Содержание

Настройка точки доступа Cisco AIR-LAP1142, AIR-LAP1242

Настройка одного ssid

Подключаюсь консолью (9600) удаляю старые настройки и перегружаю

erase nvram:
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
reload

После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы).

enable

Смотрю IP настроенные в точке доступа

sh ip interface br
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.215.130.124  YES other  up                    up
Dot11Radio0                unassigned      YES unset  administratively down down
Dot11Radio1                unassigned      YES unset  administratively down down
FastEthernet0              unassigned      YES other  up                    up
или
sh ip aliases
Address Type             IP Address      Port
Interface                10.215.130.124

Отключаю функцию поиска по DNS

no ip domain lookup

Отключаю web

(config)#no ip http server

При необходимости меняю адрес

#configure terminal
(config)#interface BVI1
(config-if)#ip address 192.168.0.100 255.255.255.0
(config-if)#exit
(config)#exit

Задаю имя точки доступа, пароль на вход и enable режим

#configure terminal
(config)#hostname ИМЯ
(config)#enable secret PASSWORD1
(config)#username USER privilege 15 secret PASSWORD2

или так

(config)#username USER privilege 15 password PASSWORD2

Удаляю пользователя Cisco или не удаляю :)

(config)#no username Cisco
(config)#exit

Настройка SSID

#configure terminal
(config)#dot11 ssid NAME1
(config-ssid)#authentication open
(config-ssid)#authentication key-management wpa
(config-ssid)#guest-mode
(config-ssid)#wpa-psk ascii 0 KEY
(config-ssid)#exit
(config)#dot11 ssid NAME2
(config-ssid)#authentication open
(config-ssid)#authentication key-management wpa
(config-ssid)#guest-mode
(config-ssid)#wpa-psk ascii 0 KEY
(config-ssid)#exit

Настройка радио-интерфейсов

#configure terminal
(config)#interface Dot11Radio0
(config-if)#encryption mode ciphers aes-ccm
(config-if)#ssid NAME1
(config-if)#speed basic-54.0 54.0
(config-if)#channel 2412
(config-if)#station-role root access-point
(config-if)#no shutdown
(config-if)#exit
#configure terminal
(config)#interface Dot11Radio1
(config-if)#encryption mode ciphers aes-ccm
(config-if)#ssid NAME2
(config-if)#speed basic-54.0 54.0
(config-if)#channel 5260 (1242 только dfs) 
(config-if)#station-role root access-point
(config-if)#no shutdown
(config-if)#exit
(config)#exit
#write memory

Проверка подключенных клиентов

#show dot11 statistics client-traffic

Dot11Radio0: -- Client Statistics
---Clients 0  AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key  Rate  Mask Tx   Rx             BVI   Split-ACL 
Client-ACL WebAuth-ACL L2-ACL
                 RxPkts KBytes  Dup Dec Mic Txc  TxPkts  KBytes  Retry RSSI SNR Fail BAfail
               (Client) MaxPri DefUniPri DefMultPri WiredProt
               IP Address      Pauses  Idle   RateTx   RateDataTx   RSC
Video Report:  Cnt  Rate  Retries/Tot
8021x auth in prog 0 allowed 0

AID Hold list


Dot11Radio1: -- Client Statistics
---Clients 0  AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key  Rate  Mask Tx   Rx             BVI   Split-ACL 
Client-ACL WebAuth-ACL L2-ACL
001e.65ab.77e6    1    1 00 40140 000 07E 5    0-0 (0) 0180 200 0-10 00FF000000000000000  006C 048 - -          -          
-            -
                 RxPkts KBytes  Dup Dec Mic Txc  TxPkts  KBytes  Retry RSSI SNR Fail BAfail
001e.65ab.77e6       84     15    0   0   0   0       19       2     11   63  35    0    0
    Tx Params  Pri BA TxLt
001e.65ab.77e6   0   0   4
001e.65ab.77e6   1   0   4
001e.65ab.77e6   2   0   4
001e.65ab.77e6   3   0   4
001e.65ab.77e6   4   0   4
001e.65ab.77e6   5   0   4
001e.65ab.77e6   6   0   4
001e.65ab.77e6   7   0   4
               (Client) MaxPri DefUniPri DefMultPri WiredProt
001e.65ab.77e6             0          0           0          0
               IP Address      Pauses  Idle   RateTx   RateDataTx   RSC
001e.65ab.77e6 10.215.130.202  00000 000000      0      0 [0]0x51 [6]0x32
Video Report:  Cnt  Rate  Retries/Tot
8021x auth in prog 0 allowed 0

Настройка multi ssid

Подключаюсь консолью (9600) удаляю старые настройки и перегружаю

#erase nvram:
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
#reload
Proceed with reload? [confirm]

После перезагрузки вхожу в режим конфигурирования. Пароль Cisco (с большой буквы).

enable

Смотрю IP настроенные в точке доступа

>sh ip interface br
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.215.130.124  YES other  up                    up
Dot11Radio0                unassigned      YES unset  administratively down down
Dot11Radio1                unassigned      YES unset  administratively down down
FastEthernet0              unassigned      YES other  up                    up

При необходимости меняю адрес

>enable
Password:
#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
(config)#interface BVI1
(config-if)#ip address 192.168.0.100 255.255.255.0
(config-if)#ex

Отключаю функцию поиска по DNS

(config)#no ip domain lookup

Отключаю web

(config)#no ip http server

Задаю имя точки доступа, пароль на вход и enable режим

#conf t
(config)#hostname ИМЯ
(config)#enable secret PASSWORD1
(config)#username USER privilege 15 secret PASSWORD2

или так

(config)#username USER privilege 15 password PASSWORD2

Настройка SSID

(config)#dot11 ssid NAME1
(config-ssid)#authentication open
(config-ssid)#authentication key-management wpa
(config-ssid)#wpa-psk ascii 7 хэш пароля
или
(config-ssid)#wpa-psk ascii 0 пароль
(config-ssid)#vlan 1
(config-ssid)#mbssid guest-mode
(config-ssid)#exit
(config)#dot11 ssid NAME2
(config-ssid)#authentication open
(config-ssid)#authentication key-management wpa
(config-ssid)#wpa-psk ascii 0 пароль
(config-ssid)#vlan 3
(config-ssid)#mbssid guest-mode
(config-ssid)#ex

Настраиваю радио интерфейс для первого вэлана

(config)#int d0.1
(config-subif)#encapsulation dot1Q 1 native
(config-subif)#bridge-group 1
(config-subif)#ex

Настраиваю радио интерфейс для третьего вэлана

(config)#int d0.3
(config-subif)#encapsulation dot1Q 3
(config-subif)#bridge-group 3
(config-subif)#ex

Настраиваю сетевые интерфейсы под вэланы

(config)#int fastEthernet 0.1
(config-subif)#encapsulation dot1Q 1 native
(config-subif)#bridge-group 1
(config-subif)#ex
(config)#int fastEthernet 0.3
(config-subif)#encapsulation dot1Q 3
(config-subif)#bridge-group 3
(config-subif)#ex
(config)#ex

Проверяю что получилось

#sh ip interface br
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       192.168.0.100  YES NVRAM  up                    up
Dot11Radio0                unassigned      YES NVRAM  administratively down down
Dot11Radio0.1              unassigned      YES unset  administratively down down
Dot11Radio0.3              unassigned      YES unset  administratively down down
Dot11Radio1                unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES NVRAM  up                    up
FastEthernet0.1            unassigned      YES unset  up                    up
FastEthernet0.3            unassigned      YES unset  up                    up

Настраиваю радио интерфейс для мульти ssid

#conf t
(config)#int d0
(config-if)#mbssid
(config-if)#encryption vlan 1 mode ciphers aes-ccm
(config-if)#encryption vlan 3 mode ciphers aes-ccm
(config-if)#ssid My-WI-FI
(config-if)#ssid banana
(config-if)#channel 2457
(config-if)#no shutdown
#sh ip interface br
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.215.130.124  YES NVRAM  up                    up
Dot11Radio0                unassigned      YES NVRAM  up                    up
Dot11Radio0.1              unassigned      YES unset  up                    up
Dot11Radio0.3              unassigned      YES unset  up                    up
Dot11Radio1                unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES NVRAM  up                    up
FastEthernet0.1            unassigned      YES unset  up                    up
FastEthernet0.3            unassigned      YES unset  up                    up
garage#
garage#sh running-config
Building configuration...

Просмотр подключенных клиентов

sh dot11 associations all-client
Address           : ace3.4265.d64e     Name             : NONE
IP Address        : 10.215.130.195     Interface        : Dot11Radio 0
Device            : unknown            Software Version : NONE
CCX Version       : NONE               Client MFP       : Off

State             : Assoc              Parent           : self
SSID              : My-WI-FI
VLAN              : 1
Hops to Infra     : 1                  Association Id   : 2
Clients Associated: 0                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : WPAv2 PS           Encryption       : AES-CCMP
Current Rate      : 54.0               Capability       : WMM ShortHdr
Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -67  dBm           Connected for    : 23 seconds
Signal to Noise   : 29  dB            Activity Timeout : 60 seconds
Power-save        : On                 Last Activity    : 0 seconds ago
Apsd DE AC(s)     : NONE

Packets Input     : 172                Packets Output   : 100
Bytes Input       : 16567              Bytes Output     : 13117
Duplicates Rcvd   : 0                  Data Retries     : 10
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
Session timeout   : 0 seconds
Reauthenticate in : never

Address           : a020.a611.c946     Name             : NONE
IP Address        : 192.168.100.102    Interface        : Dot11Radio 0
Device            : unknown            Software Version : NONE
CCX Version       : NONE               Client MFP       : Off

State             : Assoc              Parent           : self
SSID              : banana
VLAN              : 3
Hops to Infra     : 1                  Association Id   : 1
Clients Associated: 0                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : WPAv2 PS           Encryption       : AES-CCMP
Current Rate      : 54.0               Capability       : WMM ShortHdr
Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -70  dBm           Connected for    : 283 seconds
Signal to Noise   : 30  dB            Activity Timeout : 51 seconds
Power-save        : Off                Last Activity    : 9 seconds ago
Apsd DE AC(s)     : NONE

Packets Input     : 158                Packets Output   : 158
Bytes Input       : 18282              Bytes Output     : 15776
Duplicates Rcvd   : 0                  Data Retries     : 66
Decrypt Failed    : 0                  RTS Retries      : 0
MIC Failed        : 0                  MIC Missing      : 0
Packets Redirected: 0                  Redirect Filtered: 0
Session timeout   : 0 seconds
Reauthenticate in : never

Ссылки:

http://maxblogs.ru/articles/nastroika-tochki-dostupa-cisco-air-ap1252g-a-k9
https://study-ccna.com/encrypt-local-usernames-and-passwords
https://www.youtube.com/watch?v=zSX3ekJmPtI
http://maxblogs.ru/articles/nastroika-dvukh-ssid-na-tochke-dostupa-wifi-ot-cisco