid
ssid-profile freeSSID_bras
exit
ssid-profile default-ssid
description F.E.wlc-30_PSK
ssid F.E.wlc-30_PSK
vlan-id 3
security-mode WPA2
key-wpa ascii-text encrypted wifipass
802.11kv
band 2g
band 5g
enable
exit
ssid-profile freeSSID_bras
description F.E.free
ssid F.E.freeSSID
vlan-id 4
band 2g
band 5g |
| Блок кода |
wlc outside-address 192.168.1.1 service-activator aps join auto password private-crt-key ascii-text encrypted testing123 exit airtune enable exit ap-location default-locationexit |
Конфигурация Softgre-controller:
| Блок кода |
|---|
softgre-controller service-vlan add description default3-location mode tunnel4 exit |
Конфигурация DHCP сервера:
| Блок кода |
|---|
ip dhcp-server pool ap-pool2 network ap-profile default-ap ssid-profile default-ssid ssid-profile freeSSID_bras exit ssid-profile default-ssid description F.E.wlc-30_PSK ssid F.E.wlc-30_PSK vlan-id 3 security-mode WPA2 key-wpa ascii-text encrypted wifipass 802.11kv band 2g band 5g enable exit ssid-profile freeSSID_bras description F.E.free ssid F.E.freeSSID vlan-id 4 band 2g band 5g enable exit ap-profile default-ap password ascii-text encrypted testing123 services ip ssh server ip http server exit exit radius-profile default-radius auth-address 192.168.1.1 auth-password ascii-text encrypted testing123 domain default exit ip-pool default-ip-pool description default-ip-pool ap-location default-location exit enable exit |
Конфигурация Softgre-controller:
| Блок кода |
|---|
softgre-controller
nas-ip-address 127.0.0.1
data-tunnel configuration wlc
aaa radius-profile default_radius
keepalive-disable
service-vlan add 3-4
enable
exit |
Конфигурация DHCP сервера:
| Блок кода |
|---|
ip dhcp-server
ip dhcp-server pool ap-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
dns-server 192.168.1.1
option 42 ip-address 192.168.1.1
vendor-specific
suboption 12 ascii-text "192.168.1.1"
suboption 15 ascii-text "https://192.168.1.1:8043"
exit
exit
ip dhcp-server pool users-pool
network 192.168.2.0/24
address-range 192.168.2.2-192.168.2.254
default-router 192.168.2.1
dns-server 192.168.2.1
exit
ip dhcp-server pool ap-pool2
network 192.168.3.0/24
address-range 192.168.3.20-192.168.3.250
default-router 192.168.3.1
dns-server 192.168.3.1
exit |
Конфигурация NAT:
192.168.3.0/24
address-range 192.168.3.20-192.168.3.250
default-router 192.168.3.1
dns-server 192.168.3.1
exit |
Конфигурация NAT:
| Блок кода |
|---|
nat source
pool translate
ip address-range 100.110.0.246
exit
ruleset SNAT
to interface gigabitethernet 1/0/1.1000
rule 1
match source-address object-group local
action source-nat pool translate
enable
exit
rule 2
match source-address object-group local2
action source-nat pool translate
enable
exit
exit
exit |
Конфигурация Security Zone-Pair:
| Блок кода |
|---|
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port object-group dhcp_server
match destination-port object-group dhcp_client
enable
exit
rule 10
action permit
match protocol tcp
match destination-port object-group ssh
enable
exit
rule 20
action permit
match protocol tcp
match destination-port object-group http
enable
|
| Блок кода |
nat source
pool translate
ip address-range 100.110.0.246
exit
ruleset SNAT
to interface gigabitethernet 1/0/1.1000
rule 1
match source-address object-group local
action source-nat pool translate
enable
exit
rule 2
match source-address object-group local2
action source-nat pool translate
enable
exit
exit
exit |
Полная конфигурация приведена в файле:wlc-30_bars-wnam_hotspot.conf
...
