AP-VPN Deployment Scenarios
35.2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
539
Configuration Steps
CLI Commands
UI Procedure
7. Configure wired port and
wireless SSIDs using the au-
thentication servers.
Configure wired ports to operate in L3 mode and associate
Distributed, L3 mode VLAN 30 to the wired port profile.
(scalance)(config) # wired-port-profile wired-
port
(scalance)(wired-port-profile "wired-port")#
switchport-mode access
(scalance)(wired-port-profile "wired-port")#
allowed-vlan all
(scalance)(wired-port-profile "wired-port")#
native-vlan 30
(scalance)(wired-port-profile "wired-port")# no
shutdown
(scalance)(wired-port-profile "wired-port")#
access-rule-name wired-port
(scalance)(wired-port-profile "wired-port")# type
employee
(scalance)(wired-port-profile "wired-port")#
auth- server server1
(scalance)(wired-port-profile "wired-port")#
auth- server server2
(scalance)(wired-port-profile "wired-port")#
dot1x
(scalance)(wired-port-profile "wired-port")# exit
(scalance)(config)# enet1-port-profile wired-port
Configure a wireless SSID to operate in L2 mode and
associate Centralized, L2 mode VLAN 20 to the WLAN
SSID profile.
(scalance)(config) # wlan ssid-profile guest
(scalance)(SSID Profile "guest")# enable
(scalance)(SSID Profile "guest")# type guest
(scalance)(SSID Profile "guest")# essid guest
(scalance)(SSID Profile "guest")# opmode opensys-
tem
(scalance)(SSID Profile "guest")# vlan 20
(scalance)(SSID Profile "guest")# auth-server
server1
(scalance)(SSID Profile "guest")# auth-server
server2
(scalance)(SSID Profile "guest")# captive-portal
internal
NOTE: This example uses internal captive portal use case
using external authentication server. You can also use an
external captive portal example.
NOTE: The SSID type guest is used in this example to
enable configuration of captive portal. However, corporate
access through VPN tunnel is still allowed for this SSID
because the VLAN associated to this SSID is a VPN-
enabled VLAN (20 in this example).
See Configuring a Wired
Profile and Wireless Net-
work Profiles
8. Create access rule for wired
and wireless authentication. In
this example, the rule permits
all traffic.
For wired profile:
(scalance)(config)# wlan access-rule wired-port
(scalance)(Access Rule "wired-port")# rule any
any match any any any permit
For WLAN SSID:
(scalance)(config)# wlan access-rule guest
(scalance)(Access Rule "guest")# rule any any
match any any any permit
See Configuring ACL Rules
for Network Services
NOTE: Ensure that you execute the commit apply command in the SCALANCE W CLI before saving the configuration and
propagating changes across the AP cluster.
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...