Upload
archibald-hunter
View
213
Download
0
Embed Size (px)
Citation preview
Firewall policiesConfiguration->Security->Access Control->Policies: Add
User roleConfiguration->Security->Access Control->User Roles: Add
Server groupConfiguration->Security->Authentication->Severs->Server Group: Add
802.1x AuthenticationConfiguration->All Profiles->Wireless LAN->802.1x Authentication Profile: Add
AAAConfiguration->All Profiles->Wireless LAN->AAA Profile: Add
SSIDConfiguration->All Profiles->Wireless LAN->SSID Profile: Add
Virtual APConfiguration->All Profiles->Wireless LAN->Virtual AP profile: Add
VLANConfiguration->Network->VLANs: Add
AP GroupConfiguration->AP Configuration: New
AP system profileConfiguration->All Profiles->AP->AP System Profile: Add
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP GroupConfiguration->AP Configuration: <AP-Group-Name>: Edit
Define Authentication ServerConfiguration->Security->Authentication->Severs: <Server Type>: Add
WPA Configuration ExampleWebUI
Firewall policiesip access-list session "EmployeeAccess" any any any permit queue low
User roleuser role Employee access-list session EmployeeAccess
Server groupaaa server-group EmployeeRADIUS auth-server RADIUS01
802.1x Authenticationaaa authentication dot1x EmployeeDot1x termination eap-type eap-peap
AAAaaa profile Employee_AAA dot1x-default-role logon authentication-dot1x EmployeeDot1x
SSIDwlan ssid-profile Employee_SSID essid “corp” opmode wpa2-aes
Virtual APwlan virtual-ap Employee_VAPaaa-profile Employee_AAAssid-profile Employee_SSID vlan 200 forward-mode tunnel
VLANvlan 200
AP Groupap-group Sunnyvale_APs
AP system profileap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP Groupap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile
Define Authentication Serveraaa authentication-server RADIUS01 . . .
WPA Configuration ExampleCLI
Firewall policiesConfiguration->Security->Access Control->Policies: Add
User roleConfiguration->Security->Access Control->User Roles: Add
Server groupConfiguration->Security->Authentication->Severs->Server Group: Add
Captive Portal AuthenticationConfiguration->All Profiles->Wireless LAN->Captive Portal Authentication Profile: Add +Server Group == <Server Group>
AAAConfiguration->All Profiles->Wireless LAN->AAA Profile: Add
SSIDConfiguration->All Profiles->Wireless LAN->SSID Profile: Add
Virtual APConfiguration->All Profiles->Wireless LAN->Virtual AP profile: Add
VLANConfiguration->Network->VLANs: Add
AP GroupConfiguration->AP Configuration: New
AP system profileConfiguration->All Profiles->AP->AP System Profile: Add
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP GroupConfiguration->AP Configuration: <AP-Group-Name>: Edit
Define Authentication ServerConfiguration->Security->Authentication->Severs: <Server Type>: Add
Captive Portal Configuration ExampleWebUI
Assign Captive Portal ProfileConfiguration->Security->Access Control->User Roles: <Guest Role>: Edit
Firewall policiesip access-list session ”GuestAccess" any any any permit queue low
User roleUser-role guest access-list session GuestAccess
Server groupaaa server-group GuestAuthServers auth-server GuestAuthServer
Captive Portal Authenticationaaa authentication captive-portal GuestCP server-group “internal”
AAAaaa profile Guest_AAA initial-role logon
SSIDwlan ssid-profile Guest_SSID essid “guest” opmode opensystem
Virtual APwlan virtual-ap Guest_VAPaaa-profile Guest_AAAssid-profile Guest_SSID vlan 900 forward-mode tunnel
VLANvlan 900
AP Groupap-group Sunnyvale_APs
AP system profileap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP Groupap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile
Define Authentication Serveraaa authentication-server GuestAuthServer . . .
Captive Portal Configuration ExampleCLI
Assign Captive Portal ProfileUser-role guest captive-portal GuestCP
Firewall policiesConfiguration->Security->Access Control->Policies: Add
User roleConfiguration->Security->Access Control->User Roles: Add
SSIDConfiguration->All Profiles->Wireless LAN->SSID Profile: Add
Virtual APConfiguration->All Profiles->Wireless LAN->Virtual AP profile: Add
VLANConfiguration->Network->VLANs: Add
AP GroupConfiguration->AP Configuration: New
AP system profileConfiguration->All Profiles->AP->AP System Profile: Add
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP GroupConfiguration->AP Configuration: <AP-Group-Name>: Edit
WEP Configuration ExampleWebUI
Firewall policiesip access-list session "EmployeeAccess" any any any permit queue low
User roleuser role Employee access-list session EmployeeAccess
SSIDwlan ssid-profile WEP_SSID wepkey1 deadbeef99 opmode static-wep
Virtual APwlan virtual-ap WEP_VAPssid-profile WEP_SSID vlan 210 forward-mode tunnel
VLANvlan 200
AP Groupap-group Sunnyvale_APs
AP system profileap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1
Non-Profile Configuration Security Profile Configuration
WLAN Configuration
AP Configuration
Assign VAP to AP Groupap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile
WEP Configuration ExampleCLI