Monthly Archives: May 2018

WiFi

Posted on by

SWITCH

vlan 10
name nesto
vlan 20
name IT
vlan 30
name Guest

interface FastEthernet1/0/1
description veza prema routeru – na svaki interface OBAVEZNO stavljati description !!!
switchport trunk encapsulation dot1q
switchport mode trunk allowed vlan 1,10,20,30 – potrebno je točno specificirati VALN-ove!!!
switchport mode trunk
!
interface FastEthernet1/0/2
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30
switchport mode trunk
!
interface FastEthernet1/0/3
description PC
switchport access vlan 1 – ovo se ne piše tj. ostaje u defaultnom vlan-u
switchport mode access
spanning-tree portfast
!
interface VLAN 1
ip address 192.168.1.2 255.255.255.0 – može se staviti bilo koji ip iz range-a za management
!
Line vty 0 15 – omogućujemo udaljeni pristup (telnet)
Password xxxx – stavite po želji
no ip domain-lookup

line con 0
logging synchronous
pass class
login
line vty 0 15
pass class
login
enab sec class

ROUTER

ip dhcp pool IT-GrupaX – naziv pool-a stavljate po želji
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
!
ip dhcp pool GUEST-GrupaX
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.30.1
!
ip dhcp pool AP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool PC
network 192.168.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.2.254
!
interface FastEthernet0/0
tu samo no shu
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 – enkapsulacija po vlanu kojem pripada
ip address 192.168.1.1 255.255.255.0
ip nat inside – naredba za NAT ide na svaki subinterface da bi vam radio pristup na Internet
!
interface FastEthernet0/0.10
description AP
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.20
description IT
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.30
description GUEST
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
access-group GUEST in – primjenjujemo acc listu za goste
!
interface FastEthernet0/1
description WAN
ip address 10.10.2.15X 255.255.255.0
ip nat outside – na WAN sučelje obavezno se stavlja naredba nat outside!!!
ip virtual-reassembly
duplex auto

ip route 0.0.0.0 0.0.0.0 10.10.2.254 – ne zaboravite staviti defaultnu rutu s next hop adresom!!!
!
ip nat inside source list WIFI interface FastEthernet0/1 overload – sav promet se natira u wan int.
!
ip access-list extended WIFI – access lista potrebna za nat može standardna ili extended !!!
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
!
ip access-list extended GUEST – dopuštamo gostima samo izlaz na Internet, cijeli LAN zabranjujemo
deny ip 192.168.30.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any – ne zaboravite na kraju dozvoliti svemu ostalom

KONFIGURACIJA –> AP
welcome – next
ip address -ostavi default DHCP
single point – Do not enable single point setup
time settings next
password stavi nesto, complexity ne, uzmi neki jedostavni
SSID – IT-grupaX  –> prvo ide configuration ITa onda gostiju
dalje no security ili ako pise u ispitu onda nesto stavim i upisem neki password
zatim kojem vlanu bude pripadao taj IT, to pise u ispitu. Sad je IT u 20, a na ispitu mozda bude nesto drugo
enable – yes
guest name – Guest-grupaX
dalje, no security, password nista
vlan ID sad je 30 jer su gosti u 30
dodatna mogucnost da redirecta, ne treba, next
finish
i onda me izbaci van pa se prijavim s onim passwordom koji sam stavila

captive portal
create
Gosti
Save

local users
gost1
postavi neki password
stavi da propada grupi Gosti

instance configuration
umjesto create wiz_cp_inst1
jedino bitno je verification:
izaberi local
user group name: Gosti
save

ACCESS POINT CISCO WAP 321
Na AP-u je potrebno konfigurirati 2 virtualna interface-a VAP0 i VAP1:
VAP0 – vlan id 20 – SSID IT-GrupaX
VAP1 – vlan id 30 – SSID GUEST-GrupaX
Pod tabom LAN interface – potrebno postaviti management vlan id 10 – Vlan u kojem je naš AP