Versions Compared

Old Version 3

changes.mady.by.user Robert Maltarić

Saved on

compared with

New Version 4

changes.mady.by.user Robert Maltarić

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

U primjeru konfiguracije koriste se odvojeni management i klijenski VLAN-ovi:

  • AP MGMT (VLAN 100)
  • eduroam (VLAN 411) 

...

  • UNTAGGED za AP MGMT
  • TAGGED za eduroam

Adresa DNS poslužitelja: 1.1.1.1

Adresa NTP poslužitelja: time.cloudflare.com

Adresa RADIUS poslužitelja: 161.53.2.74

Management mreža za AP: 10.10.10.0/24

Mreža za eduroam korisnike: 10.111.0.0/16

Korištena oprema

Cisco Aironet 1602i (IOS verzija 15.2.4-JB4)

Konfiguracija

CLI

  1. Za autentikaciju unesite sljedeće korisničke podatke:

...

  1. Ulazak u konfiguracijski mod:

    Code Block
    AP# configure terminal 
AP (config)#


  2. Postavljanje DNS-a i NTP-a


    Code Block
    ip name-server 1.1.1.1
sntp server time.cloudflare.com
clock timezone UTC +1


  3. Aktivacija AAA (Authentication, Authorization, and Accounting)

    Code Block
    aaa new-model


  4. Definiranje RADIUS poslužitelja

    Code Block
    radius-server host 161.53.2.73 auth-port 1812 acct-port 1813 key vrl0tajn@sifra!

aaa group server radius radsrv
server 161.53.2.73 auth-port 1812 acct-port 1813

aaa authentication login eap_methods group radsrv
aaa authorization network default group radsrv
aaa accounting send stop-record authentication failure
aaa accounting session-duration ntp-adjusted
aaa accounting update newinfo periodic 15
aaa accounting network default start-stop group radsrv
aaa accounting network acct_methods start-stop group radsrv


  5. Definiranje eduroam SSID-a

    Code Block
    dot11 ssid eduroam
vlan 411
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
accounting acct_methods
guest-mode


  6. Konfiguracija management sučelja i dodavanje defaultne route

    Code Block
    interface GigabitEthernet0
no shutdown

interface BVI1
ip address 10.10.10.150 255.255.255.0

ip default-gateway 10.10.10.1


  7. Dodavanje eduroam SSID-a na radio sučelja

    Code Block
    interface Dot11Radio0
encryption vlan 411 mode ciphers aes-ccm
ssid eduroam
no shutdown

interface Dot11Radio1
encryption vlan 411 mode ciphers aes-ccm
ssid eduuroam
no shutdown


  8. Povezivanje žičanih i radio sučelja u bridge grupu

    Code Block
    interface GigabitEthernet0.411
encapsulation dot1Q 411
bridge-group 2

interface dot11Radio0.411
encapsulation dot1Q 411
bridge-group 2

interface dot11Radio1.411
encapsulation dot1Q 411
bridge-group 2


  9. Podešavanje automatskog odabira kanala između 1-6-11 za 2.4 GHz radio sučelje

    Code Block
    interface Dot11Radio0
channel least-congested 1 6 11


  10. Izlazak iz konfiguracijskog moda i spremanje konfiguracije

    Code Block
    end
write memory


  11. Ne zaboravite promijeniti defaultne korisničke podatke i ograničiti pristup management sučelju AP-a

...