Configuracion Aruba y Switch Enterasys

CONFIGURACIÓN WLAN INVITADOS EN ARUBA Y EN LOS SWITCH ENTERASYS Guest WLAN configuration 1 Configure guest VLAN 2 Setup guest AAA server 3 Configure guest accounts 4 Configure guest DHCP services 5 Configure guest SSID 6 Determine guest access policies and rights 7 Define security obects 8 Define guest access scope 9 Configure guest access policies 10 Configure guest user roles 11 Configure guest authentication 12 Configure the first guest laptop Backing up te s!ste" 13 !ac"up the controller

Caso práctico: Red 192.168.3.0/24, Gateway 192.168.3.1 Quereos co!"#urar u! $witc% &!terasys '2G124(12) co! u!a *+- para dar sericio a os 3 )s ue ora! parte de u!a +- u!to co! u! co!troador rua. $upo!eos ue cada ) se e!cue!tra e! u!a pa!ta disti!ta, por o ue creareos u!a *+- por cada pa!ta, e! e switc%: 1. Coo e! e! todos os os switc% switc% e5iste e5iste por por deecto deecto a *+- 1 coo coo i!tera i!tera de #esti7!. 2. Coproa Coproaos os a a direcci7! direcci7! ) de de switc% switc% s%ow co!"# ip. ip. 192.168.3.60/24 3. Creaos Creaos u!a u!a !uea !uea *+- por cada cada ) de pa!ta, pa!ta, e! !uest !uestro ro caso as as *+- 10,20 y 30 set set a! create 10,20,30. 10,20,30 . 4. si#!aos si#!aos u! !ore !ore descript descriptio io ;)s ;)s<rua <rua= = set set a! !ae 600 )s<rua. )s<rua . >. !dicaos !dicaos os os puertos puertos ue particip participa! a! de a *+- 600, 600, e! !uestr !uestro o caso usaos os puertos #e.1.1, #e.1.3 y #e.1.> para co!ectar os 3 )s: )s: set port a! #e.1.1 10 odiy(e#ress set port a! #e.1.2 20 odiy(e#ress set port a! #e.1.3 30 odiy(e#ress +as traas pasa! si! etiuetar u!ta##ed. Ojo este comando e!m!na ot"as VLAN #$e e%!stan en esos &$e"tos . &! e co!troador tai?! creaos as *+-: i!terace a! 10 ip address 192.168.10.2>4 2>>.2>>.2>>.0 @ i!terace a! 10 ip !at i!side @ i!terace a! 10 !o ip i#p pro5y @ i!terace a! 10 !o ip i#p s!oopi!# @

i!terace a! 10 !o ip6 d @ i!terace a! 10 !o cc(optiiatio! i!terace a! 20 ip address 192.168.20.2>4 2>>.2>>.2>>.0 @ i!terace a! 20 ip !at i!side @ i!terace a! 20 !o ip i#p pro5y @ i!terace a! 20 !o ip i#p s!oopi!# @ i!terace a! 20 !o ip6 d @ i!terace a! 20 !o cc(optiiatio! i!terace a! 30 ip address 192.168.30.2>4 2>>.2>>.2>>.0 @ i!terace a! 30 ip !at i!side @ i!terace a! 30 !o ip i#p pro5y @ i!terace a! 30 !o ip i#p s!oopi!# @ i!terace a! 30 !o ip6 d @ i!terace a! 30 !o cc(optiiatio!

#onfiguring te Guest $LAN

i!terace a! 900 ip address 192.168.200.20 2>>.2>>.2>>.0 @ i!terace a! 900 ip !at i!side @ i!terace a! 900 !o ip i#p pro5y @ i!terace a! 900 !o ip i#p s!oopi!# @ i!terace a! 900 !o ip6 d @ i!terace a! 900 !o cc(optiiatio! #onfiguring Guest %&#'

ip d%cp poo A#uest>.2>>.2>>.0 #onfiguring Guest Autentication #reating a guest account a("inistrator ro)e guest-provisioning Guest accounts Here is the procedure to test AAA communications #ith the internal authentication database$ 1 SSH to the controller and login 2 %nter the follo#ing commands$ (Aruba-master) # show aaa auth-server Auth Server Table Pri Name Type IP addr AuthPort Status Inservice Applied match-essid match-FQN trim-FQN --- ---- ---- ------- -------- ------ --------- ------ ----------- ---------- --------! Internal "ocal !$%$&&$&& n'a nabled es SecureI & *adius! *adius !$%$&&$&+% !,!& nabled es (Aruba-master) # aaa test-server Internal guest100 GoAruba Authentication successul

#eckpoint* &e no# have an operational master Aruba controller that is configured #ith$ ( ')uest VLAN ('&or"ing AAA server guests

#onfiguring te Guest ++,% *samos el #i+ard

Con e comando show vlan o'tenemos esta !n(o"mac!)n* +ans #$e e%!sten , s$s &$e"tos act!+os '2su(s%ow a! '2su(s%ow a! *+-: 1

-D&: D-G&D&-E

*+- Eype: 'eaut &#ress )orts #e.1.12 Foridde! &#ress )orts -o!e. !ta##ed ports #e.1.12

*+-: 10

-D&: )+-E<1

*+- Eype: )era!e!t &#ress )orts #e.1.1, #e.1.12 Foridde! &#ress )orts -o!e. !ta##ed ports #e.1.1

*+-: 20

-D&: )+-E<2


*+-: 30

-D&: )+-E<3


*+-: 100

-D&:

*+- Eype: )era!e!t &#ress )orts #e.1.1(3, #e.1.12 Foridde! &#ress )orts -o!e. !ta##ed ports -o!e. *+-: 900

-D&:

*+- Eype: )era!e!t &#ress )orts #e.1.1(3, #e.1.12 Foridde! &#ress )orts -o!e. !ta##ed ports -o!e. -ota: )uertos actios &#ress )orts H )uertos !o etiuetados !ta##ed ports I )uertos etiuetados Ea##ed ports.

Con e comando show vlan static o'tenemos esta !n(o"mac!)n

'2su(s%ow a! static *+-: 1

-D&: '&F+E *+-

*+- Eype: 'eaut &#ress )orts #e.1.4(6, #e.1.8(11, a#.0.1(6 Foridde! &#ress )orts

-o!e. !ta##ed ports #e.1.4(6, #e.1.8(11, a#.0.1(6

*+-: 600

-D&:

*+- Eype: )era!e!t &#ress )orts #e.1.1(3, #e.1.>, #e.1.J, #e.1.12 Foridde! &#ress )orts -o!e. !ta##ed ports #e.1.1(3, #e.1.J, #e.1.12

-ost"a" a VLAN de con./$"ac!)n '2su(s%ow %ost a! Kost a! is 1

-ost"a" os &$e"tos en cada VLAN '2su(s%ow port e#ress

)ort -uer

*a!

&#ress

Re#istratio!

d

$tatus

$tatus

(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( #e.1.1

600

u!ta##ed

static

#e.1.2

600

u!ta##ed

static

#e.1.3

600

u!ta##ed

static

#e.1.>

1

#e.1.>

600

u!ta##ed ta##ed

static static

-ost"a" e 0VID de cada &$e"to '2su(s%ow port a! #e.1.1 is set to 600 #e.1.2 is set to 600 #e.1.3 is set to 600 #e.1.4 is set to 1 #e.1.> is set to 1 #e.1.6 is set to 1 #e.1.J is set to 600 #e.1.8 is set to 1 #e.1.9 is set to 1 #e.1.10 is set to 1 #e.1.11 is set to 1 #e.1.12 is set to 600 a#.0.1 is set to 1 a#.0.2 is set to 1 a#.0.3 is set to 1 a#.0.4 is set to 1 a#.0.> is set to 1 a#.0.6 is set to 1

-ost"a" a con./$"ac!)n de os &$e"tos '2su(s%ow co!"# port E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @

MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Mport set port a! #e.1.1 600 set port a! #e.1.2 600 set port a! #e.1.3 600 set port a! #e.1.J 600 set port a! #e.1.12 600 @ e!d

-ost"a" e estado de cada &$e"to '2su(s%ow port status ias )ort

Oper

di! $peed

tru!cated $tatus $tatus ps

'upe5 Eype

((((((((( (((((((((((( ((((((( ((((((( ((((((((( ((((((( (((((((((((( #e.1.1

p

p

100.0D

#e.1.2

p

p

1.0G

#e.1.3

p

p

100.0D

u

#e.1.4

'ow!

-/

-/

#e.1.>

p

#e.1.6

'ow!

p p p

1.0G -/

u u

u -/

PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o&

#e.1.J

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.8

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.9

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.10

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.11

'ow!

p

-/

-/

Coo R4>/$F)/)o&

#e.1.12

'ow!

p

-/

-/

Coo R4>/$F)/)o&

a#.0.1

'ow!

p

a#

a#.0.2

'ow!

p

a#

a#.0.3

'ow!

p

a#

a#.0.4

'ow!

p

a#

a#.0.>

'ow!

p

a#

a#.0.6

'ow!

p

a#

-ost"a" a con./$"ac!)n I0 '2su(s%ow co!"# ip E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @ MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Mip set ip address 192.168.3.60 asB 2>>.2>>.2>>.0 #ateway 192.168.3.1 @ e!d

-ost"a" a con./$"ac!)n VLAN '2su(s%ow co!"# a! E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @ MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Ma! set a! create 600 set a! !ae 1 AD-G&D&-EA set a! !ae 600 AR&'<RPA cear a! e#ress 1 #e.1.1(3#e.1.J#e.1.12 set a! e#ress 600 #e.1.> ta##ed set a! e#ress 600 #e.1.1(3#e.1.J#e.1.12 u!ta##ed @ e!d

Configuracion Aruba y Switch Enterasys

Recommend Documents