cisco controller 建置
http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html?mdfid=283848165
2014年12月24日 星期三
2014年11月30日 星期日
[Troubleshoot] apple iphone / ipad 在 cisco 設備遇到roaming 問題
直接跳結論
因為Apple產品不在Cisco的CCX認證裡面,所以就有可能會遇到無法roaming的問題
要roaming, 可以, 用802.1x認證
debug client mac
debug client
http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/100260-wlc-debug-client.html?mdfid=283848165
show {802.11a | 802.11bg} l2roam rf-params
show {802.11a | 802.11bg} l2roam statistics ap_mac
show client roam-history client_mac
debug l2roam {detail | error | packet | all} enable
最後一個指令可以看到設備因CCX不支援出現的log
有解法再更新...
參考連結/作法/Troubleshoot
http://ccie-or-null.net/2011/05/16/control-roaming-wlc/
https://discussions.apple.com/thread/3714890?tstart=0
Real-time Traffic over WLAN Roaming
因為Apple產品不在Cisco的CCX認證裡面,所以就有可能會遇到無法roaming的問題
要roaming, 可以, 用802.1x認證
debug client mac
debug client
http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1200-series/100260-wlc-debug-client.html?mdfid=283848165
show {802.11a | 802.11bg} l2roam rf-params
show {802.11a | 802.11bg} l2roam statistics ap_mac
show client roam-history client_mac
debug l2roam {detail | error | packet | all} enable
最後一個指令可以看到設備因CCX不支援出現的log
有解法再更新...
參考連結/作法/Troubleshoot
http://ccie-or-null.net/2011/05/16/control-roaming-wlc/
https://discussions.apple.com/thread/3714890?tstart=0
Real-time Traffic over WLAN Roaming
2014年11月1日 星期六
[Device] SG-300 switch 基礎中的基礎設定
比較特別的地方
*access prot 設vlan
interface GigabitEthernet 2
switch mode access
switch access vlan 123
*trunk port 要帶 vlan
int GigabitEthernet 24
switch mode trunk
switch trunk all vlan add all
<<VLAN ID or all>>
完成後show vlan
就可以看到trunk port 和要帶的vlan
ex: gi1,gi4
*telnet
目前看到作法是先用網頁開啟在去把telnat功能打開
security裡面吧
2014年10月30日 星期四
[Device] Aruba switch 基礎中的基礎設定
預設帳密
admin / admin123 / enable
更改 admin 密碼
mgmt-user admin root
password
password
VLAN IP / default gate-way
(S2500) (config) #interface vlan 1
(S2500) (vlan "1") #ip address 192.168.7.2 255.255.252.0
(S2500) (vlan "1") #exit
(S2500) (config) #ip-profile
(S2500) (ip-profile) #default-gateway 192.168.7.254
telnet SSH連線倒是不用特別設定
預設就可以直接用SSH2連線
帳密管理員那組就可以
admin / admin123 / enable
更改 admin 密碼
mgmt-user admin root
password
password
VLAN IP / default gate-way
(S2500) (config) #interface vlan 1
(S2500) (vlan "1") #ip address 192.168.7.2 255.255.252.0
(S2500) (vlan "1") #exit
(S2500) (config) #ip-profile
(S2500) (ip-profile) #default-gateway 192.168.7.254
telnet SSH連線倒是不用特別設定
預設就可以直接用SSH2連線
帳密管理員那組就可以
2014年10月28日 星期二
[Troubleshoot] AP無法Join controller debug方式 debug pm pki enable
#int vlan ap網段
#ip helper-address controllerip
#ip forward-protocol udp 5246
#ip forward-protocol udp 5247
在Controller輸入SHA1 Key Hash
debug pm pki enable/disable
找到MAC和 SSC Key Hash後(00:11:93:00:04:2c /c27c7c2e7da64383108f19e83777121efe3619db )
在controller 介面 Security> AP Profile > 按下Add按鈕 後
在Add AP to Authorization List裡面Certificate Type選 SSC
填入 MAC 和 SHA1 Key Hash後,<<<就是上面那串紅字>>>
即可完成
以下log會推算這MAC是這Hash key,是因為時間都相同,同一秒 所以猜測是同1個AP的資訊
(Cisco Controller) >Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: locking ca cert table
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: calling x509_alloc() for user cert
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: calling x509_decode()
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: <subject> L=San Jose, ST=California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1100-00119300042c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: <issuer> L=San Jose, ST=California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1100-00119300042c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Mac Address in subject is 00:11:93:00:04:2c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Wed Oct 29 03:18:46 2014: ssphmSsUserCertVerify: self-signed user cert verfied.
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (current): 2014/10/29/03:18:46
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (NotBefore): 2011/04/19/06:07:30
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: ValidityString (NotAfter): 2020/01/01/00:00:00
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: getting cisco ID cert handle...
Wed Oct 29 03:18:46 2014: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key Data
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 30820122 300d0609 2a864886 f70d0101
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 01050003 82010f00 3082010a 02820101
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 00e6bfcd 007d970b 5d463933 68080b5c
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data e794736b 754139bf 9bfe8aaa 0eb234cb
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data d6bf98cc e420d854 ec25e1b8 8d1a3228
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 3b480b2e a45fbbce aaa4cd4e dea2f7dc
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 7ad33d55 108b6ea9 55407d1d ba2d5a7e
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 0c171a35 f195931a ec6ee725 d67a3339
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data e61a38e2 6ce68bcb ec55a58c 9aee34f9
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 26d161a7 cbb23b44 f560a008 e0deab82
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 3b64c01e 8955c326 0f368ac9 122c1a95
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data eb8e81cc fa3ecbea a9806d5e b147dcf5
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data f4459ef2 2a53f767 fd5ef31b 739c82cd
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data fa04ad8f d809c9f2 c2ec268b 24a7983b
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 92b2f554 16d75bff 5dc53e43 9ac4c3c8
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 5f0f64f4 b4f71b9f eaa0a5be d0ff7388
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data f0f59223 b01aed74 a167d102 44274178
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 429aaad6 c6cb87e8 c9dad1db 5fd71043
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: Key Data 2f020301 0001
Wed Oct 29 03:18:46 2014: sshpmGetIssuerHandles: SSC Key Hash is c27c7c2e7da64383108f19e83777121efe3619dbWed Oct 29 03:18:46 2014: sshpmGetCertFromHandle: calling sshpmGetCertFromCID() with CID 0x1f7e88a7
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: called to get cert for CID 1f7e88a7
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
Wed Oct 29 03:18:46 2014: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
Wed Oct 29 03:18:48 2014: sshpmFreePublicKeyHandle: called with 0x159501ec
Wed Oct 29 03:18:48 2014: sshpmFreePublicKeyHandle: freeing public key
debug pm pki disable
2014年10月20日 星期一
AP join controller success log
*Oct 21 15:37:44.284: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Oct 21 15:37:45.319: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 21 15:37:46.320: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 21 15:37:49.232: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Oct 21 15:37:58.233: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC4404'(index 0).
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 21 02:21:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.482: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.240.231.1perform archive download capwap:/c1130 tar file
*Oct 21 15:37:45.319: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 21 15:37:46.320: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 21 15:37:49.232: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Oct 21 15:37:58.233: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC4404'(index 0).
*Oct 21 15:38:10.234: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 21 02:21:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.482: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.240.231.1 peer_port: 5246
*Oct 21 02:21:35.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.240.231.1perform archive download capwap:/c1130 tar file
2014年10月13日 星期一
RADIUS server 認證 switch 設定 802.1X authentication
To enable 802.1X authentication on a switch port, on the switch CLI, enter these commands:
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# radius-server host ip_addr auth-port port acct-port port key key
Switch(config)# interface fastethernet2/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# radius-server host ip_addr auth-port port acct-port port key key
Switch(config)# interface fastethernet2/1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
2014年10月5日 星期日
How to reset a Wireless LAN Controller (WLC) to factory defaults
Resolution
Complete these steps to reset the WLC to factory default settings using the CLI:
- Enter reset system at the command prompt.
- At the prompt that asks whether you need to save changes to the configuration, enter Y or N. The unit reboots.
- When you are prompted for a username, enter recover-config to restore the factory default configuration.
The WLC reboots and displays the Welcome to the Cisco WLAN Solution Wizard Configuration Tool message. - Use the configuration wizard to enter configuration settings.
Note: Once the WLC is reset to defaults, you need a serial connection to the WLC in order to use the configuration wizard.
For more information on resetting the device to default settings using GUI, refer to the Resetting the Device to Default Settings section of Configuring Controller Settings.
source
2014年8月27日 星期三
cisco 2504 controller web setting
command 改csico controller ip
>wlan disable all
>configure interface address managent IP-ADDRESS SUBNETMASK GATEWAY
>wlan enable all
show ap join stats summary all
show ap summary
在interface 編輯 DHCP server
security>AAA>TACACS+>Local Net Users可以看建立哪些帳號
web認證
security>Web Auth> Web Login Page> web authentication type(選internal)
management>Mgmt Via Wireless> Enable Controller ... Clients口 要打勾
這樣才能從底下AP連上來的client管理controller
management>Local Management User >建立管理帳號
Lobbyadmin介紹:建立臨時帳號的管理者
改Controller IP等資訊
Controller>Interfaces>Interface Name點進去
2014年8月24日 星期日
[Device] cisco controller setup final
Would you like to terminate autoinstall? [yes]:
System Name [Cisco_b8:71:c4] (31 characters max):
AUTO-INSTALL: process terminated -- no configuration loaded
2504
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (3 to 24 characters): ********
Re-enter Administrative Password : ********
Enable Link Aggregation (LAG) [yes][NO]: no
Management Interface IP Address: 192.168.45.200
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.45.254
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 4]: 1
Management Interface DHCP Server IP Address: 172.16.41.1
Virtual Gateway IP Address: 1.1.1.1
Multicast IP Address: 239.0.0.1
Mobility/RF Group Name: poc
Network Name (SSID): poc
Configure DHCP Bridging Mode [yes][NO]:
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]: TW
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]:
Enter the NTP server's IP address: 211.22.103.158
Enter a polling interval between 3600 and 604800 secs: 3600
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
Configuration saved!
Resetting system with new configuration...
Configuration saved!
Resetting system with new configuration...
Restarting system.
System Name [Cisco_b8:71:c4] (31 characters max):
AUTO-INSTALL: process terminated -- no configuration loaded
2504
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (3 to 24 characters): ********
Re-enter Administrative Password : ********
Enable Link Aggregation (LAG) [yes][NO]: no
Management Interface IP Address: 192.168.45.200
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.45.254
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 4]: 1
Management Interface DHCP Server IP Address: 172.16.41.1
Virtual Gateway IP Address: 1.1.1.1
Multicast IP Address: 239.0.0.1
Mobility/RF Group Name: poc
Network Name (SSID): poc
Configure DHCP Bridging Mode [yes][NO]:
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code list (enter 'help' for a list of countries) [US]: TW
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]:
Enter the NTP server's IP address: 211.22.103.158
Enter a polling interval between 3600 and 604800 secs: 3600
Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
Configuration saved!
Resetting system with new configuration...
Configuration saved!
Resetting system with new configuration...
Restarting system.
2014年8月13日 星期三
cisco ap >> ERROR!!! Command is disabled.
喔我好強XD
1. 刪除現有的ios,讓他回復到最初機器上面的
2. clear pre-config
ERROR!!! Command is disabled.
出現這訊息,就不用在ap上踹了,直接到controller的web介面
找到這台ap的mac 或hostname, 直接在上面修改 hostname or ip等資訊
收工~
若硬要console設定ap 下文說是需要給ap一組username/password
我沒試過..因為上面做完就收工了.
Q.
When I enable some LWAPP commands on my LAP, I get an error that says the
command is disabled. Why is this?
cisco ap ERROR!!! Command is disabled.
1. 刪除現有的ios,讓他回復到最初機器上面的
2. clear pre-config
ERROR!!! Command is disabled.
出現這訊息,就不用在ap上踹了,直接到controller的web介面
找到這台ap的mac 或hostname, 直接在上面修改 hostname or ip等資訊
收工~
若硬要console設定ap 下文說是需要給ap一組username/password
我沒試過..因為上面做完就收工了.
Q.
When I enable some LWAPP commands on my LAP, I get an error that says the
command is disabled. Why is this?
AccessPoint#clear lwapp ap controller ip address
ERROR!!! Command is disabled.
AccessPoint#clear lwapp ap controller ip address ERROR!!! Command is disabled.
A. Once your AP has successfully joined a controller, the LWAPP commands are disabled. In order to enable LWAPP commands again, you must set the username/password of the AP from the controller CLI with the config ap username <name> password <pwd> <cisco-ap>/all command. Once that is done, you can do a clear lwapp private-config in the AP CLI to allow you to manually re-issue the AP LWAPP configuration commands.
Note: If you are running WLC version 5.0 and later, use this command to set the username and password on the AP:
config ap mgmtuser add username AP_username password AP_password secret secret {all | Cisco_AP}
cisco ap ERROR!!! Command is disabled.
2014年7月27日 星期日
cisco 4506 Password Recovery
1.Press Ctrl-C within 5 seconds to prevent autoboot.
2.
rommon 1 > set
rommon 1 > confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
=======================================================
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
===========================================================
rommon 1 >confreg=0x2142
You must reset or power cycle for the new configuration to take effect.
Issue the reset command so that the module reboots.
Due to the changes that you made in step 2, the module reboots but ignores the saved configuration.
rommon 2 > reset
Resetting .......
rommon 3 >
3.
Switch#configure memory
4.
config t
no no enable secret
enable secret cisco
config-register 0x2102
wr
sh ver
.
.
.
Configuration register is 0x2142 (will be 0x2102 at next reload)
reload
cisco password recovery
2014年7月23日 星期三
2014年7月22日 星期二
Multiple SSID With Multiple VLANs (Cisco AP)
<<<Configuration on the AP - Step 1>>>
Conf t Dot11 ssid one Vlan 1 Authentication open Mbssid Guest-mode ! Dot11 ssid two Vlan 2 authentication open authentication key-management wpa wpa-psk ascii 7 <WPA key> Mbssid Guest-mode ! Dot11 ssid three Vlan 3 authentication key-management wpa version 2 wpa-psk ascii 7 <WPA key> Mbssid Guest-mode !
!
<<<Step 2 - Assigning the Encryption to different SSIDs with respective VLANs>>>
Int dot11 0 Mbssid encryption vlan 1 mode wep mandatory encryption vlan 1 key 1 size 40bit <10bit key> encryption vlan 2 mode ciphers tkip encryption vlan 3 mode ciphers aes-ccm
ssid one
ssid two
ssid three
<<<Step 3 - Configuring the sub interface for Dot11 radio 0 and Ethernet.>>>
AP(config)# interface Dot11Radio0.1
AP(config-subif)# encapsulation dot1Q 1 native
AP(config-subif)#bridge group 1
AP(config-subif)# interface FastEthernet0.1
AP(config-subif)#bridge group 1
AP(config-subif)# encapsulation dot1Q 1 native
!
AP(config)# interface Dot11Radio0.2
AP(config-subif)# encapsulation dot1Q 2
AP(config-subif)#bridge group 2
AP(config-subif)# interface FastEthernet0.2
AP(config-subif)#bridge group 2
AP(config-subif)# encapsulation dot1Q 2
!
AP(config)# interface Dot11Radio0.3
AP(config-subif)# encapsulation dot1Q 3
AP(config-subif)#bridge group 3
AP(config-subif)# interface FastEthernet0.3
AP(config-subif)#bridge group 3
AP(config-subif)# encapsulation dot1Q 3
!
AP(config)#bridge irb
Ap(config)# bridge 1 route ip
Ap(config)# end
Ap#wr
Multiple SSID With Multiple VLANs
2014年7月18日 星期五
訂閱:
文章 (Atom)