Professional Documents
Culture Documents
Lab21Public&Enterprisewlanusersdifferentiation
Lab21Public&Enterprisewlanusers
differentiation
Rating4.00(1Vote)
LastUpdated:Monday,21December201509:21
Hits:799
Labdescription
TheaimofthisPacketTracer6.2labistoconfigureancampusnetworkallowingauthenticatedenterpriseusersto
accessenterpriseressourcesusingtheirmobiledeviceswhileallowingafilteredpublicwirelessaccessforunregistered
users.
TwoaccesspointsareconnectedtoanaccessswitchtopublishtwodiffrentSSID("default"and"Secured").The
basicaccesspointbroadcaststhepublicSSID.TheLinksysAPbroadcaststheprotectedSSIDasthisAPcanbe
configuredforWPAEnterprisesecurity.EachSSIDismappedtoasinglevlan:vlan20forsecureSSID,vlan30for
publicSSID.Inarealworldarchitecture,wewouldbeusingaCiscoWirelesLanController(WLC)andLeightWeight
APbutthosedevicesarenotavailableinPacketTracer6.2.RumorsindicatethatWLCcoludbeavailableinthnext
PacketTracerversion(PacketTracer7.0).
TheVLANinterfaceofthesecuressid(interfacevlan20)ishostedbythecampuscoreandhetrafficisdirectlyrouted
tothedatacenter.TheVLANinterfaceofthepublicssid(interfacevlan30)ishostedbytheASAfirewallonit'soutside
interface.Thepublictrafficisfilteredbeforeenteringthecampus
LabTopology
http://www.packettracernetwork.com/labs/lab21wlandifferentiation.html
1/5
21/4/2016
Lab21Public&Enterprisewlanusersdifferentiation
Labsolution
Step1:CampusCOREconfiguration
Thecampuscoreprimaryfunctionishighspeedrouting.Inthissmallcampusdesign,coreanddistributionfunctions
arecollapsedonthesameL3switch.OSPFisconfiguredforadvertisingclassless10.0.0.0/8subnets(ipclassless).A
staticrouteisconfiguredthroughtheASAfirewalltoallowroutingtothepublicwirelessnetwork.Thestaticrouteis
redistributedinOSPFandadvertisedasanexternalroute(E2).
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepasswordencryption
!
hostnameCAMPUSCORE
http://www.packettracernetwork.com/labs/lab21wlandifferentiation.html
2/5
21/4/2016
Lab21Public&Enterprisewlanusersdifferentiation
!
iprouting
!
interfacePortchannel1
noswitchport
ipaddress10.1.0.1255.255.255.248
!
interfaceFastEthernet0/1
noswitchport
channelprotocollacp
channelgroup1modeactive
noipaddress
duplexauto
speedauto
!
interfaceFastEthernet0/2
noswitchport
channelgroup1modeactive
noipaddress
duplexauto
speedauto
!
interfaceFastEthernet0/23
switchportaccessvlan30
!
interfaceFastEthernet0/24
noswitchport
ipaddress10.1.0.9255.255.255.248
duplexauto
speedauto
!
interfaceGigabitEthernet0/1
switchporttrunkencapsulationdot1q
switchportmodetrunk
!
interfaceGigabitEthernet0/2
switchporttrunkencapsulationdot1q
switchportmodetrunk
!
interfaceVlan1
noipaddress
shutdown
!
interfaceVlan10
ipaddress10.1.10.1255.255.255.0
!
interfaceVlan20
ipaddress10.1.20.1255.255.255.0
http://www.packettracernetwork.com/labs/lab21wlandifferentiation.html
3/5
21/4/2016
Lab21Public&Enterprisewlanusersdifferentiation
!
routerospf1
logadjacencychanges
redistributestaticsubnets
network10.0.0.00.255.255.255area0
!
ipclassless
iproute10.1.30.0255.255.255.010.1.0.10
!
Step2:ASAFirewallconfiguration
TheASAfirewallownthepublicsubnetgateway.Thisvlaninterfaceisconfiguredwithazerosecurityleveltodropall
incomingtrafficbydefault.ICMPtrafficfromthecampustopublicsubnetisallowedandinspectedbythepolicymap.
Thetrafficinspectionallowsthereturntrafficcomingfromthepublicsubnettocrossthefirewall.
ASAVersion8.4(2)
!
hostnameciscoasa
names
!
interfaceEthernet0/0
switchportaccessvlan30
!
interfaceVlan1
nameifinside
securitylevel100
ipaddress10.1.0.10255.255.255.248
!
interfaceVlan2
nonameif
nosecuritylevel
ipaddressdhcp
!
interfaceVlan30
nameifoutside
securitylevel0
ipaddress10.1.30.1255.255.255.0
!
!
routeinside0.0.0.00.0.0.010.1.0.91
!
classmapicmpclass
matchdefaultinspectiontraffic
!
policymapicmp_policy
classicmpclass
http://www.packettracernetwork.com/labs/lab21wlandifferentiation.html
4/5
21/4/2016
Lab21Public&Enterprisewlanusersdifferentiation
inspecticmp
!
servicepolicyicmp_policyglobal
Step3:Accessswitchconfiguration
version12.2
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
noservicepasswordencryption
!
hostnameCAMPUSACCESS01
!
spanningtreemodepvst
!
interfaceFastEthernet0/1
switchportaccessvlan30
!
interfaceFastEthernet0/2
switchportaccessvlan20
!
interfaceGigabitEthernet0/1
switchportmodetrunk
!
http://www.packettracernetwork.com/labs/lab21wlandifferentiation.html
5/5