Buona sera a tutti i frequentatori del forum.
Sono per la prima volta alle prese con la configurazione della parte wirelless di un apparato Cisco, precisamente un 851W che vorrei per ora usare semplicemente come access point verso la mia LAN.
Ho provato a seguire i suggerimenti contenuti in precedenti post ma non riesco a far connettere alla rete i PC attraverso la wireless. Sarò grato a tutti coloro che potranno da una occhiata alla configurazione che ho implementato e darmi dei suggerimenti. GRAZIE!
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 851W
!
boot-start-marker
boot-end-marker
!
enable secret xxxx
enable password xxxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip routing
no ip dhcp use vrf connected
!
ip dhcp pool WI-FI
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
lease 0 0 30
!
!
no ip cef
!
bridge irb
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
no ip route-cache
duplex auto
speed auto
!
interface Dot11Radio0
description Interfaccia Wi-Fi
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
no ip route-cache
!
broadcast-key vlan 1 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
max-associations 5
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 1234567890
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
no ip route-cache
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
ip address 192.168.4.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache
no ip mroute-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxx
login
!
scheduler max-task-time 5000
end
Configurazione Wireless 851W
Moderatore: Federico.Lagni
-
djdylan78
- Network Emperor
- Messaggi: 382
- Iscritto il: ven 20 gen , 2006 2:01 pm
sulla "interface Dot11Radio0.1 " non vedo associato il ssid "cisco" che hai creato...
ti consiglierei cmq prima di iniziare con una rete wi-fi "open" verificare che riesci ad accedere e poi iniziare ad implementare la security.
ti consiglierei cmq prima di iniziare con una rete wi-fi "open" verificare che riesci ad accedere e poi iniziare ad implementare la security.
Cisco Certified
-
davjava
- n00b
- Messaggi: 18
- Iscritto il: sab 19 apr , 2008 6:11 pm
Anzitutto grazie per l'aiuto.djdylan78 ha scritto:sulla "interface Dot11Radio0.1 " non vedo associato il ssid "cisco" che hai creato...
ti consiglierei cmq prima di iniziare con una rete wi-fi "open" verificare che riesci ad accedere e poi iniziare ad implementare la security.
Come dovrei fare ad associare il ssid alla interfaccia Dot11Radio0.1 ?
Ho provato a togliere tutte le security come mi hai suggerito ma il risultato non è cambiato. Ecco la nuova configurazione:
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 851W
!
boot-start-marker
boot-end-marker
!
enable secret xxxx
enable password xxxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip routing
no ip dhcp use vrf connected
!
ip dhcp pool WI-FI
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
lease 0 0 30
!
!
no ip cef
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
no ip route-cache
duplex auto
speed auto
!
interface Dot11Radio0
description Interfaccia Wi-Fi
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip local-proxy-arp
no ip route-cache
!
broadcast-key vlan 1 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
max-associations 5
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip nat inside
ip virtual-reassembly
no ip route-cache
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
ip address 192.168.4.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache
no ip mroute-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxx
login
!
scheduler max-task-time 5000
end
-
davjava
- n00b
- Messaggi: 18
- Iscritto il: sab 19 apr , 2008 6:11 pm
Posto questa configurazione perchè sembrerebbe funzionare, gli apparati Wireless si connettono alla rete con DHCP (network 192.168.3.0) e raggiungono gli host collegati alla rete LAN (network 192.168.4.0).
Ora non mi resta che implementare un pò di security sulla Wireless e poi collegare il tutto a internet tramite l'interfaccia fastethernet4...avete qualche suggerimento? Grazie.
Current configuration : 4016 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C851W
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$exm9$AvSbqMwr.vRmkXRvUGDHX0
enable password 7 05080F1C2243
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.99
!
ip dhcp pool VLAN20
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
lease 4
!
!
ip cef
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-1063327464
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1063327464
revocation-check none
rsakeypair TP-self-signed-1063327464
!
!
crypto pki certificate chain TP-self-signed-1063327464
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303633 33323734 3634301E 170D3032 30333032 30373236
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30363333
32373436 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8B5 F862C740 BE2BC0F0 938FA2B0 097A20EE 89AEF3B7 0AC2FDFD A7BD8C6E
CA409D70 4FA9225C CD23B9BC 3B672B54 E9C0FFF9 78D575E2 E8A80497 49BA558C
60D0DE2F BDF8D34F FAD16F52 54312196 DACF42AD 74647F89 6A369077 7EED355A
09A696CE 23DE6934 33FC4491 553B57C4 2DB0EAB5 7B38996F 15A3E9F4 728FC9F5
680F0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B636F6E 73756C65 6E7A652E 301F0603 551D2304 18301680
147F66E6 8D9C35ED 539BE1DD 0C6DE1FC 244E1840 ED301D06 03551D0E 04160414
7F66E68D 9C35ED53 9BE1DD0C 6DE1FC24 4E1840ED 300D0609 2A864886 F70D0101
04050003 8181005A 21327B7B 683804AF 5BDA5E3D 6DD6625E 1A7EBEB3 0B8F8154
2B82ECEB E59FDC7F 41D43B16 AC8C7A1C 65CA98E1 21699213 5BF62A1D 4FB2478E
36CFB4F6 73A10AF3 1DC3EBAA 9F60A973 3626BD36 E484DEE0 EB6FCC4E 1A0B6AF4
A7105E00 F26D9EDE 6A62717A 7A8B8A52 34C7EDF1 888D4262 3C825B8A AD7C8B33
FB36720F F3D874
quit
username utente privilege 15 password 7 08354D45041811121E
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid GuestWLAN
vlan 20
authentication open
guest-mode
!
ssid InternalWLAN
vlan 1
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip address 192.168.3.254 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
!
ip http server
ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
line con 0
password 7 14141B180F0B
no modem enable
line aux 0
line vty 0 4
password 7 121A0C041104
!
scheduler max-task-time 5000
end
Ora non mi resta che implementare un pò di security sulla Wireless e poi collegare il tutto a internet tramite l'interfaccia fastethernet4...avete qualche suggerimento? Grazie.
Current configuration : 4016 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C851W
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$exm9$AvSbqMwr.vRmkXRvUGDHX0
enable password 7 05080F1C2243
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.99
!
ip dhcp pool VLAN20
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
lease 4
!
!
ip cef
no ip domain lookup
!
!
crypto pki trustpoint TP-self-signed-1063327464
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1063327464
revocation-check none
rsakeypair TP-self-signed-1063327464
!
!
crypto pki certificate chain TP-self-signed-1063327464
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303633 33323734 3634301E 170D3032 30333032 30373236
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30363333
32373436 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C8B5 F862C740 BE2BC0F0 938FA2B0 097A20EE 89AEF3B7 0AC2FDFD A7BD8C6E
CA409D70 4FA9225C CD23B9BC 3B672B54 E9C0FFF9 78D575E2 E8A80497 49BA558C
60D0DE2F BDF8D34F FAD16F52 54312196 DACF42AD 74647F89 6A369077 7EED355A
09A696CE 23DE6934 33FC4491 553B57C4 2DB0EAB5 7B38996F 15A3E9F4 728FC9F5
680F0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B636F6E 73756C65 6E7A652E 301F0603 551D2304 18301680
147F66E6 8D9C35ED 539BE1DD 0C6DE1FC 244E1840 ED301D06 03551D0E 04160414
7F66E68D 9C35ED53 9BE1DD0C 6DE1FC24 4E1840ED 300D0609 2A864886 F70D0101
04050003 8181005A 21327B7B 683804AF 5BDA5E3D 6DD6625E 1A7EBEB3 0B8F8154
2B82ECEB E59FDC7F 41D43B16 AC8C7A1C 65CA98E1 21699213 5BF62A1D 4FB2478E
36CFB4F6 73A10AF3 1DC3EBAA 9F60A973 3626BD36 E484DEE0 EB6FCC4E 1A0B6AF4
A7105E00 F26D9EDE 6A62717A 7A8B8A52 34C7EDF1 888D4262 3C825B8A AD7C8B33
FB36720F F3D874
quit
username utente privilege 15 password 7 08354D45041811121E
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid GuestWLAN
vlan 20
authentication open
guest-mode
!
ssid InternalWLAN
vlan 1
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
channel 2412
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN - routed WLAN
encapsulation dot1Q 20
ip address 192.168.3.254 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
!
ip http server
ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
line con 0
password 7 14141B180F0B
no modem enable
line aux 0
line vty 0 4
password 7 121A0C041104
!
scheduler max-task-time 5000
end
