Cisco Aironet Beispiele
Zur Navigation springen
Zur Suche springen
WLAN (WPA2/TKIP)
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname <hostname> ! enable secret <enable-secret-password> ! ip subnet-zero no ip domain lookup ! no aaa new-model dot11 syslog ! dot11 ssid <SSID-NAME> authentication open authentication key-management wpa guest-mode wpa-psk ascii <preshared-key> ! username <username-insert> password <password-insert> ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache no shut shutdown ! encryption mode ciphers aes-ccm ! ssid <SSID-NAME> ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2467 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.2.3 255.255.255.224 no ip route-cache ! ip default-gateway 192.168.2.1 no ip http server no ip http secure-server ip http help-path http://www.cisco.com...config/help/eag ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any bridge 1 route ip ! ! ! line con 0 line vty 0 4 session-timeout 5 access-class 1 in login local transport input ssh line vty 5 15 session-timeout 5 access-class 1 in login local transport input ssh !
2,4GHz Band zwei SSIDs senden, Data und Voice VLANS getrennt und auf dem 5GHz Band nur die SSID des Data VLAN.
Aironet-3702i#sh run
Building configuration...
Current configuration : 7831 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Aironet-3702i
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone +0100 1 0
no ip cef
ip domain name XXXXXX.home.com
ip name-server 192.168.250.1
ip name-server 8.8.8.8
!
!
!
!
dot11 syslog
dot11 vlan-name Data vlan 11
!
dot11 ssid Storm_Data
vlan 11
authentication open
authentication key-management wpa version 2
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 XXXXXX
!
!
dot11 arp-cache
dot11 phone
dot11 guest
!
!
crypto pki trustpoint TP-self-signed-2052614716
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2052614716
revocation-check none
rsakeypair TP-self-signed-2052614716
!
!
crypto pki certificate chain TP-self-signed-2052614716
certificate self-signed 01
3082022B .. ..
quit
username XXXXXX privilege 15 secret 5 XXXXXX
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
!
!
!
class-map match-all _class_COS-MARKING10
match ip dscp af42
class-map match-all _class_COS-MARKING11
match ip dscp af41
class-map match-all _class_COS-MARKING9
match ip dscp af43
class-map match-all _class_COS-MARKING8
match ip dscp cs4
class-map match-all _class_COS-MARKING1
match ip dscp ef
class-map match-all _class_COS-MARKING0
match ip precedence 6
class-map match-all _class_COS-MARKING3
match ip precedence 7
class-map match-all _class_COS-MARKING2
match ip dscp cs6
class-map match-all _class_COS-MARKING5
match ip precedence 5
class-map match-all _class_COS-MARKING4
match ip dscp cs7
class-map match-all _class_COS-MARKING7
match ip precedence 4
class-map match-all _class_COS-MARKING6
match ip dscp cs5
!
policy-map COS-MARKING
class _class_COS-MARKING0
set cos 6
class _class_COS-MARKING1
set cos 6
class _class_COS-MARKING2
set cos 6
class _class_COS-MARKING3
set cos 7
class _class_COS-MARKING4
set cos 7
class _class_COS-MARKING5
set cos 5
class _class_COS-MARKING6
set cos 5
class _class_COS-MARKING7
set cos 4
class _class_COS-MARKING8
set cos 4
class _class_COS-MARKING9
set cos 4
class _class_COS-MARKING10
set cos 4
class _class_COS-MARKING11
set cos 4
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 11 mode ciphers aes-ccm
!
ssid Storm_Data
!
antenna gain 0
traffic-stream priority 6 sta-rates nom-5.5 nom-11.0 nom-6.0 nom-12.0 nom-24.0
stbc
power local 10
power client 10
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
packet speed 5.5 11.0 6.0 12.0 24.0 priority 6
station-role root
dot11 qos class video local
admission-control
admit-traffic signaling infinite
!
dot11 qos class voice local
admission-control
admit-traffic narrowband max-channel 75 roam-channel 6
!
dot11 qos class video cell
admission-control
!
dot11 qos class voice cell
admission-control
!
!
interface Dot11Radio0.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 11 mode ciphers aes-ccm
!
ssid Storm_Data
!
antenna gain 0
peakdetect
no dfs band block
traffic-stream priority 6 sta-rates nom-6.0 nom-12.0 nom-24.0
stbc
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss7 a2ss7 a3ssnone
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
channel dfs
station-role root
dot11 qos class video local
admission-control
admit-traffic signaling infinite
!
dot11 qos class voice local
admission-control
admit-traffic narrowband max-channel 75 roam-channel 6
!
dot11 qos class video cell
admission-control
!
dot11 qos class voice cell
admission-control
!
!
interface Dot11Radio1.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description Management-Interface
ip address 192.168.11.5 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
snmp-server community defaultCommunity RW
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
bridge 1 route ip
!
!
banner login ^C
********************************************************
* *
* PRIVAT PROPERTY, DO NOT ENTER *
* *
********************************************************
^C
!
line con 0
logging synchronous
line vty 0 4
transport input all
!
sntp server 192.53.103.108
sntp broadcast client
end
Aironet-3702i#