Fernando,
Attached is a configuration template that I use for all my Cisco 1200 series
APs. I believe I have changed are security sensitive information.
IP address 5.6.7.8 should be replaced with the IP address of your PF server.
IP address 1.2.3.4 would be the IP address of my CiscoACS server for other
RADIUS/TACACS+ "stuff"
The rest of the fake IP address you should be able to figure out what they are
for.
Replace <pf Shared Secret> with your PF server secret word
This configuration has 2 other SSID/VLANs/networks, etc that have nothing to do
with PF.
If you are creating a simple 1 SSID AP then all you need to care about is SSID
SMCCCD_Public (VLAN100) and VLAN50 (PF Registration).
We are currently not doing any "isolation" so VLAN52 is currently just a place
holder.
mlh
---------------------------------------------------------------------
Michael L Hart
Network Manager
San Mateo County Community College District
Information Technology Services
voice:650.358.6709
mailto:[email protected]
http://www.smccd.edu<http://www.smccd.edu/>
1700 W Hillsdale Blvd,
Building 25 ITS
San Mateo CA 94402
From: Fernando Rodriguez [mailto:[email protected]]
Sent: Wednesday, November 09, 2011 9:33 AM
To: [email protected]
Subject: [Packetfence-users] Cisco 1242AG
Hello,
Can any one share a working configuration of an Cisco Aironet 1242 it seems all
the documentation that i have been able to find is not working.
Thanks
Fernando Rodriguez
[email protected]<mailto:[email protected]>
www.aitelecom.net<http://www.aitelecom.net>
MSN: [email protected]<mailto:[email protected]>
Skype: frodmda
!
! No configuration change since last restart
! NVRAM config last updated at 04:46:35 U Wed Nov 9 2011 by netmgr1
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname MyWap
!
logging buffered notifications
logging rate-limit console 25
logging console informational
logging monitor notifications
enable secret 5 $1$ymS2$kCJRKJq3M8DDTL2Dc/31J/
!
aaa new-model
!
!
aaa group server radius rad_eap
server 1.2.3.4 auth-port 1645 acct-port 1646
server 5.6.7.8 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
server 5.6.7.8 auth-port 1812 acct-port 1813
!
aaa group server radius rad_acct
server 1.2.3.4 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
server 1.2.3.4 auth-port 1645 acct-port 1646
!
aaa group server tacacs+ tac_admin
server 1.2.3.4
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods group rad_mac
aaa authentication login NetMgr group tac_admin group rad_admin
aaa authorization exec default local group tac_admin group rad_admin
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone U -8
clock summer-time U recurring
ip domain name smccd.net
ip name-server a.b.c.5
ip name-server a.b.c.6
!
!
dot11 activity-timeout unknown default 62
dot11 activity-timeout client default 62 maximum 120
dot11 activity-timeout repeater default 90 maximum 120
dot11 activity-timeout workgroup-bridge default 90 maximum 120
dot11 activity-timeout bridge default 90 maximum 120
dot11 vlan-name Admin vlan 10
dot11 vlan-name Default vlan 1
dot11 vlan-name Instructional vlan 20
dot11 vlan-name Isolation vlan 52
dot11 vlan-name PublicWireless vlan 100
dot11 vlan-name Registration vlan 50
!
dot11 ssid FacStaff
vlan 10
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
accounting acct_methods
mbssid guest-mode
!
dot11 ssid SMCCCD_Public
vlan 50 backup 100
authentication open mac-address mac_methods
guest-mode
mbssid guest-mode
!
dot11 ssid StudentLabs
vlan 20
authentication open
!
dot11 network-map
!
username administrator privilege 15 password 7 xxxxxxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
timeout absolute 60 0
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 20 key 1 size 128bit 7 xxxxxxxxxxxxxxxxxx transmit-key
encryption vlan 20 mode wep mandatory
!
ssid FacStaff
!
ssid SMCCCD_Public
!
ssid StudentLabs
!
mbssid
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 port-protected
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 250
bridge-group 250 subscriber-loop-control
bridge-group 250 block-unknown-source
no bridge-group 250 source-learning
no bridge-group 250 unicast-flooding
bridge-group 250 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface GigabitEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 250
no bridge-group 250 source-learning
bridge-group 250 spanning-disabled
!
interface GigabitEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface BVI1
ip address x.y.z.o 255.255.255.0
no ip route-cache
!
ip default-gateway x.y.z.p
no ip http server
ip http access-class 15
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
ip access-list extended DenyPublicWireless
permit udp any any eq bootps
permit udp host a.b.c.5 eq bootps any eq bootps
permit udp host a.b.c.6 eq bootps any eq bootps
permit udp host d.e.f.5 eq bootps any eq bootps
permit udp host d.e.f.6 eq bootps any eq bootps
permit udp host g.h.i.5 eq bootps any eq bootps
permit udp host g.h.i.6 eq bootps any eq bootps
deny ip any any time-range NoWireless
permit ip any any
logging history informational
logging trap debugging
logging facility local6
logging 10.0.91.244
snmp-server view iso iso included
snmp-server view dot11view ieee802dot11 included
snmp-server community ReedPipes RO
snmp-server community AdamBradMike RW
snmp-server community dot11 view dot11view RW
snmp-server location MyWap
snmp-server contact [email protected]
snmp-server chassis-id MyWap
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps aaa_server
snmp-server host 5.6.7.8 <pf Shared Secret> deauthenticate
tacacs-server host 1.2.3.4 key 7 xxxxxxxxxxxxxxxxxxxxx
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.2.3.4 auth-port 1645 acct-port 1646 key 7
xxxxxxxxxxxxxxxxxxxxxxx
radius-server host 5.6.7.8 auth-port 1812 acct-port 1813 key 7
xxxxxxxxxxxxxxxxxxxxxxxx
radius-server vsa send accounting
radius-server vsa send authentication
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
access-class 15 in
login authentication NetMgr
line vty 5 15
access-class 15 in
login authentication NetMgr
!
sntp server 10.0.255.253
sntp broadcast client
time-range NoWireless
periodic daily 0:00 to 6:00
periodic daily 23:00 to 23:59
!
end
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
