You can configure network interface by editing configuration files stored in /etc/sysconfig/network-scripts/
directory.
Lets configure the first network interface eth0. Edit the interface configuration file.
# vi /etc/sysconfig/network-scripts/ifcfg-eth0 (if file doesn't exist, create it with name of ifcfg-ethx)
Append/Modify as follows:
For a system using a Static IP Address
DEVICE="eth0
" BOOTPROTO="none" ONBOOT="yes" IPADDR="192.168.1.15
" NETMASK="255.255.255.0
" GATEWAY="192.168.1.1
"
For a system using a DHCP
DEVICE="eth0" BOOTPROTO="dhcp" ONBOOT="yes"
Parameter
Description
DEVICE=<name> | Name of the physical device |
BOOTPROTO=<none|bootp|dhcp> | Protocol to use. none – No boot-time protocol should be used bootp – The BOOTP protocol should be used dhcp – The DHCP protocol should be used |
ONBOOT=<yes|no> | Should the device be activated at boot-time |
IPADDR=<address> | IP address |
GATEWAY=<address> | Gateway IP address |
NETMASK=<mask> | Netmask value |
systemctl restart network then you have to disable and enable interface: ifdown eth0; ifup eth0
First of all, we have to create an SSID profile. You can do this with the command dot11 ssid ssid. Let’s make a SSID with the name ‘CiscoTalkWireless’.
1
2
|
ap(config)#dot11 ssid CiscoTalkWireless ap(config-ssid)# |
Next, we can configure the SSID properties. In this example, we want to use open authentication with key management provided by WPA2. In addition, I want to broadcast this SSID. This makes its easier for users to connect to your network. This is especially useful for guest wireless networks. While in SSID configuration mode:
1
2
3
4
|
ap(config-ssid)#authentication open ap(config-ssid)#authentication key-management wpa version 2 ap(config-ssid)#guest-mode ap(config-ssid)#wpa-psk ascii CiscoTalkTutorials! |
The configuration is pretty self-explanatory.
authentication open enables open authentication.
authentication key-management wpa version 2 configures this SSID to use WPA2. If you leave off version 2and enter authentication key-management wpa, you are configuring the SSID with WPA.
guest-mode enables SSID broadcasting.
wpa-psk ascii sets the pre-shared key for the SSID.
Now with the SSID profile configured, we need to specify an encryption method. Let’s enter interface configuration mode on Dot11Radio0:
1
2
|
ap(config)#interface Dot11Radio0 ap(config-if)# |
There are a few options you can use for encryption. You can also use AES, TKIP, and WEP. I strongly advise against using WEP and recommend AES over TKIP.
For AES:
1
|
ap(config-if)# encryption mode ciphers aes-ccm |
For TKIP:
1
|
ap(config-if)# encryption mode ciphers tkip |
Now with the encryption method in place, let’s assign the SSID:
1
|
ap(config-if)# ssid CiscoTalkWireless |
By default and as a security measure, all new Cisco Access Points ship with the radios turned off. So as a final step, let’s enable the radio:
1
|
ap(config-if)# no shutdown |
By default, Cisco access points select the least congested wireless channel. As soon as you enable the interface, the access point will scan and assign itself an appropriate channel. Once the channel selection process is complete, you should now have a working wireless network! You can verify connected clients by using the show dot11 associations command:
1
2
3
4
5
6
7
8
9
|
ap#show dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [CiscoTalkWireless] : MAC Address IP address Device Name Parent State 100b.bbbd.e248 10.10.83.110 ccx-client CiscoTalk-PC self Assoc ap# |
My next post will be a tutorial on how to configure multiple SSIDs using different VLANs on a single access point.
Technology: Network Security
Area: Next Generation Firewalls
Vendor: Cisco
Software: 8.X, 9.X, FMC 5.X, 6.X, SFR module 5.X , 6.X
Platform: Cisco ASA, Firepower Management Center VM
Firepower Management Center installation steps
1. Deployment from OVF
2. Assign the hostname for VM
3. Choose the right ovf and vmdk files
4. Select proper vNIC (the one you will use for management purposes and communication with the sensor) and disk provisioning type
5. VM Deployment is finished
6. VM starts the installation
Note: The Cisco Firepower Management Center Virtual instance then appears under the specified data center in the Inventory. Booting up the new VM could take up to 30-40 minutes.
7. After about 20 minutes you will see the system first initialization message
8. After installation is complete, the firepower login prompt appears.
Note: A message “WRITE SAME failed. Manually zeroing.” may appear after the system is booted up for the first time. This does not indicate a defect, it correctly indicates that the VMware storage driver does not support the WRITE SAME command. The system displays this message, and proceeds with a fallback command to perform the same operation
Default user and password for version 6.x FMC and later
- Username: admin
- Password: Admin123
9. First login and setup
10. Setup of FMC – CLI (you might be prompted for sudo password then provide the same password as used when loging in)
11. Checking the interfaces on FMC and ensuring proper addressing:
12. First GUI login comes up after typing the IP address (or FMC’s FQDN) set during installation. To login use exactly the same credentials as used for CLI login.