{"id":310,"date":"2018-05-04T09:53:43","date_gmt":"2018-05-04T08:53:43","guid":{"rendered":"http:\/\/darko-keric.from.hr\/?p=310"},"modified":"2018-05-04T09:53:43","modified_gmt":"2018-05-04T08:53:43","slug":"wifi","status":"publish","type":"post","link":"http:\/\/darko-keric.from.hr\/?p=310","title":{"rendered":"WiFi"},"content":{"rendered":"

SWITCH<\/p>\n

vlan 10
\nname nesto
\nvlan 20
\nname IT
\nvlan 30
\nname Guest<\/p>\n

interface FastEthernet1\/0\/1
\ndescription veza prema routeru \u2013 na svaki interface OBAVEZNO stavljati description !!!
\nswitchport trunk encapsulation dot1q
\nswitchport mode trunk allowed vlan 1,10,20,30 \u2013 potrebno je to\u010dno specificirati VALN-ove!!!
\nswitchport mode trunk
\n!
\ninterface FastEthernet1\/0\/2
\ndescription AP
\nswitchport trunk encapsulation dot1q
\nswitchport trunk allowed vlan 1,10,20,30
\nswitchport mode trunk
\n!
\ninterface FastEthernet1\/0\/3
\ndescription PC
\nswitchport access vlan 1 – ovo se ne pi\u0161e tj. ostaje u defaultnom vlan-u
\nswitchport mode access
\nspanning-tree portfast
\n!
\ninterface VLAN 1
\nip address 192.168.1.2 255.255.255.0 \u2013 mo\u017ee se staviti bilo koji ip iz range-a za management
\n!
\nLine vty 0 15 \u2013 omogu\u0107ujemo udaljeni pristup (telnet)
\nPassword xxxx \u2013 stavite po \u017eelji
\nno ip domain-lookup<\/p>\n

line con 0
\nlogging synchronous
\npass class
\nlogin
\nline vty 0 15
\npass class
\nlogin
\nenab sec class<\/p>\n

ROUTER<\/p>\n

ip dhcp pool IT-GrupaX \u2013 naziv pool-a stavljate po \u017eelji
\nnetwork 192.168.20.0 255.255.255.0
\ndns-server 8.8.8.8
\ndefault-router 192.168.20.1
\n!
\nip dhcp pool GUEST-GrupaX
\nnetwork 192.168.30.0 255.255.255.0
\ndns-server 8.8.8.8
\ndefault-router 192.168.30.1
\n!
\nip dhcp pool AP
\nnetwork 192.168.10.0 255.255.255.0
\ndefault-router 192.168.10.1
\ndns-server 8.8.8.8
\n!
\nip dhcp pool PC
\nnetwork 192.168.2.0 255.255.255.0
\ndns-server 8.8.8.8
\ndefault-router 192.168.2.254
\n!
\ninterface FastEthernet0\/0
\ntu samo no shu
\n!
\ninterface FastEthernet0\/0.1
\nencapsulation dot1Q 1 \u2013 enkapsulacija po vlanu kojem pripada
\nip address 192.168.1.1 255.255.255.0
\nip nat inside \u2013 naredba za NAT ide na svaki subinterface da bi vam radio pristup na Internet
\n!
\ninterface FastEthernet0\/0.10
\ndescription AP
\nencapsulation dot1Q 10
\nip address 192.168.10.1 255.255.255.0
\nip nat inside
\nip virtual-reassembly
\n!
\ninterface FastEthernet0\/0.20
\ndescription IT
\nencapsulation dot1Q 20
\nip address 192.168.20.1 255.255.255.0
\nip nat inside
\nip virtual-reassembly
\n!
\ninterface FastEthernet0\/0.30
\ndescription GUEST
\nencapsulation dot1Q 30
\nip address 192.168.30.1 255.255.255.0
\nip nat inside
\nip virtual-reassembly
\naccess-group GUEST in \u2013 primjenjujemo acc listu za goste
\n!
\ninterface FastEthernet0\/1
\ndescription WAN
\nip address 10.10.2.15X 255.255.255.0
\nip nat outside \u2013 na WAN su\u010delje obavezno se stavlja naredba nat outside!!!
\nip virtual-reassembly
\nduplex auto<\/p>\n

ip route 0.0.0.0 0.0.0.0 10.10.2.254 \u2013 ne zaboravite staviti defaultnu rutu s next hop adresom!!!
\n!
\nip nat inside source list WIFI interface FastEthernet0\/1 overload \u2013 sav promet se natira u wan int.
\n!
\nip access-list extended WIFI \u2013 access lista potrebna za nat mo\u017ee standardna ili extended !!!
\npermit ip 192.168.1.0 0.0.0.255 any
\npermit ip 192.168.10.0 0.0.0.255 any
\npermit ip 192.168.20.0 0.0.0.255 any
\npermit ip 192.168.30.0 0.0.0.255 any
\n!
\nip access-list extended GUEST \u2013 dopu\u0161tamo gostima samo izlaz na Internet, cijeli LAN zabranjujemo
\ndeny ip 192.168.30.0 0.0.0.255 192.168.1.0 0.0.0.255
\ndeny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
\ndeny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
\npermit ip any any \u2013 ne zaboravite na kraju dozvoliti svemu ostalom<\/p>\n

KONFIGURACIJA –> AP
\nwelcome – next
\nip address -ostavi default DHCP
\nsingle point – Do not enable single point setup
\ntime settings next
\npassword stavi nesto, complexity ne, uzmi neki jedostavni
\nSSID – IT-grupaX  –> prvo ide configuration ITa onda gostiju
\ndalje no security ili ako pise u ispitu onda nesto stavim i upisem neki password
\nzatim kojem vlanu bude pripadao taj IT, to pise u ispitu. Sad je IT u 20, a na ispitu mozda bude nesto drugo
\nenable – yes
\nguest name – Guest-grupaX
\ndalje, no security, password nista
\nvlan ID sad je 30 jer su gosti u 30
\ndodatna mogucnost da redirecta, ne treba, next
\nfinish
\ni onda me izbaci van pa se prijavim s onim passwordom koji sam stavila<\/p>\n

captive portal
\ncreate
\nGosti
\nSave<\/p>\n

local users
\ngost1
\npostavi neki password
\nstavi da propada grupi Gosti<\/p>\n

instance configuration
\numjesto create wiz_cp_inst1
\njedino bitno je verification:
\nizaberi local
\nuser group name: Gosti
\nsave<\/p>\n

ACCESS POINT CISCO WAP 321
\nNa AP-u je potrebno konfigurirati 2 virtualna interface-a VAP0 i VAP1:
\nVAP0 \u2013 vlan id 20 \u2013 SSID IT-GrupaX
\nVAP1 \u2013 vlan id 30 \u2013 SSID GUEST-GrupaX
\nPod tabom LAN interface \u2013 potrebno postaviti management vlan id 10 \u2013 Vlan u kojem je na\u0161 AP<\/p>\n","protected":false},"excerpt":{"rendered":"

SWITCH vlan 10 name nesto vlan 20 name IT vlan 30 name Guest interface FastEthernet1\/0\/1 description veza prema routeru \u2013 na svaki interface OBAVEZNO stavljati description !!! switchport trunk encapsulation dot1q switchport mode trunk allowed vlan 1,10,20,30 \u2013 potrebno je … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":348,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[5],"tags":[],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n