Header Only - DO NOT REMOVE - Extreme Networks
Question

NX5500 VLAN's DHCP Configuration

  • 25 September 2019
  • 0 replies
  • 350 views

code:
Hello good morning, I hope you are well, I have a series of doubts regarding the following case:

* I have an NX5500 with several AP7532 adopted.

* I have 3 SSIDs each with a different VLAN 116,117 and 118, to which I want to assign a DHCP server with another range of IP's to each one from the NX5500.

* Each of these SSIDs should be associated with the internal VLANs of the company (16,17 and 18), that is, 116 exit through the gateway of VLAN 16, 117 through the gateway of VLAN 17 and so on .

* I have 4 VLANs created in the NX5500 Profile, VLAN1 (Native), 116, 117, 118.

* The GE1 port is configured as Trunk and allows the passage of all those VLANs

* The ports on the Switch are configured to pass VLANs 1,16,17,18

What I want is for each SSID to go online and then apply the respective ACLs.

If you can help me with this I would really appreciate it ..

Regards...

Then the current running-config show:

!
! Configuration of NX5500 version 5.9.4.0-020R
!
!
version 2.6
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan RH-CAP-RF-CD
ssid RH-CAP-RF-CD
vlan 116
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 Al3rc3-4nd1n0
!
wlan RH-USERS-CD
ssid RH-USERS-CD
vlan 117
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 P4lm4-Ch1l3n4
!
wlan RH-VISITAS-CD
ssid RH-VISITAS-CD
vlan 118
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 Rio-Aconcagua-5295
!
wlan prueba
ssid pruebas
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 pruebatds
!
dhcp-server-policy DHCP-VLAN16
option IPVLAN16 16 ascii
dhcp-pool VLAN16
network 10.45.90.0/24
address range 10.45.90.2 10.45.90.254
default-router 10.45.90.1
!
!
management-policy default
no telnet
no http server
https server
rest-server
ssh
user admin password 1 82d01196dd1106ce85399528e108e727af41390478b86320fc4dd62f7df28306 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
profile nx5500 default-nx5500
no autoinstall configuration
no autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface ge1
interface ge2
interface ge3
interface ge4
interface ge5
interface ge6
interface vlan1
ip address 10.21.1.90/24
ip address zeroconf secondary
interface vlan116
ip address 10.45.90.1/24
interface vlan117
ip address 10.45.91.1/24
interface vlan118
ip address 10.45.92.1/24
interface pppoe1
use dhcp-server-policy DHCP-VLAN16
use firewall-policy default
service pm sys-restart
router ospf
router bgp
adoption-mode controller

.....

!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan RH-CAP-RF-CD bss 1 primary
wlan RH-USERS-CD bss 2 primary
wlan RH-VISITAS-CD bss 3 primary
wlan prueba bss 4 primary
interface radio2
interface ge1
switchport mode trunk
switchport trunk allowed vlan 1,16-18
interface vlan1
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
country-code cl
!
nx5500 40-83-DE-86-63-08
use profile default-nx5500
use rf-domain default
hostname nx5500-866308
license AAP 6e8043c0fdffcc38f75bb6272286f139292caac02c5641f70ed992a2258fc17e12360918255142fd
license ADSEC DEFAULT-ADV-SEC-LICENSE
no device-upgrade auto
interface vlan1
ip address 10.21.1.90/24
ip address zeroconf secondary
use dhcp-server-policy DHCP-VLAN16
logging on
logging console warnings
logging buffered warnings
controller adopted-devices aps
!
ap7532 94-9B-2C-28-FA-60
use profile default-ap7532
use rf-domain default
hostname RP-01-07
area "Rack Picking"
floor "Piso 1"
!
ap7532 94-9B-2C-28-FB-90
use profile default-ap7532
use rf-domain default
hostname RP-01-06
area "Rack Picking"
floor "Piso 1"
!
ap7532 94-9B-2C-28-FF-44
use profile default-ap7532
use rf-domain default
hostname EX-03
!
ap7532 94-9B-2C-28-FF-48
use profile default-ap7532
use rf-domain default
hostname ap7532-28FF48

!
!
end






.

0 replies

Be the first to reply!

Reply