===== Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242 ===== ==== Настройка одного ssid ==== Подключаюсь консолью (9600) удаляю старые настройки и перегружаю erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete reload После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). enable Смотрю IP настроенные в точке доступа sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES other up up Dot11Radio0 unassigned YES unset administratively down down Dot11Radio1 unassigned YES unset administratively down down FastEthernet0 unassigned YES other up up или sh ip aliases Address Type IP Address Port Interface 10.215.130.124 Отключаю функцию поиска по DNS no ip domain lookup Отключаю web (config)#no ip http server При необходимости меняю адрес #configure terminal (config)#interface BVI1 (config-if)#ip address 192.168.0.100 255.255.255.0 (config-if)#exit (config)#exit Задаю имя точки доступа, пароль на вход и enable режим #configure terminal (config)#hostname ИМЯ (config)#enable secret PASSWORD1 (config)#username USER privilege 15 secret PASSWORD2 или так (config)#username USER privilege 15 password PASSWORD2 Удаляю пользователя Cisco или не удаляю :) (config)#no username Cisco (config)#exit Настройка SSID #configure terminal (config)#dot11 ssid NAME1 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#guest-mode (config-ssid)#wpa-psk ascii 0 KEY (config-ssid)#exit (config)#dot11 ssid NAME2 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#guest-mode (config-ssid)#wpa-psk ascii 0 KEY (config-ssid)#exit Настройка радио-интерфейсов #configure terminal (config)#interface Dot11Radio0 (config-if)#encryption mode ciphers aes-ccm (config-if)#ssid NAME1 (config-if)#speed basic-54.0 54.0 (config-if)#channel 2412 (config-if)#station-role root access-point (config-if)#no shutdown (config-if)#exit #configure terminal (config)#interface Dot11Radio1 (config-if)#encryption mode ciphers aes-ccm (config-if)#ssid NAME2 (config-if)#speed basic-54.0 54.0 (config-if)#channel 5260 (1242 только dfs) (config-if)#station-role root access-point (config-if)#no shutdown (config-if)#exit (config)#exit #write memory Проверка подключенных клиентов #show dot11 statistics client-traffic Dot11Radio0: -- Client Statistics ---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL Client-ACL WebAuth-ACL L2-ACL RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail (Client) MaxPri DefUniPri DefMultPri WiredProt IP Address Pauses Idle RateTx RateDataTx RSC Video Report: Cnt Rate Retries/Tot 8021x auth in prog 0 allowed 0 AID Hold list Dot11Radio1: -- Client Statistics ---Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL Client-ACL WebAuth-ACL L2-ACL 001e.65ab.77e6 1 1 00 40140 000 07E 5 0-0 (0) 0180 200 0-10 00FF000000000000000 006C 048 - - - - - RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail 001e.65ab.77e6 84 15 0 0 0 0 19 2 11 63 35 0 0 Tx Params Pri BA TxLt 001e.65ab.77e6 0 0 4 001e.65ab.77e6 1 0 4 001e.65ab.77e6 2 0 4 001e.65ab.77e6 3 0 4 001e.65ab.77e6 4 0 4 001e.65ab.77e6 5 0 4 001e.65ab.77e6 6 0 4 001e.65ab.77e6 7 0 4 (Client) MaxPri DefUniPri DefMultPri WiredProt 001e.65ab.77e6 0 0 0 0 IP Address Pauses Idle RateTx RateDataTx RSC 001e.65ab.77e6 10.215.130.202 00000 000000 0 0 [0]0x51 [6]0x32 Video Report: Cnt Rate Retries/Tot 8021x auth in prog 0 allowed 0 ==== Настройка multi ssid ==== Подключаюсь консолью (9600) удаляю старые настройки и перегружаю #erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete #reload Proceed with reload? [confirm] После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы). enable Смотрю IP настроенные в точке доступа >sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES other up up Dot11Radio0 unassigned YES unset administratively down down Dot11Radio1 unassigned YES unset administratively down down FastEthernet0 unassigned YES other up up При необходимости меняю адрес >enable Password: #configure terminal Enter configuration commands, one per line. End with CNTL/Z. (config)#interface BVI1 (config-if)#ip address 192.168.0.100 255.255.255.0 (config-if)#ex Отключаю функцию поиска по DNS (config)#no ip domain lookup Отключаю web (config)#no ip http server Задаю имя точки доступа, пароль на вход и enable режим #conf t (config)#hostname ИМЯ (config)#enable secret PASSWORD1 (config)#username USER privilege 15 secret PASSWORD2 или так (config)#username USER privilege 15 password PASSWORD2 Настройка SSID (config)#dot11 ssid NAME1 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#wpa-psk ascii 7 хэш пароля или (config-ssid)#wpa-psk ascii 0 пароль (config-ssid)#vlan 1 (config-ssid)#mbssid guest-mode (config-ssid)#exit (config)#dot11 ssid NAME2 (config-ssid)#authentication open (config-ssid)#authentication key-management wpa (config-ssid)#wpa-psk ascii 0 пароль (config-ssid)#vlan 3 (config-ssid)#mbssid guest-mode (config-ssid)#ex Настраиваю радио интерфейс для первого вэлана (config)#int d0.1 (config-subif)#encapsulation dot1Q 1 native (config-subif)#bridge-group 1 (config-subif)#ex Настраиваю радио интерфейс для третьего вэлана (config)#int d0.3 (config-subif)#encapsulation dot1Q 3 (config-subif)#bridge-group 3 (config-subif)#ex Настраиваю сетевые интерфейсы под вэланы (config)#int fastEthernet 0.1 (config-subif)#encapsulation dot1Q 1 native (config-subif)#bridge-group 1 (config-subif)#ex (config)#int fastEthernet 0.3 (config-subif)#encapsulation dot1Q 3 (config-subif)#bridge-group 3 (config-subif)#ex (config)#ex Проверяю что получилось #sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 192.168.0.100 YES NVRAM up up Dot11Radio0 unassigned YES NVRAM administratively down down Dot11Radio0.1 unassigned YES unset administratively down down Dot11Radio0.3 unassigned YES unset administratively down down Dot11Radio1 unassigned YES NVRAM administratively down down FastEthernet0 unassigned YES NVRAM up up FastEthernet0.1 unassigned YES unset up up FastEthernet0.3 unassigned YES unset up up Настраиваю радио интерфейс для мульти ssid #conf t (config)#int d0 (config-if)#mbssid (config-if)#encryption vlan 1 mode ciphers aes-ccm (config-if)#encryption vlan 3 mode ciphers aes-ccm (config-if)#ssid My-WI-FI (config-if)#ssid banana (config-if)#channel 2457 (config-if)#no shutdown #sh ip interface br Interface IP-Address OK? Method Status Protocol BVI1 10.215.130.124 YES NVRAM up up Dot11Radio0 unassigned YES NVRAM up up Dot11Radio0.1 unassigned YES unset up up Dot11Radio0.3 unassigned YES unset up up Dot11Radio1 unassigned YES NVRAM administratively down down FastEthernet0 unassigned YES NVRAM up up FastEthernet0.1 unassigned YES unset up up FastEthernet0.3 unassigned YES unset up up garage# garage#sh running-config Building configuration... Просмотр подключенных клиентов sh dot11 associations all-client Address : ace3.4265.d64e Name : NONE IP Address : 10.215.130.195 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : My-WI-FI VLAN : 1 Hops to Infra : 1 Association Id : 2 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PS Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Signal Strength : -67 dBm Connected for : 23 seconds Signal to Noise : 29 dB Activity Timeout : 60 seconds Power-save : On Last Activity : 0 seconds ago Apsd DE AC(s) : NONE Packets Input : 172 Packets Output : 100 Bytes Input : 16567 Bytes Output : 13117 Duplicates Rcvd : 0 Data Retries : 10 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never Address : a020.a611.c946 Name : NONE IP Address : 192.168.100.102 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : banana VLAN : 3 Hops to Infra : 1 Association Id : 1 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PS Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Signal Strength : -70 dBm Connected for : 283 seconds Signal to Noise : 30 dB Activity Timeout : 51 seconds Power-save : Off Last Activity : 9 seconds ago Apsd DE AC(s) : NONE Packets Input : 158 Packets Output : 158 Bytes Input : 18282 Bytes Output : 15776 Duplicates Rcvd : 0 Data Retries : 66 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never ==== Ссылки: ==== http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9\\ https://study-ccna.com/encrypt-local-usernames-and-passwords\\ https://www.youtube.com/watch?v=zSX3ekJmPtI\\ http://maxblogs.ru/articles/nastroika-dvukh-ssid-na-tochke-dostupa-wifi-ot-cisco