Configuracion Aruba y Switch Enterasys

CONFIGURACIN WLAN INVITADOS EN ARUBA Y EN
LOS SWITCH ENTERASYS

Guest WLAN configuration
1 Configure guest VLAN
2 Setup guest AAA server
3 Configure guest accounts
4 Configure guest DHCP services
5 Configure guest SSID
6 Determine guest access policies and rights
7 Define security objects
8 Define guest access scope
9 Configure guest access policies
10 Configure guest user roles
11 Configure guest authentication
12 Configure the first guest laptop
Backing up the system
13 Backup the controller
Caso prctico: Red 192.168.3.0/24, Gateway 192.168.3.1

Queremos configurar un Switch Enterasys D2G124-12P con una VLAN para
dar servicio a los 3 APs que forman parte de una WLAN junto con un
controlador Aruba. Suponemos que cada AP se encuentra en una planta
distinta, por lo que crearemos una VLAN por cada planta, en el switch:
1. Como en todos los switch existe por defecto la VLAN 1 como interfaz
de gestin.
2. Comprobamos la direccin IP del switch (show config ip).
192.168.3.60/24
3. Creamos una nueva VLAN por cada AP de planta, en nuestro caso las
VLAN 10,20 y 30 (set vlan create 10,20,30).
4. Asignamos un nombre descriptivo APs_Aruba (set vlan name 600
APs_Aruba).
5. Indicamos los puertos que participan de la VLAN 600, en nuestro caso
usamos los puertos ge.1.1, ge.1.3 y ge.1.5 para conectar los 3 APs:
set port vlan ge.1.1 10 modify-egress
Las tramas pasan sin etiquetar (untagged). Ojo este comando
elimina otras VLAN que existan en esos puertos.
En el controlador tambin creamos las VLAN:
interface vlan 10
ip address 192.168.10.254 255.255.255.0
!
interface vlan 10 ip nat inside
!
interface vlan 10 no ip igmp proxy
!
interface vlan 10 no ip igmp snooping
!
interface vlan 10 no ipv6 mld

!
interface vlan 10 no bcmc-optimization
interface vlan 20
ip address 192.168.20.254 255.255.255.0
!
!
!
!
!
interface vlan 30
ip address 192.168.30.254 255.255.255.0
!
!
!
!
!
Configuring the Guest VLAN

interface vlan 900
ip address 192.168.200.20 255.255.255.0
!
!
!
!
!
Configuring Guest DHCP
ip dhcp pool "guest_pool"

default-router 192.168.200.20
dns-server 192.168.3.1
lease 0 8 0
network 192.168.200.0 255.255.255.0
Configuring Guest Authentication
Creating a guest account administrator role guest-provisioning
Guest accounts
Here is the procedure to test AAA communications with the internal
authentication database:
1 SSH to the controller and login
2 Enter the following commands:
(Aruba-master) #show aaa auth-server
Auth Server Table
Pri Name Type IP addr AuthPort Status Inservice
Applied match-essid match-FQDN trim-FQDN
--- ---- ---- ------- -------- ------ --------- ------ ----------- ---------- --------1 Internal Local 10.3.22.220 n/a Enabled Yes
SecureID
2 Radius01 Radius 10.3.22.253 1812 Enabled Yes
(Aruba-master) #aaa test-server Internal guest100 GoAruba
Authentication successful
Checkpoint! We now have an operational master Aruba controller that is configured
with:
Guest VLAN Working AAA server guests
Configuring the Guest SSID

Usamos el wizard
Con el comando show vlan obtenemos esta informacin, vlans que
existen y sus puertos activos
D2(su)->show vlan
D2(su)->show vlan
VLAN: 1
NAME: MANAGEMENT
VLAN Type: Default

Egress Ports
ge.1.12
Forbidden Egress Ports
None.
Untagged ports
ge.1.12
VLAN: 10
NAME: PLANTA_1
VLAN Type: Permanent

Egress Ports
ge.1.1, ge.1.12
None.
Untagged ports
ge.1.1
VLAN: 20
NAME: PLANTA_2

Egress Ports
ge.1.2, ge.1.12
None.
Untagged ports
ge.1.2
VLAN: 30
NAME: PLANTA_3

Egress Ports
ge.1.3, ge.1.12
None.
Untagged ports
ge.1.3
VLAN: 100
NAME:

Egress Ports
ge.1.1-3, ge.1.12
None.
Untagged ports
None.
VLAN: 900
NAME:

Egress Ports
ge.1.1-3, ge.1.12
None.
Untagged ports
None.
Nota: Puertos activos (Egress Ports) Puertos no etiquetados (Untagged
ports) = Puertos etiquetados (Tagged ports).
Con el comando show vlan static obtenemos esta informacin
D2(su)->show vlan static

VLAN: 1
NAME: DEFAULT VLAN
VLAN Type: Default

Egress Ports
ge.1.4-6, ge.1.8-11, lag.0.1-6
None.
Untagged ports
ge.1.4-6, ge.1.8-11, lag.0.1-6
VLAN: 600
NAME:

Egress Ports
ge.1.1-3, ge.1.5, ge.1.7, ge.1.12
None.
Untagged ports
ge.1.1-3, ge.1.7, ge.1.12
Mostrar la VLAN de configuracin

D2(su)->show host vlan
Host vlan is 1
Mostrar los puertos en cada VLAN
D2(su)->show port egress
Port
Number
Vlan
Egress
Registration
Id
Status
Status
-----------------------------------------------------------ge.1.1
600
untagged
static
ge.1.2
600
untagged
static
ge.1.3
600
untagged
static
ge.1.5
ge.1.5
600
untagged
tagged
static
static
Mostrar el PVID de cada puerto

D2(su)->show port vlan
ge.1.1 is set to 600
ge.1.4 is set to 1
ge.1.5 is set to 1
ge.1.6 is set to 1
ge.1.8 is set to 1
ge.1.9 is set to 1
ge.1.10 is set to 1
ge.1.11 is set to 1
lag.0.1 is set to 1
lag.0.2 is set to 1
lag.0.3 is set to 1
lag.0.4 is set to 1
lag.0.5 is set to 1
lag.0.6 is set to 1
Mostrar la configuracin de los puertos

D2(su)->show config port
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
begin
!
#***** NON-DEFAULT CONFIGURATION *****

!
!
# Firmware Revision: 06.03.08.0012
!
#port
set port vlan ge.1.1 600
!
end
Mostrar el estado de cada puerto

D2(su)->show port status
Alias
Port
Oper
Admin Speed
(truncated) Status Status (bps)
Duplex Type
--------- ------------ ------- ------- --------- ------- -----------ge.1.1
Up
Up
100.0M
ge.1.2
Up
Up
1.0G
ge.1.3
Up
Up
100.0M
full
ge.1.4
Down
N/A
N/A
ge.1.5
Up
ge.1.6
Down
Up
Up
Up
1.0G
N/A
full
full
full
N/A
BaseT RJ45/PoE
BaseT RJ45/PoE
BaseT RJ45/PoE
BaseT RJ45/PoE
BaseT RJ45/PoE
BaseT RJ45/PoE
ge.1.7
Down
Up
N/A
N/A
BaseT RJ45/PoE
ge.1.8
Down
Up
N/A
N/A
BaseT RJ45/PoE
ge.1.9
Down
Up
N/A
N/A
BaseT RJ45/PoE
ge.1.10
Down
Up
N/A
N/A
BaseT RJ45/PoE
ge.1.11
Down
Up
N/A
N/A
Combo RJ45/SFP/PoE
ge.1.12
Down
Up
N/A
N/A
Combo RJ45/SFP/PoE
lag.0.1
Down
Up
lag
lag.0.2
Down
Up
lag
lag.0.3
Down
Up
lag
lag.0.4
Down
Up
lag
lag.0.5
Down
Up
lag
lag.0.6
Down
Up
lag
Mostrar la configuracin IP
D2(su)->show config ip
begin
!
!
!
!
#ip
set ip address 192.168.3.60 mask 255.255.255.0 gateway 192.168.3.1
!
end
Mostrar la configuracin VLAN

D2(su)->show config vlan
begin
!
!
!
!
#vlan
set vlan create 600
set vlan name 1 "MANAGEMENT"
set vlan name 600 "RED_ARUBA"
clear vlan egress 1 ge.1.1-3;ge.1.7;ge.1.12
set vlan egress 600 ge.1.5 tagged
set vlan egress 600 ge.1.1-3;ge.1.7;ge.1.12 untagged
!
end

Configuracion Aruba y Switch Enterasys

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Configuracion Aruba y Switch Enterasys

Caricato da

Copyright:

Formati disponibili

CONFIGURACIN WLAN INVITADOS EN ARUBA Y EN

LOS SWITCH ENTERASYS

Caso prctico: Red 192.168.3.0/24, Gateway 192.168.3.1

interface vlan 10 no ipv6 mld

Configuring the Guest VLAN

Configuring Guest DHCP

ip dhcp pool "guest_pool"

Configuring the Guest SSID

VLAN Type: Default

VLAN Type: Permanent

VLAN Type: Permanent

VLAN Type: Permanent

VLAN Type: Permanent

VLAN Type: Permanent

Con el comando show vlan static obtenemos esta informacin

D2(su)->show vlan static

NAME: DEFAULT VLAN

VLAN Type: Default

VLAN Type: Permanent

Mostrar la VLAN de configuracin

Mostrar el PVID de cada puerto

Mostrar la configuracin de los puertos

#***** NON-DEFAULT CONFIGURATION *****

Mostrar el estado de cada puerto

(truncated) Status Status (bps)

--------- ------------ ------- ------- --------- ------- -----------ge.1.1

Mostrar la configuracin VLAN

Potrebbero piacerti anche

#* NON-DEFAULT CONFIGURATION *