Configuracion Aruba y Switch Enterasys

CONFIGURACIÓN WLAN INVITADOS EN ARUBA Y EN LOS SWITCH ENTERASYS Guest WLAN configuration 1 Configure guest VLAN 2 Setup guest AAA server  3 Configure guest accounts 4 Configure guest DHCP services 5 Configure guest SSID 6 Determine guest access policies and rights 7 Define security obects 8 Define guest access scope 9 Configure guest access policies 10 Configure guest user roles 11 Configure guest authentication 12 Configure the first guest laptop Backing up te s!ste" 13 !ac"up the controller 

Caso práctico: Red 192.168.3.0/24, Gateway 192.168.3.1 Quereos co!"#urar u! $witc% &!terasys '2G124(12) co! u!a *+- para dar sericio a os 3 )s ue ora! parte de u!a +- u!to co! u! co!troador rua. $upo!eos ue cada ) se e!cue!tra e! u!a pa!ta disti!ta, por o ue creareos u!a *+- por cada pa!ta, e! e switc%: 1. Coo e! e! todos os os switc% switc% e5iste e5iste por por deecto deecto a *+- 1 coo coo i!tera i!tera de #esti7!. 2. Coproa Coproaos os a a direcci7! direcci7! ) de de switc% switc% s%ow co!"# ip. ip. 192.168.3.60/24 3. Creaos Creaos u!a u!a !uea !uea *+- por cada cada ) de pa!ta, pa!ta, e! !uest !uestro ro caso as as *+- 10,20 y 30 set set a! create 10,20,30. 10,20,30 . 4. si#!aos si#!aos u! !ore !ore descript descriptio io ;)s ;)s>.2>>.2>>.0 @ i!terace a! 10 ip !at i!side @ i!terace a! 10 !o ip i#p pro5y @ i!terace a! 10 !o ip i#p s!oopi!# @

i!terace a! 10 !o ip6 d @ i!terace a! 10 !o cc(optiiatio! i!terace a! 20 ip address 192.168.20.2>4 2>>.2>>.2>>.0 @ i!terace a! 20 ip !at i!side @ i!terace a! 20 !o ip i#p pro5y @ i!terace a! 20 !o ip i#p s!oopi!# @ i!terace a! 20 !o ip6 d @ i!terace a! 20 !o cc(optiiatio! i!terace a! 30 ip address 192.168.30.2>4 2>>.2>>.2>>.0 @ i!terace a! 30 ip !at i!side @ i!terace a! 30 !o ip i#p pro5y @ i!terace a! 30 !o ip i#p s!oopi!# @ i!terace a! 30 !o ip6 d @ i!terace a! 30 !o cc(optiiatio!

#onfiguring te Guest $LAN

i!terace a! 900 ip address 192.168.200.20 2>>.2>>.2>>.0 @ i!terace a! 900 ip !at i!side @ i!terace a! 900 !o ip i#p pro5y @ i!terace a! 900 !o ip i#p s!oopi!# @ i!terace a! 900 !o ip6 d @ i!terace a! 900 !o cc(optiiatio! #onfiguring Guest %&#'

ip d%cp poo A#uest>.2>>.2>>.0 #onfiguring Guest Autentication #reating a guest account a("inistrator ro)e guest-provisioning Guest accounts Here is the procedure to test AAA communications #ith the internal authentication database$ 1 SSH to the controller and login 2 %nter the follo#ing commands$ (Aruba-master) # show aaa auth-server Auth Server Table Pri Name Type IP addr AuthPort Status Inservice Applied match-essid match-FQN trim-FQN --- ---- ---- ------- -------- ------ --------- ------ ----------- ---------- --------! Internal "ocal !$%$&&$&& n'a nabled es SecureI & *adius! *adius !$%$&&$&+% !,!& nabled es (Aruba-master) # aaa test-server Internal guest100 GoAruba Authentication successul

#eckpoint* &e no# have an operational master Aruba controller that is configured #ith$   (   ')uest VLAN  ('&or"ing AAA server guests

#onfiguring te Guest ++,% *samos el #i+ard

Con e comando show vlan o'tenemos esta !n(o"mac!)n* +ans #$e e%!sten , s$s &$e"tos act!+os '2su(s%ow a!  '2su(s%ow a! *+-: 1

-D&: D-G&D&-E

 *+- Eype: 'eaut  &#ress )orts #e.1.12  Foridde! &#ress )orts -o!e.  !ta##ed ports #e.1.12

*+-: 10

-D&: )+-E is set to 1 #e.1.6 is set to 1 #e.1.J is set to 600 #e.1.8 is set to 1 #e.1.9 is set to 1 #e.1.10 is set to 1 #e.1.11 is set to 1 #e.1.12 is set to 600 a#.0.1 is set to 1 a#.0.2 is set to 1 a#.0.3 is set to 1 a#.0.4 is set to 1 a#.0.> is set to 1 a#.0.6 is set to 1

-ost"a" a con./$"ac!)n de os &$e"tos '2su(s%ow co!"# port  E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @

MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Mport set port a! #e.1.1 600 set port a! #e.1.2 600 set port a! #e.1.3 600 set port a! #e.1.J 600 set port a! #e.1.12 600 @ e!d

-ost"a" e estado de cada &$e"to '2su(s%ow port status ias )ort

Oper

di! $peed

tru!cated $tatus $tatus ps

'upe5 Eype

((((((((( (((((((((((( ((((((( ((((((( ((((((((( ((((((( (((((((((((( #e.1.1

p

p

100.0D

#e.1.2

p

p

1.0G

#e.1.3

p

p

100.0D

u

#e.1.4

'ow!

-/

-/

#e.1.>

p

#e.1.6

'ow!

p p p

1.0G -/

u u

u -/

PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o& PaseE R4>/)o&

#e.1.J

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.8

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.9

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.10

'ow!

p

-/

-/

PaseE R4>/)o&

#e.1.11

'ow!

p

-/

-/

Coo R4>/$F)/)o&

#e.1.12

'ow!

p

-/

-/

Coo R4>/$F)/)o&

a#.0.1

'ow!

p

a#

a#.0.2

'ow!

p

a#

a#.0.3

'ow!

p

a#

a#.0.4

'ow!

p

a#

a#.0.>

'ow!

p

a#

a#.0.6

'ow!

p

a#

-ost"a" a con./$"ac!)n I0 '2su(s%ow co!"# ip  E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @ MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Mip set ip address 192.168.3.60 asB 2>>.2>>.2>>.0 #ateway 192.168.3.1 @ e!d

-ost"a" a con./$"ac!)n VLAN '2su(s%ow co!"# a!  E%is coa!d s%ows !o!(deaut co!"#uratio!s o!y. se Ls%ow co!"# aL to s%ow ot% deaut a!d !o!(deaut co!"#uratio!s.

e#i! @ MNNNNN -O-('&F+E CO-FGREO- NNNNN @ @ M Firware Reisio!: 06.03.08.0012 @

Ma! set a! create 600 set a! !ae 1 AD-G&D&-EA set a! !ae 600 AR&' ta##ed set a! e#ress 600 #e.1.1(3#e.1.J#e.1.12 u!ta##ed @ e!d