Lab Topology

Packet Tracer 6.2 lab 21 (wlan user differentiationà topology

Lab solution

Step 1 : Campus CORE configuration

The campus core primary function is high speed routing. In this small campus design, core and distribution functions are collapsed on the same L3 switch. OSPF is configured for advertising classless 10.0.0.0/8 subnets (ip classless). A static route is configured through the ASA firewall to allow routing to the public wireless network. The static route is redistributed in OSPF and advertised as an external route (E2).

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CAMPUS-CORE
!
ip routing
!
interface Port-channel 1
 no switchport
 ip address 10.1.0.1 255.255.255.248
!
interface FastEthernet0/1
 no switchport
 channel-protocol lacp
 channel-group 1 mode active
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/2
 no switchport
 channel-group 1 mode active
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/23
 switchport access vlan 30
!
interface FastEthernet0/24
 no switchport
 ip address 10.1.0.9 255.255.255.248
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 10.1.10.1 255.255.255.0
!
interface Vlan20
 ip address 10.1.20.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets 
 network 10.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 10.1.30.0 255.255.255.0 10.1.0.10 
!

Step 2 : ASA Firewall configuration

The ASA firewall own the public subnet gateway. This vlan interface is configured with a zero security-level to drop all incoming traffic by default. ICMP traffic from the campus to public subnet is allowed and inspected by the policy-map. The traffic inspection allows the return traffic coming from the public subnet to cross the firewall.

ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
 switchport access vlan 30
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.1.0.10 255.255.255.248
!
interface Vlan2
 no nameif
 no security-level
 ip address dhcp
!
interface Vlan30
 nameif outside
 security-level 0
 ip address 10.1.30.1 255.255.255.0
!
!
route inside 0.0.0.0 0.0.0.0 10.1.0.9 1
!
class-map icmp-class
 match default-inspection-traffic
!
policy-map icmp_policy
 class icmp-class
  inspect icmp 
!
service-policy icmp_policy global

Step 3 : Access switch configuration

version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CAMPUS-ACCESS-01
!
spanning-tree mode pvst
!
interface FastEthernet0/1
 switchport access vlan 30
!
interface FastEthernet0/2
 switchport access vlan 20
!
interface GigabitEthernet0/1
 switchport mode trunk
!