Cisco Aironet Beispiele: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=WLAN (WPA2/TKIP)= <pre> no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname <hos…“) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 84: | Zeile 84: | ||
! | ! | ||
| + | </pre> | ||
| + | |||
| + | =2,4GHz Band zwei SSIDs senden, Data und Voice VLANS getrennt und auf dem 5GHz Band nur die SSID des Data VLAN.= | ||
| + | |||
| + | <pre> | ||
| + | Aironet-3702i#sh run | ||
| + | Building configuration... | ||
| + | |||
| + | Current configuration : 7831 bytes | ||
| + | ! | ||
| + | version 15.2 | ||
| + | no service pad | ||
| + | service timestamps debug datetime msec | ||
| + | service timestamps log datetime msec | ||
| + | service password-encryption | ||
| + | ! | ||
| + | hostname Aironet-3702i | ||
| + | ! | ||
| + | ! | ||
| + | logging rate-limit console 9 | ||
| + | ! | ||
| + | aaa new-model | ||
| + | ! | ||
| + | ! | ||
| + | aaa group server radius rad_eap | ||
| + | ! | ||
| + | aaa group server radius rad_mac | ||
| + | ! | ||
| + | aaa group server radius rad_acct | ||
| + | ! | ||
| + | aaa group server radius rad_admin | ||
| + | ! | ||
| + | aaa group server tacacs+ tac_admin | ||
| + | ! | ||
| + | aaa group server radius rad_pmip | ||
| + | ! | ||
| + | aaa group server radius dummy | ||
| + | ! | ||
| + | aaa authentication login default local | ||
| + | aaa authentication login eap_methods group rad_eap | ||
| + | aaa authentication login mac_methods local | ||
| + | aaa authorization exec default local | ||
| + | aaa accounting network acct_methods start-stop group rad_acct | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | aaa session-id common | ||
| + | clock timezone +0100 1 0 | ||
| + | no ip cef | ||
| + | ip domain name XXXXXX.home.com | ||
| + | ip name-server 192.168.250.1 | ||
| + | ip name-server 8.8.8.8 | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | dot11 syslog | ||
| + | dot11 vlan-name Data vlan 11 | ||
| + | ! | ||
| + | dot11 ssid Storm_Data | ||
| + | vlan 11 | ||
| + | authentication open | ||
| + | authentication key-management wpa version 2 | ||
| + | guest-mode | ||
| + | infrastructure-ssid optional | ||
| + | wpa-psk ascii 7 XXXXXX | ||
| + | ! | ||
| + | ! | ||
| + | dot11 arp-cache | ||
| + | dot11 phone | ||
| + | dot11 guest | ||
| + | ! | ||
| + | ! | ||
| + | crypto pki trustpoint TP-self-signed-2052614716 | ||
| + | enrollment selfsigned | ||
| + | subject-name cn=IOS-Self-Signed-Certificate-2052614716 | ||
| + | revocation-check none | ||
| + | rsakeypair TP-self-signed-2052614716 | ||
| + | ! | ||
| + | ! | ||
| + | crypto pki certificate chain TP-self-signed-2052614716 | ||
| + | certificate self-signed 01 | ||
| + | 3082022B .. .. | ||
| + | quit | ||
| + | username XXXXXX privilege 15 secret 5 XXXXXX | ||
| + | username XXXXXX password 7 XXXXXX | ||
| + | username XXXXXX autocommand exit | ||
| + | username XXXXXX password 7 XXXXXX | ||
| + | username XXXXXX autocommand exit | ||
| + | username XXXXXX password 7 XXXXXX | ||
| + | username XXXXXX autocommand exit | ||
| + | username XXXXXX password 7 XXXXXX | ||
| + | username XXXXXX autocommand exit | ||
| + | username XXXXXX password 7 XXXXXX | ||
| + | username XXXXXX autocommand exit | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | class-map match-all _class_COS-MARKING10 | ||
| + | match ip dscp af42 | ||
| + | class-map match-all _class_COS-MARKING11 | ||
| + | match ip dscp af41 | ||
| + | class-map match-all _class_COS-MARKING9 | ||
| + | match ip dscp af43 | ||
| + | class-map match-all _class_COS-MARKING8 | ||
| + | match ip dscp cs4 | ||
| + | class-map match-all _class_COS-MARKING1 | ||
| + | match ip dscp ef | ||
| + | class-map match-all _class_COS-MARKING0 | ||
| + | match ip precedence 6 | ||
| + | class-map match-all _class_COS-MARKING3 | ||
| + | match ip precedence 7 | ||
| + | class-map match-all _class_COS-MARKING2 | ||
| + | match ip dscp cs6 | ||
| + | class-map match-all _class_COS-MARKING5 | ||
| + | match ip precedence 5 | ||
| + | class-map match-all _class_COS-MARKING4 | ||
| + | match ip dscp cs7 | ||
| + | class-map match-all _class_COS-MARKING7 | ||
| + | match ip precedence 4 | ||
| + | class-map match-all _class_COS-MARKING6 | ||
| + | match ip dscp cs5 | ||
| + | ! | ||
| + | policy-map COS-MARKING | ||
| + | class _class_COS-MARKING0 | ||
| + | set cos 6 | ||
| + | class _class_COS-MARKING1 | ||
| + | set cos 6 | ||
| + | class _class_COS-MARKING2 | ||
| + | set cos 6 | ||
| + | class _class_COS-MARKING3 | ||
| + | set cos 7 | ||
| + | class _class_COS-MARKING4 | ||
| + | set cos 7 | ||
| + | class _class_COS-MARKING5 | ||
| + | set cos 5 | ||
| + | class _class_COS-MARKING6 | ||
| + | set cos 5 | ||
| + | class _class_COS-MARKING7 | ||
| + | set cos 4 | ||
| + | class _class_COS-MARKING8 | ||
| + | set cos 4 | ||
| + | class _class_COS-MARKING9 | ||
| + | set cos 4 | ||
| + | class _class_COS-MARKING10 | ||
| + | set cos 4 | ||
| + | class _class_COS-MARKING11 | ||
| + | set cos 4 | ||
| + | ! | ||
| + | bridge irb | ||
| + | ! | ||
| + | ! | ||
| + | ! | ||
| + | interface Dot11Radio0 | ||
| + | no ip address | ||
| + | ! | ||
| + | encryption mode ciphers aes-ccm | ||
| + | ! | ||
| + | encryption vlan 11 mode ciphers aes-ccm | ||
| + | ! | ||
| + | ssid Storm_Data | ||
| + | ! | ||
| + | antenna gain 0 | ||
| + | traffic-stream priority 6 sta-rates nom-5.5 nom-11.0 nom-6.0 nom-12.0 nom-24.0 | ||
| + | stbc | ||
| + | power local 10 | ||
| + | power client 10 | ||
| + | packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet | ||
| + | packet speed 5.5 11.0 6.0 12.0 24.0 priority 6 | ||
| + | station-role root | ||
| + | dot11 qos class video local | ||
| + | admission-control | ||
| + | admit-traffic signaling infinite | ||
| + | ! | ||
| + | dot11 qos class voice local | ||
| + | admission-control | ||
| + | admit-traffic narrowband max-channel 75 roam-channel 6 | ||
| + | ! | ||
| + | dot11 qos class video cell | ||
| + | admission-control | ||
| + | ! | ||
| + | dot11 qos class voice cell | ||
| + | admission-control | ||
| + | ! | ||
| + | ! | ||
| + | interface Dot11Radio0.11 | ||
| + | encapsulation dot1Q 11 native | ||
| + | bridge-group 1 | ||
| + | bridge-group 1 subscriber-loop-control | ||
| + | bridge-group 1 spanning-disabled | ||
| + | bridge-group 1 block-unknown-source | ||
| + | no bridge-group 1 source-learning | ||
| + | no bridge-group 1 unicast-flooding | ||
| + | ! | ||
| + | interface Dot11Radio1 | ||
| + | no ip address | ||
| + | ! | ||
| + | encryption mode ciphers aes-ccm | ||
| + | ! | ||
| + | encryption vlan 11 mode ciphers aes-ccm | ||
| + | ! | ||
| + | ssid Storm_Data | ||
| + | ! | ||
| + | antenna gain 0 | ||
| + | peakdetect | ||
| + | no dfs band block | ||
| + | traffic-stream priority 6 sta-rates nom-6.0 nom-12.0 nom-24.0 | ||
| + | stbc | ||
| + | speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss7 a2ss7 a3ssnone | ||
| + | packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet | ||
| + | channel dfs | ||
| + | station-role root | ||
| + | dot11 qos class video local | ||
| + | admission-control | ||
| + | admit-traffic signaling infinite | ||
| + | ! | ||
| + | dot11 qos class voice local | ||
| + | admission-control | ||
| + | admit-traffic narrowband max-channel 75 roam-channel 6 | ||
| + | ! | ||
| + | dot11 qos class video cell | ||
| + | admission-control | ||
| + | ! | ||
| + | dot11 qos class voice cell | ||
| + | admission-control | ||
| + | ! | ||
| + | ! | ||
| + | interface Dot11Radio1.11 | ||
| + | encapsulation dot1Q 11 native | ||
| + | bridge-group 1 | ||
| + | bridge-group 1 subscriber-loop-control | ||
| + | bridge-group 1 spanning-disabled | ||
| + | bridge-group 1 block-unknown-source | ||
| + | no bridge-group 1 source-learning | ||
| + | no bridge-group 1 unicast-flooding | ||
| + | ! | ||
| + | interface GigabitEthernet0 | ||
| + | no ip address | ||
| + | duplex auto | ||
| + | speed auto | ||
| + | ! | ||
| + | interface GigabitEthernet0.11 | ||
| + | encapsulation dot1Q 11 native | ||
| + | bridge-group 1 | ||
| + | bridge-group 1 spanning-disabled | ||
| + | no bridge-group 1 source-learning | ||
| + | ! | ||
| + | interface BVI1 | ||
| + | description Management-Interface | ||
| + | ip address 192.168.11.5 255.255.255.0 | ||
| + | ipv6 address dhcp | ||
| + | ipv6 address autoconfig | ||
| + | ipv6 enable | ||
| + | ! | ||
| + | ip forward-protocol nd | ||
| + | no ip http server | ||
| + | ip http authentication aaa | ||
| + | ip http secure-server | ||
| + | ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag | ||
| + | ip radius source-interface BVI1 | ||
| + | ! | ||
| + | ! | ||
| + | snmp-server community defaultCommunity RW | ||
| + | radius-server attribute 32 include-in-access-req format %h | ||
| + | radius-server vsa send accounting | ||
| + | ! | ||
| + | bridge 1 route ip | ||
| + | ! | ||
| + | ! | ||
| + | banner login ^C | ||
| + | ******************************************************** | ||
| + | * * | ||
| + | * PRIVAT PROPERTY, DO NOT ENTER * | ||
| + | * * | ||
| + | ******************************************************** | ||
| + | ^C | ||
| + | ! | ||
| + | line con 0 | ||
| + | logging synchronous | ||
| + | line vty 0 4 | ||
| + | transport input all | ||
| + | ! | ||
| + | sntp server 192.53.103.108 | ||
| + | sntp broadcast client | ||
| + | end | ||
| + | |||
| + | Aironet-3702i# | ||
</pre> | </pre> | ||
Aktuelle Version vom 17. Februar 2016, 22:48 Uhr
WLAN (WPA2/TKIP)
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname <hostname> ! enable secret <enable-secret-password> ! ip subnet-zero no ip domain lookup ! no aaa new-model dot11 syslog ! dot11 ssid <SSID-NAME> authentication open authentication key-management wpa guest-mode wpa-psk ascii <preshared-key> ! username <username-insert> password <password-insert> ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache no shut shutdown ! encryption mode ciphers aes-ccm ! ssid <SSID-NAME> ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2467 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.2.3 255.255.255.224 no ip route-cache ! ip default-gateway 192.168.2.1 no ip http server no ip http secure-server ip http help-path http://www.cisco.com...config/help/eag ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 deny any bridge 1 route ip ! ! ! line con 0 line vty 0 4 session-timeout 5 access-class 1 in login local transport input ssh line vty 5 15 session-timeout 5 access-class 1 in login local transport input ssh !
2,4GHz Band zwei SSIDs senden, Data und Voice VLANS getrennt und auf dem 5GHz Band nur die SSID des Data VLAN.
Aironet-3702i#sh run
Building configuration...
Current configuration : 7831 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Aironet-3702i
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone +0100 1 0
no ip cef
ip domain name XXXXXX.home.com
ip name-server 192.168.250.1
ip name-server 8.8.8.8
!
!
!
!
dot11 syslog
dot11 vlan-name Data vlan 11
!
dot11 ssid Storm_Data
vlan 11
authentication open
authentication key-management wpa version 2
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 XXXXXX
!
!
dot11 arp-cache
dot11 phone
dot11 guest
!
!
crypto pki trustpoint TP-self-signed-2052614716
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2052614716
revocation-check none
rsakeypair TP-self-signed-2052614716
!
!
crypto pki certificate chain TP-self-signed-2052614716
certificate self-signed 01
3082022B .. ..
quit
username XXXXXX privilege 15 secret 5 XXXXXX
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
username XXXXXX password 7 XXXXXX
username XXXXXX autocommand exit
!
!
!
class-map match-all _class_COS-MARKING10
match ip dscp af42
class-map match-all _class_COS-MARKING11
match ip dscp af41
class-map match-all _class_COS-MARKING9
match ip dscp af43
class-map match-all _class_COS-MARKING8
match ip dscp cs4
class-map match-all _class_COS-MARKING1
match ip dscp ef
class-map match-all _class_COS-MARKING0
match ip precedence 6
class-map match-all _class_COS-MARKING3
match ip precedence 7
class-map match-all _class_COS-MARKING2
match ip dscp cs6
class-map match-all _class_COS-MARKING5
match ip precedence 5
class-map match-all _class_COS-MARKING4
match ip dscp cs7
class-map match-all _class_COS-MARKING7
match ip precedence 4
class-map match-all _class_COS-MARKING6
match ip dscp cs5
!
policy-map COS-MARKING
class _class_COS-MARKING0
set cos 6
class _class_COS-MARKING1
set cos 6
class _class_COS-MARKING2
set cos 6
class _class_COS-MARKING3
set cos 7
class _class_COS-MARKING4
set cos 7
class _class_COS-MARKING5
set cos 5
class _class_COS-MARKING6
set cos 5
class _class_COS-MARKING7
set cos 4
class _class_COS-MARKING8
set cos 4
class _class_COS-MARKING9
set cos 4
class _class_COS-MARKING10
set cos 4
class _class_COS-MARKING11
set cos 4
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 11 mode ciphers aes-ccm
!
ssid Storm_Data
!
antenna gain 0
traffic-stream priority 6 sta-rates nom-5.5 nom-11.0 nom-6.0 nom-12.0 nom-24.0
stbc
power local 10
power client 10
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
packet speed 5.5 11.0 6.0 12.0 24.0 priority 6
station-role root
dot11 qos class video local
admission-control
admit-traffic signaling infinite
!
dot11 qos class voice local
admission-control
admit-traffic narrowband max-channel 75 roam-channel 6
!
dot11 qos class video cell
admission-control
!
dot11 qos class voice cell
admission-control
!
!
interface Dot11Radio0.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm
!
encryption vlan 11 mode ciphers aes-ccm
!
ssid Storm_Data
!
antenna gain 0
peakdetect
no dfs band block
traffic-stream priority 6 sta-rates nom-6.0 nom-12.0 nom-24.0
stbc
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. a1ss7 a2ss7 a3ssnone
packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
channel dfs
station-role root
dot11 qos class video local
admission-control
admit-traffic signaling infinite
!
dot11 qos class voice local
admission-control
admit-traffic narrowband max-channel 75 roam-channel 6
!
dot11 qos class video cell
admission-control
!
dot11 qos class voice cell
admission-control
!
!
interface Dot11Radio1.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.11
encapsulation dot1Q 11 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
description Management-Interface
ip address 192.168.11.5 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
snmp-server community defaultCommunity RW
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
bridge 1 route ip
!
!
banner login ^C
********************************************************
* *
* PRIVAT PROPERTY, DO NOT ENTER *
* *
********************************************************
^C
!
line con 0
logging synchronous
line vty 0 4
transport input all
!
sntp server 192.53.103.108
sntp broadcast client
end
Aironet-3702i#