Cisco Lightweight AP Konfiguration
Wie wird ein Cisco AccessPoint konfiguriert ?
Beispiele folgen für OpenAuthentication/WEP/WPA2
In meinem Beipsiel erfolgt die Konfiguration des AccessPoints für das VLAN 178 da es in meiner Umgebung das Testnetz ist.
Es wird nur die 2.4GHz Umgebung konfiguriert, da mein AccessPoint keine 5GHz Antennen hat. Man muss aber nur die 2.4GHz (dot11 radio 0) konfiguration auf das 5GHz (dot 11 radio 1) Interface übertragen und schon klappt es auch mit den 5GHz
OpenAuthentication
!
dot11 ssid WirelessLab <– SSID
vlan 178 <– für mein VLAN 178
authentication open
guest-mode <– damit man die SSID auch sieht
!
bridge irb
!
!
interface Dot11Radio0 <– 2.4GHz Interface
no ip address
no ip route-cache
!
ssid WirelessLab <– SSID auf das Interface gebunden
!
station-role root
!
interface Dot11Radio0.178 <– Subinterface für das VLAN
encapsulation dot1Q 178 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.178 <- Sub Interface
encapsulation dot1Q 178 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.178.xx 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.178.xx
bridge 1 route ip
!
WEP Authentifikation ( in rot die Änderungen zur OpenAuthentifikation)
!
dot11 ssid WirelessLab
vlan 178
authentication open
guest-mode
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 178 key 1 size 40bit 7 0ABDE1A1FB84 transmit-key <– WEP Passwort
encryption vlan 178 mode wep mandatory <– Passwort wird benötigt
!
ssid WirelessLab
!
station-role root
!
interface Dot11Radio0.178
encapsulation dot1Q 178 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.178
encapsulation dot1Q 178 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.178.xx 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.178.xx
!
WPA2 ( in rot die Änderungen zur OpenAuthentifikation)
!
dot11 ssid WirelessLab
vlan 178
authentication open
authentication key-management wpa version 2 <– WPA2 Authefikation einstellen
guest-mode
wpa-psk ascii 7 047F0E143B2459480C1516181E07080D29232C273F302C <– Passwort festlegen
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 178 mode ciphers aes-ccm tkip <– encryption festlegen
!
ssid WirelessLab
!
station-role root access-point
!
interface Dot11Radio0.178
encapsulation dot1Q 178 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface FastEthernet0.178
encapsulation dot1Q 178 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.178.xx 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.178.xx
!