JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for WIRELESS-ADMIN Archives


WIRELESS-ADMIN Archives

WIRELESS-ADMIN Archives


WIRELESS-ADMIN@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

WIRELESS-ADMIN Home

WIRELESS-ADMIN Home

WIRELESS-ADMIN  May 2007

WIRELESS-ADMIN May 2007

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: JRS Technical Specifation update - consultation

From:

David Sullivan <[log in to unmask]>

Reply-To:

Wireless Issues in the JANET community <[log in to unmask]>

Date:

Thu, 17 May 2007 18:38:07 +0100

Content-Type:

multipart/mixed

Parts/Attachments:

Parts/Attachments

text/plain (43 lines) , ap-config.txt (1 lines)

Wireless Issues in the JANET community wrote:
> Hi,
> 
> no
> 
> bridge-group XX port-protected
> 
> on your wireless vlans?  do you need/want the machines to be
> able to contact each other - especially on an open wifi
> network where any infected nastiness could connect?
> 
The web redirect vlan is configured as in the full (sanitised) config
attached which includes port-protected and the acls that severely limit
the type and destination of traffic.

The snippet was a snippet for simplicity to show how mbssid is
configured and point out the thin software isn't required for multiple
BSSIDs but on reading it again I do actually appear to be contradicting
the documentation, hmm .... :
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configura
tion_guide_chapter09186a0080607106.html#wp1050170


Regards

David

-----------------------------------------------------------------------------
This communication may contain privileged or confidential information which
is for the exclusive use of the intended recipient.  If you are not the
intended recipient, please note that you may not distribute or use this
communication or the information it contains.  If this e-mail has reached you
in error, please delete it and any attachment.

Internet communications are not secure and Barnet College does not accept
legal responsibility for the content of this message.  Any views or opinions
expressed are those of the author and not necessarily those of Barnet College.

Please note that Barnet college reserves the right to monitor the
source/destinations of all incoming or outgoing e-mail communications.
-----------------------------------------------------------------------------



version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname <hostname> ! enable secret 5 XXXXXXX ! led display alternate ip subnet-zero no ip domain lookup ip domain name <domain name> ! ! ip ssh version 2 aaa new-model ! ! aaa group server radius rad_eap server <radius server 1> auth-port 1812 acct-port 1813 server <radius server 2> auth-port 1812 acct-port 1813 ! aaa group server radius rad_mac ! aaa group server radius rad_acct server <radius server 1> auth-port 1812 acct-port 1813 server <radius server 2> auth-port 1812 acct-port 1813 ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa session-id common ! dot11 ssid BC-NET vlan 800 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa accounting acct_methods mbssid guest-mode dot11 ssid BC-WEB vlan 85 authentication open accounting acct_methods guest-mode mbssid guest-mode ! dot11 aaa csid ietf dot11 network-map dot11 arp-cache ! username xxxxx secret 5 xxxxx username yyyyy secret 5 yyyyy ! bridge irb ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 81 mode ciphers aes-ccm tkip ! encryption vlan 82 mode ciphers aes-ccm tkip ! encryption vlan 83 mode ciphers aes-ccm tkip ! encryption vlan 84 mode ciphers aes-ccm tkip ! encryption vlan 800 mode ciphers aes-ccm tkip ! broadcast-key vlan 81 change 240 membership-termination capability-change ! broadcast-key vlan 82 change 240 membership-termination capability-change ! broadcast-key vlan 83 change 240 membership-termination capability-change ! broadcast-key vlan 84 change 240 membership-termination capability-change ! broadcast-key vlan 800 change 240 membership-termination capability-change ! ! ssid BC-NET ! ssid BC-WEB ! mbssid speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2412 station-role root l2-filter bridge-group-acl no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.81 encapsulation dot1Q 81 no ip route-cache bridge-group 81 bridge-group 81 subscriber-loop-control bridge-group 81 block-unknown-source no bridge-group 81 source-learning no bridge-group 81 unicast-flooding bridge-group 81 spanning-disabled ! interface Dot11Radio0.82 encapsulation dot1Q 82 no ip route-cache bridge-group 82 bridge-group 82 subscriber-loop-control bridge-group 82 block-unknown-source no bridge-group 82 source-learning no bridge-group 82 unicast-flooding bridge-group 82 spanning-disabled ! interface Dot11Radio0.83 encapsulation dot1Q 83 no ip route-cache bridge-group 83 bridge-group 83 subscriber-loop-control bridge-group 83 block-unknown-source no bridge-group 83 source-learning no bridge-group 83 unicast-flooding bridge-group 83 spanning-disabled ! interface Dot11Radio0.84 encapsulation dot1Q 84 no ip route-cache bridge-group 84 bridge-group 84 subscriber-loop-control bridge-group 84 block-unknown-source no bridge-group 84 source-learning no bridge-group 84 unicast-flooding bridge-group 84 spanning-disabled ! interface Dot11Radio0.85 encapsulation dot1Q 85 ip access-group bc-web-restrict-in in ip access-group bc-web-restrict-out out no ip route-cache bridge-group 85 bridge-group 85 subscriber-loop-control bridge-group 85 input-type-list 200 bridge-group 85 output-type-list 200 bridge-group 85 port-protected bridge-group 85 block-unknown-source no bridge-group 85 source-learning no bridge-group 85 unicast-flooding bridge-group 85 spanning-disabled ! interface Dot11Radio0.800 encapsulation dot1Q 800 no ip route-cache bridge-group 255 bridge-group 255 subscriber-loop-control bridge-group 255 block-unknown-source no bridge-group 255 source-learning no bridge-group 255 unicast-flooding bridge-group 255 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 81 mode ciphers aes-ccm tkip ! encryption vlan 82 mode ciphers aes-ccm tkip ! encryption vlan 83 mode ciphers aes-ccm tkip ! encryption vlan 84 mode ciphers aes-ccm tkip ! encryption vlan 800 mode ciphers aes-ccm tkip ! broadcast-key vlan 81 change 240 membership-termination capability-change ! broadcast-key vlan 82 change 240 membership-termination capability-change ! broadcast-key vlan 83 change 240 membership-termination capability-change ! broadcast-key vlan 84 change 240 membership-termination capability-change ! broadcast-key vlan 800 change 240 membership-termination capability-change ! ! ssid BC-NET ! no dfs band block mbssid speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 channel dfs station-role root no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1.81 encapsulation dot1Q 81 no ip route-cache bridge-group 81 bridge-group 81 subscriber-loop-control bridge-group 81 block-unknown-source no bridge-group 81 source-learning no bridge-group 81 unicast-flooding bridge-group 81 spanning-disabled ! interface Dot11Radio1.82 encapsulation dot1Q 82 no ip route-cache bridge-group 82 bridge-group 82 subscriber-loop-control bridge-group 82 block-unknown-source no bridge-group 82 source-learning no bridge-group 82 unicast-flooding bridge-group 82 spanning-disabled ! interface Dot11Radio1.83 encapsulation dot1Q 83 no ip route-cache bridge-group 83 bridge-group 83 subscriber-loop-control bridge-group 83 block-unknown-source no bridge-group 83 source-learning no bridge-group 83 unicast-flooding bridge-group 83 spanning-disabled ! interface Dot11Radio1.84 encapsulation dot1Q 84 no ip route-cache bridge-group 84 bridge-group 84 subscriber-loop-control bridge-group 84 block-unknown-source no bridge-group 84 source-learning no bridge-group 84 unicast-flooding bridge-group 84 spanning-disabled ! interface Dot11Radio1.800 encapsulation dot1Q 800 no ip route-cache bridge-group 255 bridge-group 255 subscriber-loop-control bridge-group 255 block-unknown-source no bridge-group 255 source-learning no bridge-group 255 unicast-flooding bridge-group 255 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.81 encapsulation dot1Q 81 no ip route-cache bridge-group 81 no bridge-group 81 source-learning bridge-group 81 spanning-disabled ! interface FastEthernet0.82 encapsulation dot1Q 82 no ip route-cache bridge-group 82 no bridge-group 82 source-learning bridge-group 82 spanning-disabled ! interface FastEthernet0.83 encapsulation dot1Q 83 no ip route-cache bridge-group 83 no bridge-group 83 source-learning bridge-group 83 spanning-disabled ! interface FastEthernet0.84 encapsulation dot1Q 84 no ip route-cache bridge-group 84 no bridge-group 84 source-learning bridge-group 84 spanning-disabled ! interface FastEthernet0.85 encapsulation dot1Q 85 no ip route-cache bridge-group 85 no bridge-group 85 source-learning bridge-group 85 spanning-disabled ! interface FastEthernet0.800 encapsulation dot1Q 800 no ip route-cache bridge-group 255 no bridge-group 255 source-learning bridge-group 255 spanning-disabled ! interface BVI1 ip address <ip address> 255.255.255.0 no ip route-cache ! ip default-gateway <gateway> ip http server ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! ip access-list extended bc-web-restrict-in deny ip host <web redirect gw> any log permit ip any host <web redirect gw> deny ip any <web redirect subnet> permit tcp any any eq www permit tcp any any eq 443 permit tcp any any eq domain permit udp any eq bootpc any eq bootps permit udp any any eq domain permit icmp any any echo permit icmp any any echo-reply permit icmp any any source-quench permit icmp any any packet-too-big permit icmp any any time-exceeded deny ip any any ip access-list extended bc-web-restrict-out deny ip any host <web redirect gw> permit ip host <web redirect gw> any permit tcp any eq www any permit tcp any eq 443 any permit tcp any eq domain any permit udp any eq domain any permit icmp any any echo permit icmp any any echo-reply permit icmp any any source-quench permit icmp any any packet-too-big permit icmp any any time-exceeded deny ip any any access-list 200 permit 0x0806 0x0000 access-list 200 permit 0x0800 0x0000 access-list 200 deny 0x0000 0xFFFF snmp-server community <snmp community> snmp-server location <location> snmp-server enable traps tty radius-server attribute 32 include-in-access-req format %h radius-server host <radius server 1> auth-port 1812 acct-port 1813 key 7 <key> radius-server host <radius server 2> auth-port 1812 acct-port 1813 key 7 <key> radius-server deadtime 2 radius-server vsa send accounting ! control-plane ! bridge 1 route ip ! ! wlccp wds aaa csid ietf ! line con 0 line vty 5 15 ! sntp server <ntp server> sntp broadcast client end

Top of Message | Previous Page | Permalink

JISCMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003


WWW.JISCMAIL.AC.UK

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager