Struktura mreze je sledeca: DHCP server je podignut na Windows 2003 Serveru koji je konektovan na Cisco svic 2950 na koji je zakacen i Cisco AP 1200.
Definisao sam Vlan 10 na svicu za racunare koji se kace na AP
Code:
vlan 10
name AP
…
interface vlan 10
ip address 192.168.10.1 255.255.255.0
vlan 10
name AP
…
interface vlan 10
ip address 192.168.10.1 255.255.255.0
Takodje sam na serveru definisao novi scope 192.168.10.0 kome je default-gateway 192.168.10.1, medjutim dinamicka dodela adresa nije profunkcionisala.
Evo i konfiguracije:
Code:
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ap
!
enable secret 5 ???
enable password 7 ???
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.144 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid veza
vlan 10
authentication network-eap eap_methods
guest-mode
!
dot11 holdoff-time 600
dot11 network-map
!
!
username ??? privilege 15 password 7 ???
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
encryption vlan 10 mode ciphers wep128
!
encryption key 1 size 128bit 7 ??? transmit-key
encryption mode wep mandatory
!
!
ssid veza
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 128
station-role root
antenna receive right
antenna transmit right
no cdp enable
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 192.168.1.144 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
radius-server local
nas 192.168.1.144 key 7 ???
user miki nthash 7 ???
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.144 auth-port 1812 acct-port 1813 key 7 ???
radius-server key 7 ???
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
password 7 ???
transport preferred all
transport output all
line vty 0 4
password 7 ???
transport preferred all
transport input all
transport output all
line vty 5 15
password 7 ???
transport preferred all
transport input all
transport output all
!
end
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ap
!
enable secret 5 ???
enable password 7 ???
!
ip subnet-zero
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.144 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
!
dot11 ssid veza
vlan 10
authentication network-eap eap_methods
guest-mode
!
dot11 holdoff-time 600
dot11 network-map
!
!
username ??? privilege 15 password 7 ???
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
encryption vlan 10 mode ciphers wep128
!
encryption key 1 size 128bit 7 ??? transmit-key
encryption mode wep mandatory
!
!
ssid veza
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 128
station-role root
antenna receive right
antenna transmit right
no cdp enable
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 192.168.1.144 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
radius-server local
nas 192.168.1.144 key 7 ???
user miki nthash 7 ???
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.1.144 auth-port 1812 acct-port 1813 key 7 ???
radius-server key 7 ???
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
password 7 ???
transport preferred all
transport output all
line vty 0 4
password 7 ???
transport preferred all
transport input all
transport output all
line vty 5 15
password 7 ???
transport preferred all
transport input all
transport output all
!
end
Ako neko zna gde je greska bio bih mu zahvalan.
[ mod markom: Code tagovi i to...]
[Ovu poruku je menjao markom dana 10.11.2007. u 20:13 GMT+1]
Hajlender