2013年9月9日 星期一
讓指定IP mac 可通過 switch
Switch#sh run
Building configuration...
Current configuration : 4261 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
system mtu routing 1500
!
!
ip dhcp snooping vlan 10
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-3926136960
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3926136960
revocation-check none
rsakeypair TP-self-signed-3926136960
!
!
crypto pki certificate chain TP-self-signed-3926136960
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
71073AB3 72A162DC 8CE8934D 696236D1 BCBA528B 3083F7BF B651115C 73278385 951A12
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet0/1
ip verify source port-security
!
interface GigabitEthernet0/2
ip verify source port-security
!
interface GigabitEthernet0/3
spanning-tree portfast
ip verify source port-security
!
interface GigabitEthernet0/4
ip verify source port-security
!
interface GigabitEthernet0/5
switchport access vlan 10
spanning-tree portfast
ip verify source port-security
!
interface GigabitEthernet0/6
ip verify source port-security
!
interface GigabitEthernet0/7
switchport access vlan 10
ip arp inspection trust
spanning-tree portfast
ip verify source port-security
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
ip classless
!
ip http server
ip http secure-server
!
ip source binding A820.6600.5AE1 vlan 10 192.168.1.2 interface Gi0/7
!
!
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end
Switch#
CiscoAP 新增SSID & 認證 & 設定
建立SSID名稱
config t
dot11 ssid xxxx
authentication (認證方式 open 或key-management)
guest-mode(有這指令就會廣播ssid,不廣播就不用輸入)
int Dot11radio0
ssid xxxx ?
int bvi1 <設定IP在這邊設定>
ip add
如果AP 或Switch 在開機時都要需要輸入boot才能開機,
輸入下面這行就能搞定
set MANUAL_BOOT no
參考設定
教學
cisco認證設定
=======
ap#config t
ap(config)#dot11 ssid name123
ap(config-ssid)#authentication open
ap(config-ssid)#guest-mode
ap(config)#inter dot11Radio 0
ap(config-if)#encryption mode ciphers tkip
ap(config-if)#ssid name123
ap(config)#dot11 ssid name123
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa
ap(config-ssid)#wpa-psk ascii pwd123
ap(config-if)#no shutdown
動指定IP:
ap(config-if)#int bvi 1
ap(config-if)#ip addr 192.168.1.2 255.255.255.0
====
Current configuration : 1449 bytes
!
! Last configuration change at 23:21:51 UTC Fri Mar 1 2002
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$7euO$b7eCua8awdOZ1X4Ehb9ov0
!
no aaa new-model
no ip routing
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid ffff
authentication open
authentication key-management wpa
wpa-psk ascii 7 ssshtht
!
!
dot11 guest
!
!
!
username Cisco password 7 fasdf
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ffff
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 192.168.1.10 255.255.255.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end
ap#
config t
dot11 ssid xxxx
authentication (認證方式 open 或key-management)
guest-mode(有這指令就會廣播ssid,不廣播就不用輸入)
int Dot11radio0
ssid xxxx ?
int bvi1 <設定IP在這邊設定>
ip add
如果AP 或Switch 在開機時都要需要輸入boot才能開機,
輸入下面這行就能搞定
set MANUAL_BOOT no
參考設定
教學
cisco認證設定
=======
ap#config t
ap(config)#dot11 ssid name123
ap(config-ssid)#authentication open
ap(config-ssid)#guest-mode
ap(config)#inter dot11Radio 0
ap(config-if)#encryption mode ciphers tkip
ap(config-if)#ssid name123
ap(config)#dot11 ssid name123
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa
ap(config-ssid)#wpa-psk ascii pwd123
ap(config-if)#no shutdown
動指定IP:
ap(config-if)#int bvi 1
ap(config-if)#ip addr 192.168.1.2 255.255.255.0
====
Current configuration : 1449 bytes
!
! Last configuration change at 23:21:51 UTC Fri Mar 1 2002
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$7euO$b7eCua8awdOZ1X4Ehb9ov0
!
no aaa new-model
no ip routing
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid ffff
authentication open
authentication key-management wpa
wpa-psk ascii 7 ssshtht
!
!
dot11 guest
!
!
!
username Cisco password 7 fasdf
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
ssid ffff
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
ip address 192.168.1.10 255.255.255.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end
ap#
Cisco AP 從Lightweight 轉到 Autonomous 模式
搞好久= =
設定好後,把網路線插進G0,設定固定IP,等BVI1抓到IP 後,
就可以用網頁打開進去設定.
debug capwap con cli
conf t
boot manual
reload
set IP_ADDR 192.168.0.2
set NETMASK 255.255.255.0
set DEFAULT_ROUTER 192.168.0.1
tftp_init
ether_init
flash_init
tar -xtract tftp://<TFTP_svr>/<Path_to_tar> flash:
set BOOT flash:/<image_directory>/<image_name>
set MANUAL_BOOT = no
set
boot設定好後,把網路線插進G0,設定固定IP,等BVI1抓到IP 後,
就可以用網頁打開進去設定.
referencehttp://networkengineering.stackexchange.com/questions/1550/converting-ap-from-capwap-to-autonomous-bvi1-interface-gets-reverted-back-to-dhttps://supportforums.cisco.com/docs/DOC-18268#Set_up_the_TFTP_Server
訂閱:
文章 (Atom)