VLAN 1 10.3.0.0/19 .1 ROUTER1 255.255.240.

0
.2 SWITCH
.3 AP

VLAN 100 10.3.32.0/19 .1 ROUTER1

VLAN 200 10.3.64.0/19 .1 ROUTER1

VLAN 300 10.3.128.0/19 .1 ROUTER1

RADIUS 10.3.160.0/19 .1 ROUTER2

.10 RADIUS

SERIAL 10.3.192.0/30 .192.1 R1

.192.2 R2
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;
ROUTER-LIMA

CONFIGURACIONES BASICAS
!
hostname R-LIMA
service password-encryption
banner motd "ACCESO RESTRINGIDO"
enable secret class
service password-encryption
!
banner motd #ACCESO RESTRINGIDO#
!
ip domain-name grupo3.com
ip ssh authentication-retries 4
ip ssh time-out 10
crypto key generate rsa
//1024
!
username bcamacho secret bcamacho
username ggrabiel secret ggrabiel
uSername vhuaytan secret vhuaytan

!
line vty 0 4
exec-timeout 3
login local
transport input ssh
!
!CONTRASE�A CABLE CONSOLA
line console 0
password cisco
login

-----------------------------------------------------------
CONFIGURACION DE INTERFACES
#interface con salida a internet

interface f0/1
ip address 172.17.2.60 255.255.252.0
no shutdown
exit
#interface internas

interface f0/0
no shutdown
exit

interface f0/0.1
encapsulation dot1Q 1 native
ip address 10.3.0.1 255.255.224.0
exit

interface f0/0.100
encapsulation dot1q 100
ip address 10.3.32.1 255.255.224.0
exit

interface f0/0.200
encapsulation dot1q 200
ip address 10.3.64.1 255.255.224.0
exit

interface f0/0.300
encapsulation dot1q 300
ip address 10.3.128.1 255.255.224.0
exit

interface s0/2/0
ip address 10.3.192.1 255.255.255.252
no shutdown
-----------------------------------------------------------

#CREACION DE DHCP CON EXCLUSIONBES DE IPS

ip dhcp excluded-address 10.3.32.1 10.3.32.10

ip dhcp pool DATOS
network 10.3.32.0 255.255.224.0
default-router 10.3.32.1
dns-server 8.8.8.8

ip dhcp excluded-address 10.3.64.1 10.3.64.10

ip dhcp pool VOZ
network 10.3.64.0 255.255.224.0
default-router 10.3.64.1
dns-server 8.8.8.8
exit

ip dhcp excluded-address 10.3.128.1 10.3.128.10

ip dhcp pool ADMIN
network 10.3.128.0 255.255.224.0
default-router 10.3.128.1
dns-server 8.8.8.8
exit
---------------------------------------------------
router rip
version 2
network 10.0.0.0
default-information originate

------------------------------------------------------
#ENRUTAMIEENTO DE LA RED
Ip route 0.0.0.0 0.0.0.0 172.17.3.254
-------------------------------------------------------
#NATEO

ip nat inside source list 30 interface f0/1 overload

access-list 30 permit 10.3.0.0 0.0.31.255
access-list 30 permit 10.3.32.0 0.0.31.255
access-list 30 permit 10.3.64.0 0.0.31.255
access-list 30 permit 10.3.128.0 0.0.31.255
access-list 30 permit 10.3.160.0 0.0.31.255
------------------------------------------------------------
DEFINIMOS LAS INTERFACES PARA EL NATEO

interface f0/0.1
ip nat inside

interface f0/0.100
ip nat inside
interface f0/0.200
ip nat inside

interface f0/0.300
ip nat inside

interface s0/2/0
ip nat inside

interface f0/1
ip nat outside

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ROUTER ICA
!CONFIGURANDO LAS INTERFACES
!
interface f0/1
ip address 10.3.160.1 255.255.224.0
no shutdown
!
interface s0/2/0
ip address 10.3.192.2 255.255.255.252
no shutdown
!
----------------------------------
!ROUTER RIP
!
router rip
version 2
network 10.0.0.0
!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
!SW-GRUPO3
!
hostname SW-GRUPO6
service password-encryption
enable secret class
!
ip domain-name grupo3.com
ip ssh authentication-retries 4
ip ssh time-out 10
crypto key generate rsa
//1024
!
username bcamacho secret bcamacho
username ggrabiel secret ggrabiel
uSername vhuaytan secret vhuaytan
!
line vty 0 4
login local
transport input ssh
!
line console 0
password cisco
login
!
-------------------------------------
vlan�s
-------------------------------------
vlan 100
name DATOS
vlan 200
name VOZ
vlan 300
name ADMIN
!
interface range f0/1 - 8
switchport mode access
switchport access vlan 100
!
interface range f0/9 - 16
switchport mode access
switchport access vlan 200
!
interface range f0/17 - 24
switchport mode access
switchport access vlan 300
!
interface range g0/1 - 2
switchport mode trunk
switchport trunk native vlan 1

!
-----------------------------------
!CONFIGURANDO LA INTERFACE VLAN
!
interface vlan 1
ip address 10.3.0.2 255.255.224.0
no shutdown
!
______________________________________________________
______________________________________________________
!CONFIGURANDO EL SERVIDOR RADIUS
!
AUTENTICACION RADIUS --> WPA2/ENTERPRISE--> IP SERVIDOR
PUERTOS: 1812 AUTENTHICATION
1813 ACCOUNTING
192.168.10.0/24 CLAVE COMPARTIDA: marina2018

-------------------------------------------------------------
�QUE DEBEMOS CONFIGURAR?

EDIT | -CLAVE COMPARTIDA

RADIUS | -IP DEL CLIENTE: AUTENTICADOR
CLIENT | (RUTEADOR INALAMBRICO)

C://FREERADIUS/ETC/RADDB/EN EL CLIENTS.CONF

# You can now specify one secret for a network of clients.

# When a client request comes in, the BEST match is chosen.
# i.e. The entry from the smallest possible network.
#
#client 192.168.0.0/24 {
# secret = testing123-1
# shortname = private-network-1
#}
#
client 10.3.160.10/32 {
secret = sistemas
shortname = ruteador-inalambrico
------------------------------

EDIT | -REGISTRAR USUARIOS/PASSWORD

USERS |

C://FREERADIUS/ETC/RADDB/EN EL USERS.CONF

############## RFC3580 ################

## Also the "eap.conf" MUST be modified to include the follow line:
## "use_tunneled_reply = yes"
## the default is "use_tunneled_reply = no"
## this allow the "Tunnel*" AV's to be passed outside the eap tunnel
## otherwise the switch will NOT see the VLAN to place the port into
#### Comments added by Jeff Reilly ####

testuser User-Password == "testpw"

usuario01 User-Password == "password01"
usuario02 User-Password == "password02"
usuario03 User-Password == "password03"

despues hacemos clip en el stop freeRADIUS.net service

despues hacemos clip en el start FreeRadius.net in debug mode
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

CONFIGURACION AP
CONFIGURACION AP
AUTENTICACION ENTERPRISE CON VLANs

!CREACION DE VLANs
dot11 vlan-name DATOS vlan 100
dot11 vlan-name VOZ vlan 200
dot11 vlan-name ADMIN vlan 300
!
!MAPEO ENTRE LAS VLAN Y LOS SSID
!
dot11 ssid DATOS 3
vlan 100
authentication open
mbssid guest-mode
!
dot11 ssid VOZ 3
vlan 200
authentication open
mbssid guest-mode
!
dot11 ssid ADMIN 3
vlan 300
authentication open
mbssid guest-mode
!
!DEFINIENDO LAS SUBINTERFACES ASOCIADAS A LAS VLAN
!
interface Dot11Radio0
no shutdown
!
ssid DATOS 3
!
ssid VOZ 3
!
ssid ADMIN 3
!
mbssid
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
!
interface Dot11Radio0.100
encapsulation dot1Q 100
bridge-group 100
!
interface Dot11Radio0.200
encapsulation dot1Q 200
bridge-group 200
!
interface Dot11Radio0.300
encapsulation dot1Q 300
bridge-group 254
!
!EXTENDIENDO LAS VLANs A LA RED CABLEADA
!
interface FastEthernet0
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
!
interface FastEthernet0.100
encapsulation dot1Q 100
 bridge-group 100
!
interface FastEthernet0.200
encapsulation dot1Q 200
bridge-group 200
!
interface FastEthernet0.300
encapsulation dot1Q 300
bridge-group 254
!
!CONFIGURANDO AUTENTICACION Y ENCRIPTACION EN MODO !ENTERPRISE
!
!VLAN10:SSID:personal:WPA2-AES/ENTERPRISE
!VLAN20:SSID:contabilidad:WPA-TKIP/ENTERPRISE
!VLAN30:SSID:ingenieria:WPA2-AES/ENTERPRISE
!
interface BVI1
ip address 10.3.0.3 255.255.224.0
no shutdown
!
ip default-gateway 10.3.0.1
!
aaa new-model
!
aaa authentication login eap_methods group radius
radius-server host 10.3.160.10 auth-port 1812 acct-port 1813 key sistemas
!
interface dot11Radio 0
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers tkip
encryption vlan 300 mode ciphers aes-ccm
!
dot11 ssid DATOS 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods
!
dot11 ssid VOZ 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods
!
dot11 ssid ADMIN 3
authentication key-management wpa
authentication open eap eap_methods
authentication network-eap eap_methods