Repository : ssh://git@open-mesh.org/doc
On branches: backup-redmine/2018-08-24,backup-redmine/2019-09-14,master
commit 9da67e6a4b3e7f91c86e1ffef60126ab0fb5875a Author: Jose Martin jmartin@vcomnetworks.com Date: Sun Aug 19 05:32:05 2018 +0000
doc: open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server: I want to share my experience of a MESH network configuration with dynamic VLANs allocation based on authentication with a remote RADIUS server (Windows Server with NPS).
9da67e6a4b3e7f91c86e1ffef60126ab0fb5875a ...nd_Dynamic_VLANs_with_NPS_Radius_Server.textile | 364 +++++++++++++++++++++ 1 file changed, 364 insertions(+)
diff --git a/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile b/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile new file mode 100644 index 0000000..7882a83 --- /dev/null +++ b/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile @@ -0,0 +1,364 @@ +h1. BATMAN and Dynamic VLANs with NPS Radius Server + +I want to share my experience of a MESH network configuration with dynamic VLANs allocation based on authentication with a remote RADIUS server (Windows Server with NPS). Enjoy it + + +************************************************************************** +1.- Previous Info +************************************************************************** +LAN Services: +RADIUS Server +NPS Windows Server (Configuration not included) +IP: 172.1.1.34 + +DHCP Server +DHCP Windows Server (Configuration not included) +IP: 172.1.1.34 + +DNS Server +The router in the LAN +IP: 10.0.0.254 + +Networks: +VLAN 1 (Admin - Default): 10.0.0.0/255.255.255.0 +VLAN 21(Private/Office): 10.1.14.0/255.255.254.0 +VLAN 20(Guest): 192.168.18.0/255.255.254.0 + +VLANs: +VLAN 1 +Router: 10.0.0.254 +AP1: 10.0.0.101 +AP2: 10.0.0.102 + +VLAN 21 +Router: 10.1.15.254 +AP1: 10.1.15.251 +AP2: 10.1.15.252 + +VLAN 20 +Router: 192.168.19.254 +AP1: 192.168.19.251 +AP2: 192.168.19.252 + +VLAN 70 +Router: 172.1.1.254 +Windows Server: 172.1.1.34 + + +************************************************************************** +2.- Installation +************************************************************************** +opkg update +opkg remove wpad-mini +opkg install wpad +opkg install kmod-batman-adv +opkg install batctl + + +************************************************************************** +3.- Basic Configuration +************************************************************************** + +-------------------------------------------------------------------------- +DNS and DHCP +-------------------------------------------------------------------------- +/etc/resolv.conf: + +nameserver 8.8.8.8 +nameserver 8.8.4.4 + + + +/etc/hosts: + +127.0.0.1 localhost +10.0.0.10x apmeshx #where x is the number of the AP. For the Node master I use x=1. + + + +-------------------------------------------------------------------------- +DHCP +-------------------------------------------------------------------------- +/etc/config/dhcp: + +config dnsmasq + option domainneeded '1' + option boguspriv '1' + option filterwin2k '0' + option localise_queries '1' + option local '/lan/' + option domain 'lan' + option expandhosts '1' + option authoritative '0' + option readethers '1' + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + option rebind_protection '0' + option rebind_localhost '0' + list server '10.0.0.254' #DNS in the LAN + +config dhcp 'Vlan20' + option interface 'Vlan20' #Enabled for the DHCP in the LAN + +config dhcp 'Vlan21' + option interface 'Vlan21' #Enabled for the DHCP in the LAN + +config dhcp 'lan' + option interface 'lan' + option ignore '1' + + + +/etc/dnsmasq.conf: + +# dhcp-range=[network-id,],[[,],][,] +dhcp-range=Vlan20,192.168.18.1,192.168.19.200,255.255.254.0,4h #VLAN 20 range defined in the DHCP server +dhcp-range=Vlan21,10.1.14.1,10.1.15.200,255.255.254.0,96h #VLAN 21 range defined in the DHCP server + +#dhcp-relay=<local address>,<server address>[,<interface] +dhcp-relay=192.168.19.25x,172.1.1.34 #Interface in the appropriate VLAN used to communicate with the DHCP server. Again, x is the number of the AP +dhcp-relay=10.1.15.25x,172.1.1.34 #Interface in the appropriate VLAN used to communicate with the DHCP server. Again, x is the number of the AP + + + +-------------------------------------------------------------------------- +Hostapd for the Dynamic VLANs +-------------------------------------------------------------------------- +/etc/config/hostapd.vlan: + +* wlan0-1.# + + +************************************************************************** +4.- Mesh Configuration +************************************************************************** +-------------------------------------------------------------------------- +B.A.T.M.A.N +-------------------------------------------------------------------------- +etc/config/batman-adv: + +config 'mesh' 'bat0' + option 'aggregated_ogms' + option 'ap_isolation' + option 'bonding' + option 'fragmentation' + option 'gw_bandwidth' + option 'gw_mode' + option 'gw_sel_class' + option 'log_level' + option 'orig_interval' + option 'bridge_loop_avoidance' + option 'distributed_arp_table' + option 'multicast_mode' + option 'network_coding' + option 'hop_penalty' + option 'isolation_mark' + + + +-------------------------------------------------------------------------- +Wireless +-------------------------------------------------------------------------- +etc/config/wireless: + +config wifi-iface + option device 'radio0' + option mode 'ap' + option ssid 'Nodex' #Again, x is the number of the AP. You have to set a NAS Client in Your RADIUS with this ID. + option encryption 'wpa2' + option auth_server '172.1.1.34' + option auth_port '1812' + option auth_secret '6P6adm1n2010' + option acct_server '172.1.1.34' + option acct_port '1813' + option acct_secret '6P6adm1n2010' + option nasid 'apmeshx' #Again, x is the number of the AP. You have to set a NAS Client in Your RADIUS with this ID. + option dynamic_vlan '2' + option vlan_bridge 'br-vlan' + option vlan_file '/etc/config/hostapd.vlan' + option vlan_tagged_interface 'xxx0' #Node master: xxx=eth, Other nodes: xxx=bat + option vlan_naming '0' + + +config wifi-iface 'wmesh' + option device 'radio0' + option ifname 'mesh0' + option network 'mesh' + option mode 'adhoc' + option ssid 'mymesh' + option bssid '02:CA:FE:CA:CA:40' + option mcast_rate '18000' + option encryption 'psk2/aes' + option key '6P6adm1n2010' + + + +-------------------------------------------------------------------------- +Network +-------------------------------------------------------------------------- +etc/config/network: + +Node master +(Connected to the wired Network. It is the Node gateway) +--------------------------------------------------------------- +config interface 'lan' + option type 'bridge' + option ifname 'eth0 bat0' + option proto 'static' + option ip6assign '60' + option ipaddr '10.0.0.101' + option netmask '255.255.255.0' + option gateway '10.0.0.254' + option dns '10.0.0.254' + +config interface 'mesh' + option ifname 'mesh0' + option mtu '1544' + option proto 'batadv' + option mesh 'bat0' + +config interface 'Vlan21' + option ifname 'eth0.21 bat0.21' + option type 'bridge' + option proto 'static' + option ipaddr '10.1.15.251' + option netmask '255.255.254.0' + +config interface 'Vlan20' + option ifname 'eth0.20 bat0.20' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.19.251' + option netmask '255.255.254.0' + + + +Node 2 +(not connected to the wired network, only wireless to the Mesh) +--------------------------------------------------------------- + +config interface 'lan' + option ifname 'eth0' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.1.1' #This is for local administration of the AP. (directly connected) + option netmask '255.255.255.0' + option ip6assign '60' + +config interface 'bat' + option ifname 'bat0' + option type 'bridge' + option proto 'static' + option ipaddr '10.0.0.102' #Remember change the IP for each new Node + option netmask '255.255.255.0' + option gateway '10.0.0.254' + option dns '10.0.0.254' + +config interface 'mesh' + option ifname 'mesh0' + option mtu '1544' + option proto 'batadv' + option mesh 'bat0' + +config interface 'Vlan21' + option ifname 'bat0.21' + option type 'bridge' + option proto 'static' + option ipaddr '10.1.15.252' #Remember change the IP for each new Node + option netmask '255.255.254.0' + +config interface 'Vlan20' + option ifname 'bat0.20' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.19.252' #Remember change the IP for each new Node + option netmask '255.255.254.0' + + + +-------------------------------------------------------------------------- +Useful Commands You may need +-------------------------------------------------------------------------- +iw list | grep "Supported interface modes" -A 9 #verify the supported modes +killall dnsmasq #kill dnsmasq running +/etc/init.d/network restart #reload Network +/etc/init.d/dnsmasq restart #reload DHCP +/etc/init.d/firewall restart #reload Firewall +wifi down; wifi #reload wireless +batctl if #wich interface is running batman +batctl s #show mesh statics +batctl tg #print the transglobal table in the Mesh +batctl gw #show if the MeshPoint is a gateway +brctl show #show the bridges + + + +-------------------------------------------------------------------------- +Commands outputs during the test +-------------------------------------------------------------------------- + + +Node Master: +--------------------------------------------------------------- +root@apmesh1:~# ifconfig +bat0 Link encap:Ethernet HWaddr F2:DC:B7:31:79:54 +br-lan Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +br-Vlan21 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +br-Vlan20 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +eth0 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +eth0.34 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +eth0.66 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +mesh0 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 +wlan0-1 Link encap:Ethernet HWaddr F6:F2:6D:35:23:95 + +--------------------------------------------------------------- +brctl show: +bridge name bridge id STP enabled interfaces +br-lan 7fff.f4f26d352395 no eth0 + bat0 +br-Vlan21 7fff.f4f26d352395 no eth0.34 +br-Vlan20 7fff.f4f26d352395 no eth0.66 + +root@apmesh1:~# brctl show (conectado) +bridge name bridge id STP enabled interfaces +br-lan 7fff.f4f26d352395 no eth0 + bat0 +br-Vlan21 7fff.f4f26d352395 no eth0.34 + wlan0-1.34 +br-Vlan20 7fff.f4f26d352395 no eth0.66 + +--------------------------------------------------------------- + + + +Other Node: +--------------------------------------------------------------- +root@apmesh2:~# ifconfig +bat0 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +bat0.34 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +bat0.66 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +br-bat Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +br-Vlan21 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +br-Vlan20 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 +br-lan Link encap:Ethernet HWaddr DC:9F:DB:6B:53:3C +eth0 Link encap:Ethernet HWaddr DC:9F:DB:6B:53:3C +mesh0 Link encap:Ethernet HWaddr DC:9F:DB:6A:53:3C +wlan0-1 Link encap:Ethernet HWaddr DE:9F:DB:6A:53:3C + +--------------------------------------------------------------- +brctl show: +bridge name bridge id STP enabled interfaces +br-lan 7fff.dc9fdb6b533c no eth0 +br-bat 7fff.163f15c05678 no bat0 +br-Vlan21 7fff.163f15c05678 no bat0.34 +br-Vlan20 7fff.163f15c05678 no bat0.66 + +root@apmesh2:~# brctl show (Client connected) +bridge name bridge id STP enabled interfaces +br-lan 7fff.dc9fdb6b533c no eth0 +br-bat 7fff.163f15c05678 no bat0 +br-Vlan21 7fff.163f15c05678 no bat0.34 + wlan0-1.34 #when the client is connected +br-Vlan20 7fff.163f15c05678 no bat0.66 + +--------------------------------------------------------------- \ No newline at end of file