Fat AP WPA-PSK TKIP Config

Model Number : Cisco AIR-AP1042N-T-K9
IOS version : c1140-k9w7-mx.124-25d.JA


相關設定

dot11 ssid jacky
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 12293134250AJACKY252A2D302112121405140E445D
   information-element ssidl advertisement

interface Dot11Radio0
 !
 encryption mode ciphers aes-ccm tkip 
 !
 ssid jacky

Wireless AP MAC packet filter

一、定義 ACL

access-list 700 permit 000c.f11c.c611   0000.0000.0000
access-list 700 permit 0040.96a5.aa22   0000.0000.0000
access-list 700 deny   0000.0000.0000   ffff.ffff.ffff

二、apply ACL

interface Dot11Radio0
bridge-group 1 input-address-list 700

Cisco ASA failover HA config

說明：Cisco ASA failover active standby unit 固定 ip

   例：ip address 172.16.1.253 255.255.255.0 standby 172.16.1.252

   不管 active / standby unit 切換，

   只要 active unit 總是使用 ip 172.16.1.253，standby unit 總是 ip 172.16.1.252 

一、 failover 設定

failover 設定 : primary

failover

failover lan unit primary

failover lan interface failover Management0/0

failover replication http

failover link failover Management0/0

failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

failover 設定 : secondary

failover

failover lan unit secondary

failover lan interface failover Management0/0

failover replication http

failover link failover Management0/0

failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

二、網路接線

所有 ASA interface 接至一台 switch (切vlan) (含 failover interface)

三、查看 failover 狀態

ASA5520# show failover state

               State          Last Failure Reason      Date/Time

This host  -   Primary

               Standby Ready  None

Other host -   Secondary

               Active                None

====Configuration State===

        Sync Done - STANDBY

====Communication State===

        Mac set

ASA5520# failover ?

  active                Make this system to be the active unit of the failover pair

  exec                  Execute command on the designated unit

  reload-standby  Force standby unit to reboot

  reset                  Force an unit or failover group to an unfailed state

四、切換 Active / Standby

ASA5520# failover active  (登入standby那台，將 standby 切換為 active)

五、NAT-T

狀況：當 ipsec vpn 登入內網後，但無法存取任何設備，是 NAT-T 問題，

      Cisco ASA 需下以下指令

      crypto isakmp nat-traversal

JavaScript 另開網頁 限制改網址

開啟Hinet網頁

---------

<p><a href=""javascript://" onClick="window.open('http://www.hinet.net','','menubar=no,status=no,scrollbars=yes,top=20,left=50,toolbar=no,width=800,height=600')">開啟Hinet網頁</a></DIV></FORM>

<p align="center">&nbsp;</p>

----------

HSRP Config

RA#
interface Ethernet0
ip address 171.16.6.5 255.255.255.0
standby 1 ip 171.16.6.100
standby 1 priority 105  (Priority 值大，Active)
standby 1 preempt (int 0 down-> up，搶回 Active)
standby 1 track Serial0  (int down => Priority -10 => standby)

RB#
interface Ethernet0
ip address 171.16.6.6 255.255.255.0
standby 1 ip 171.16.6.100 (可不設，自動學習)
standby 1 preempt
standby 1 track Serial1