Repository : ssh://git@open-mesh.org/doc

On branches: backup-redmine/2018-08-24,backup-redmine/2019-09-14,master

commit 3785dfe1e964ecb6ed17f2c2f1c5301ac9fd827f Author: Sven Eckelmann sven@narfation.org Date: Fri Aug 24 09:29:15 2018 +0200

doc: Remove off-topic page about radius/NPS and dynamic vlans

3785dfe1e964ecb6ed17f2c2f1c5301ac9fd827f ...nd_Dynamic_VLANs_with_NPS_Radius_Server.textile | 376 --------------------- 1 file changed, 376 deletions(-)

diff --git a/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile b/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile deleted file mode 100644 index c5a425e..0000000 --- a/open-mesh/BATMAN_and_Dynamic_VLANs_with_NPS_Radius_Server.textile +++ /dev/null @@ -1,376 +0,0 @@ -h1. BATMAN and Dynamic VLANs with NPS Radius Server - -I want to share my experience of a MESH network configuration with dynamic VLANs allocation based on authentication with a remote RADIUS server (Windows Server with NPS). Enjoy it - - -************************ - -1.- Previous Info - -************************ - -LAN Services: -RADIUS Server -NPS Windows Server (Configuration not included) -IP: 172.1.1.34 - -DHCP Server -DHCP Windows Server (Configuration not included) -IP: 172.1.1.34 - -DNS Server -The router in the LAN -IP: 10.0.0.254 - -Networks: -VLAN 1 (Admin - Default): 10.0.0.0/255.255.255.0 -VLAN 21(Private/Office): 10.1.14.0/255.255.254.0 -VLAN 20(Guest): 192.168.18.0/255.255.254.0 - -VLANs: -VLAN 1 -Router: 10.0.0.254 -AP1: 10.0.0.101 -AP2: 10.0.0.102 - -VLAN 21 -Router: 10.1.15.254 -AP1: 10.1.15.251 -AP2: 10.1.15.252 - -VLAN 20 -Router: 192.168.19.254 -AP1: 192.168.19.251 -AP2: 192.168.19.252 - -VLAN 70 -Router: 172.1.1.254 -Windows Server: 172.1.1.34 - - -************************ - -2.- Installation - -************************ - -opkg update -opkg remove wpad-mini -opkg install wpad -opkg install kmod-batman-adv -opkg install batctl - - -************************ - -3.- Basic Configuration - -************************ - ------------------------- -DNS ------------------------- -/etc/resolv.conf: - -nameserver 8.8.8.8 -nameserver 8.8.4.4 - - - -/etc/hosts: - -127.0.0.1 localhost -10.0.0.10x apmeshx #where x is the number of the AP. For the Node master I use x=1. - - - ------------------------- -DHCP ------------------------- -/etc/config/dhcp: - -config dnsmasq - option domainneeded '1' - option boguspriv '1' - option filterwin2k '0' - option localise_queries '1' - option local '/lan/' - option domain 'lan' - option expandhosts '1' - option authoritative '0' - option readethers '1' - option leasefile '/tmp/dhcp.leases' - option resolvfile '/tmp/resolv.conf.auto' - option rebind_protection '0' - option rebind_localhost '0' - list server '10.0.0.254' #DNS in the LAN - -config dhcp 'Vlan20' - option interface 'Vlan20' #Enabled for the DHCP in the LAN - -config dhcp 'Vlan21' - option interface 'Vlan21' #Enabled for the DHCP in the LAN - -config dhcp 'lan' - option interface 'lan' - option ignore '1' - - - -/etc/dnsmasq.conf: - -#dhcp-range=[network-id,],[[,],][,] -dhcp-range=Vlan20,192.168.18.1,192.168.19.200,255.255.254.0,4h #VLAN 20 range defined in the DHCP server -dhcp-range=Vlan21,10.1.14.1,10.1.15.200,255.255.254.0,96h #VLAN 21 range defined in the DHCP server - -#dhcp-relay=<local address>,<server address>[,<interface] -dhcp-relay=192.168.19.25x,172.1.1.34 #Interface in the appropriate VLAN used to communicate with the DHCP server. Again, x is the number of the AP -dhcp-relay=10.1.15.25x,172.1.1.34 #Interface in the appropriate VLAN used to communicate with the DHCP server. Again, x is the number of the AP - - - ------------------------- -Hostapd for the Dynamic VLANs ------------------------- -/etc/config/hostapd.vlan: - -'* wlan0-1.#' - - -************************ - -4.- Mesh Configuration - -************************ - ------------------------- -B.A.T.M.A.N ------------------------- -etc/config/batman-adv: - -config 'mesh' 'bat0' - option 'aggregated_ogms' - option 'ap_isolation' - option 'bonding' - option 'fragmentation' - option 'gw_bandwidth' - option 'gw_mode' - option 'gw_sel_class' - option 'log_level' - option 'orig_interval' - option 'bridge_loop_avoidance' - option 'distributed_arp_table' - option 'multicast_mode' - option 'network_coding' - option 'hop_penalty' - option 'isolation_mark' - - - ------------------------- -Wireless ------------------------- -etc/config/wireless: - -config wifi-iface - option device 'radio0' - option mode 'ap' - option ssid 'Nodex' #Again, x is the number of the AP. You have to set a NAS Client in Your RADIUS with this ID. - option encryption 'wpa2' - option auth_server '172.1.1.34' - option auth_port '1812' - option auth_secret 'mYs3cret2010' - option acct_server '172.1.1.34' - option acct_port '1813' - option acct_secret 'mYs3cret2010' - option nasid 'apmeshx' #Again, x is the number of the AP. You have to set a NAS Client in Your RADIUS with this ID. - option dynamic_vlan '2' - option vlan_bridge 'br-vlan' - option vlan_file '/etc/config/hostapd.vlan' - option vlan_tagged_interface 'xxx0' #Node master: xxx=eth, Other nodes: xxx=bat - option vlan_naming '0' - - -config wifi-iface 'wmesh' - option device 'radio0' - option ifname 'mesh0' - option network 'mesh' - option mode 'adhoc' - option ssid 'mymesh' - option bssid '02:CA:FE:CA:CA:40' - option mcast_rate '18000' - option encryption 'psk2/aes' - option key 'mYs3cretMesh!' - - - ------------------------- -Network ------------------------- -etc/config/network: - -Node master -(Connected to the wired Network. It is the Node gateway) ------------------------- -config interface 'lan' - option type 'bridge' - option ifname 'eth0 bat0' - option proto 'static' - option ip6assign '60' - option ipaddr '10.0.0.101' - option netmask '255.255.255.0' - option gateway '10.0.0.254' - option dns '10.0.0.254' - -config interface 'mesh' - option ifname 'mesh0' - option mtu '1544' - option proto 'batadv' - option mesh 'bat0' - option routing_algo 'BATMAN_V' - -config interface 'Vlan21' - option ifname 'eth0.21 bat0.21' - option type 'bridge' - option proto 'static' - option ipaddr '10.1.15.251' - option netmask '255.255.254.0' - -config interface 'Vlan20' - option ifname 'eth0.20 bat0.20' - option type 'bridge' - option proto 'static' - option ipaddr '192.168.19.251' - option netmask '255.255.254.0' - - - -Node 2 -(not connected to the wired network, only wireless to the Mesh) ------------------------- - -config interface 'lan' - option ifname 'eth0' - option type 'bridge' - option proto 'static' - option ipaddr '192.168.1.1' #This is for local administration of the AP. (directly connected) - option netmask '255.255.255.0' - option ip6assign '60' - -config interface 'bat' - option ifname 'bat0' - option type 'bridge' - option proto 'static' - option ipaddr '10.0.0.102' #Remember change the IP for each new Node - option netmask '255.255.255.0' - option gateway '10.0.0.254' - option dns '10.0.0.254' - -config interface 'mesh' - option ifname 'mesh0' - option mtu '1544' - option proto 'batadv' - option mesh 'bat0' - -config interface 'Vlan21' - option ifname 'bat0.21' - option type 'bridge' - option proto 'static' - option ipaddr '10.1.15.252' #Remember change the IP for each new Node - option netmask '255.255.254.0' - -config interface 'Vlan20' - option ifname 'bat0.20' - option type 'bridge' - option proto 'static' - option ipaddr '192.168.19.252' #Remember change the IP for each new Node - option netmask '255.255.254.0' - - - ------------------------- -Useful Commands You may need ------------------------- -iw list | grep "Supported interface modes" -A 9 #verify the supported modes -killall dnsmasq #kill dnsmasq running -/etc/init.d/network restart #reload Network -/etc/init.d/dnsmasq restart #reload DHCP -/etc/init.d/firewall restart #reload Firewall -wifi down; wifi #reload wireless -batctl if #wich interface is running batman -batctl s #show mesh statics -batctl tg #print the transglobal table in the Mesh -batctl gw #show if the MeshPoint is a gateway -brctl show #show the bridges - - - ------------------------- -Commands outputs during the test ------------------------- - - -Node Master: ------------------------- -root@apmesh1:~# ifconfig -bat0 Link encap:Ethernet HWaddr F2:DC:B7:31:79:54 -br-lan Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -br-Vlan21 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -br-Vlan20 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -eth0 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -eth0.21 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -eth0.20 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -mesh0 Link encap:Ethernet HWaddr F4:F2:6D:35:23:95 -wlan0-1 Link encap:Ethernet HWaddr F6:F2:6D:35:23:95 - ------------------------- -brctl show: -bridge name bridge id STP enabled interfaces -br-lan 7fff.f4f26d352395 no eth0 - bat0 -br-Vlan21 7fff.f4f26d352395 no eth0.21 -br-Vlan20 7fff.f4f26d352395 no eth0.20 - -root@apmesh1:~# brctl show (conectado) -bridge name bridge id STP enabled interfaces -br-lan 7fff.f4f26d352395 no eth0 - bat0 -br-Vlan21 7fff.f4f26d352395 no eth0.21 - wlan0-1.21 -br-Vlan20 7fff.f4f26d352395 no eth0.20 - ------------------------- - - - -Other Node: ------------------------- -root@apmesh2:~# ifconfig -bat0 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -bat0.21 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -bat0.20 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -br-bat Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -br-Vlan21 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -br-Vlan20 Link encap:Ethernet HWaddr 16:3F:15:C0:56:78 -br-lan Link encap:Ethernet HWaddr DC:9F:DB:6B:53:3C -eth0 Link encap:Ethernet HWaddr DC:9F:DB:6B:53:3C -mesh0 Link encap:Ethernet HWaddr DC:9F:DB:6A:53:3C -wlan0-1 Link encap:Ethernet HWaddr DE:9F:DB:6A:53:3C - ------------------------- -brctl show: -bridge name bridge id STP enabled interfaces -br-lan 7fff.dc9fdb6b533c no eth0 -br-bat 7fff.163f15c05678 no bat0 -br-Vlan21 7fff.163f15c05678 no bat0.21 -br-Vlan20 7fff.163f15c05678 no bat0.20 - -root@apmesh2:~# brctl show (Client connected) -bridge name bridge id STP enabled interfaces -br-lan 7fff.dc9fdb6b533c no eth0 -br-bat 7fff.163f15c05678 no bat0 -br-Vlan21 7fff.163f15c05678 no bat0.21 - wlan0-1.21 #when the client is connected -br-Vlan20 7fff.163f15c05678 no bat0.20 - -------------------------------------------------------- \ No newline at end of file