...
Configuration example of WLC-2
Connect to the WLC and enter configuration mode:
Change the name:
Create vlan 2449:
| Блок кода |
|---|
vlan 2449
force-up
exit |
Configure gi 1/0/2 interface to accept tagged traffic on VLAN 3 and 2449:
| Блок кода |
|---|
interface gigabitethernet 1/0/2
mode switchport
switchport mode trunk
switchport trunk allowed vlan add 3,2449
exit |
Create object-group for Firewall configuration:
| Блок кода |
|---|
object-group service sync
port-range 873
exit
object-group service softgre_controller
port-range 1337
exit |
Change the addressing and configure VRRP on the Bridge:| Блок кода |
|---|
no bridge 1
no bridge 3
bridge 1
vlan 2449
security-zone trusted
ip address 192.168.1.3/24
vrrp priority 110
vrrp id 1
vrrp ip 192.168.1.1/32
vrrp group 1
vrrp preempt disable
vrrp timers garp refresh 60
vrrp
no spanning-tree
enable
exit
bridge 3
vlan 3
mtu 1458
security-zone users
ip address 192.168.2.3/24
vrrp priority 110
vrrp id 3
vrrp ip 192.168.2.1/32
vrrp group 1
vrrp preempt disable
vrrp timers garp refresh 60
vrrp
no spanning-tree
enable
exit
|
Configure Crypto-Sync for certificate synchronization:
| Блок кода |
|---|
crypto-sync
local-address 192.168.1.3
remote-address 192.168.1.2
vrrp-group 1
remote-delete
enable
exit |
Configure Softgre-Controller for SoftGRE tunnels synchronization:
| Блок кода |
|---|
softgre-controller
peer-address 192.168.1.2
vrrp-group 1
exit |
Configure softgre-tunnel for synchronization, vrrp-ip address is specified as local address:| Блок кода |
|---|
tunnel softgre 1
mode data
local address 192.168.1.1
default-profile
enable
exit |
Configure WLC for AP synchronization:
| Блок кода |
|---|
wlc
failover
local-address 192.168.1.3
remote-address 192.168.1.2
vrrp-group 1
enable
exit
exit |
Configure Firewall rules, allow VRRP protocol and ports for tunnel and certificate synchronization:
| Блок кода |
|---|
security zone-pair trusted self
rule 11
action permit
match protocol vrrp
enable
exit
rule 12
action permit
match protocol tcp
match destination-port softgre_controller
enable
exit
rule 13
action permit
match protocol tcp
match destination-port sync
enable
exit
exit
security zone-pair users self
rule 11
action permit
match protocol vrrp
enable
exit
exit |
Configure DHCP server:| Блок кода |
|---|
no ip dhcp-server pool users-pool
no ip dhcp-server pool ap-pool
ip dhcp-server pool ap-pool
network 192.168.1.0/24
address-range 192.168.1.4-192.168.1.254
default-router 192.168.1.1
dns-server 192.168.1.1
option 42 ip-address 192.168.1.1
vendor-specific
suboption 12 ascii-text "192.168.1.1"
suboption 15 ascii-text "https://192.168.1.1:8043"
exit
exit
ip dhcp-server pool users-pool
network 192.168.2.0/24
address-range 192.168.2.4-192.168.2.254
default-router 192.168.2.1
dns-server 192.168.2.1
exit |
Configure DHCP Failover:
| Блок кода |
|---|
ip dhcp-server failover
mode active-standby
local-address 192.168.1.3
remote-address 192.168.1.2
vrrp-group 1
enable
exit |
Create a user in local Radius server:
| Блок кода |
|---|
radius-server local
domain default
user test
password ascii-text 12345678
exit
exit
exit |
Commit and confirm the configuration:
| Блок кода |
|---|
wlc-2# commit
wlc-2# confirm |
...
