2015年7月6日 星期一

[Device] Cisco autonomous AP WEB-authentication 完整設定

ap#
ap#sh run
Building configuration...

Current configuration : 2836 bytes
!
! Last configuration change at 01:15:44 UTC Mon Mar 1 1993
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
!
logging rate-limit console 9
enable secret 5 $1$uI.z$jA6e4R9Pg0QnbePnDVL.G/
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login web_list group radius
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
no ip source-route
no ip cef
ip admission name web_auth proxy http
ip admission name web_auth method-list authentication web_list
ip admission name webauth proxy http
!
!
!
!
dot11 syslog
!
dot11 ssid Guest
   web-auth
   authentication open
   guest-mode
!
!
!
no ipv6 cef
!
!
username Cisco password 7 106D000A0618
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 ssid Guest
 !
 antenna gain 0
 stbc
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 ip admission web_auth
!
interface Dot11Radio1
 no ip address
 shutdown
 antenna gain 0
 peakdetect
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 64f6.9d99.4bd4
 ip address a.a.a.a 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
!
!
radius-server local
  nas a.a.a.a key 7 121A0C041104
  user user1 nthash 7 124F5142442E59250C7C767A101606305646572703017904755C254F417D00060A
!
radius-server attribute 32 include-in-access-req format %h
!
radius server local
 address ipv4 a.a.a.a auth-port 1812 acct-port 1813
 key 7 070C285F4D06
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input all
!
end

ap#                                            
張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)