Pagina 1 di 1

Guida creazione MultiSSID con NSM

MessaggioInviato: 6 gennaio 2018, 16:06
di mariokappa
Ciao a tutti,
tempo fa ho avuto bisogno di creare un secondo SSID blindato con la mia NSM2 Loco,ho pensato che condividere come ci sono riuscito può aiutare qualcuno che ne ha bisogno,almeno tutte le ore perse a capire saranno state spese ancor meglio.

Premetto che non ho creato nessuno script,ho semplicemente modificato il file di configurazione .cfg che tutte le nsm hanno.
La rete "guest" di cui avevo bisogno era una rete accessoria alla "main" protetta WPA2, i cui clients connessi potessero utilizzare SOLO ed ESCLUSIVAMENTE la navigazione internet,nessun tipo di connessione (ping compresi) con OGNI altro client al di fuori della stessa e ovviamente nessun accesso alla webgui della nsm.
Ci sono riuscito creando una VLAN dall'interfaccia di gestione (LAN0),poi messa in bridge con una nuova porta WLAN creata ad hoc.
In seconda battuta ho impostato le regole sul firewall per fare in modo di blindare la rete "guest".
Se qualcuno avesse bisogno posto sotto il contenuto del mio file .cfg da editare liberamente con qualsiasi text editor per adattarlo alle proprie esigenze (cambio nomi ssid/regole firewall/impostazioni subnets ecc..),l'unica menata che ho riscontrato è che qualsiasi modifica tramite webgui fatta a posteriori dal caricamento del .cfg riscrive il .cfg stesso cancellando le stringhe necessarie per la creazione del multissid,ergo qualsivoglia modifica va fatta direttamente nel .cfg per poi rifare l'upload sulla nsm.

aaa.1.br.devname=br1
aaa.1.devname=ath0
aaa.1.driver=madwifi
aaa.1.radius.acct.1.status=disabled
aaa.1.radius.auth.1.status=disabled
aaa.1.radius.macacl.status=disabled
aaa.1.ssid=MAINSSID ---> NOME SSID PRINCIPALE
aaa.1.status=enabled
aaa.1.wpa.1.pairwise=CCMP
aaa.1.wpa.key.1.mgmt=WPA-PSK
aaa.1.wpa.mode=2
aaa.1.wpa.psk=abc123456 ---> PWD SSID PRINCIPALE
aaa.2.br.devname=br0
aaa.2.devname=ath1
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=GUESTSSID ---> NOME SSID GUEST
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.mode=2
aaa.2.wpa.psk=pippopluto123456 ---> PWD SSID GUEST
aaa.status=enabled
airview.tcp_port=18888
bridge.status=enabled
bridge.1.status=enabled
bridge.1.devname=br0
bridge.1.stp.status=disabled
bridge.1.port.1.status=enabled
bridge.1.port.1.devname=eth0.50
bridge.1.port.2.status=enabled
bridge.1.port.2.devname=ath1
bridge.1.comment=Guest Bridge
dhcp6c.status=disabled
dhcp6d.status=disabled
dhcpc.status=enabled
dhcpc.1.devname=eth0
dhcpc.1.fallback=192.168.10.1
dhcpc.1.fallback_netmask=255.255.255.0
dhcpc.1.status=enabled
dhcpd.status=enabled
dhcpd.1.status=enabled
dhcpd.1.dns.1.server=
dhcpd.1.dns.1.status=disabled
dhcpd.1.dns.2.server=
dhcpd.1.dns.2.status=disabled
dhcpd.1.devname=ath0
dhcpd.1.dnsproxy=enabled
dhcpd.1.end=192.168.1.20
dhcpd.1.lease_time=600
dhcpd.1.netmask=255.255.255.0
dhcpd.1.start=192.168.1.2
dhcpd.2.status=disabled
dhcpd.2.dns.1.server=
dhcpd.2.dns.1.status=disabled
dhcpd.2.dns.2.server=
dhcpd.2.dns.2.status=disabled
dhcpd.2.devname=eth0.50
dhcpd.2.dnsproxy=enabled
dhcpd.2.end=192.168.50.20
dhcpd.2.lease_time=300
dhcpd.2.netmask=255.255.255.0
dhcpd.2.start=192.168.50.2
dhcpd.3.status=enabled
dhcpd.3.dns.1.server=
dhcpd.3.dns.1.status=disabled
dhcpd.3.dns.2.server=
dhcpd.3.dns.2.status=disabled
dhcpd.3.devname=br0
dhcpd.3.dnsproxy=enabled
dhcpd.3.end=192.168.50.19
dhcpd.3.lease_time=300
dhcpd.3.netmask=255.255.255.0
dhcpd.3.start=192.168.50.2
ebtables.status=enabled
ebtables.sys.arpnat.status=disabled
ebtables.sys.eap.status=enabled
ebtables.sys.status=enabled
ebtables.sys.vlan.status=disabled
gui.language=it_IT
gui.network.advanced.status=enabled
httpd.https.port=444
httpd.https.status=enabled
httpd.status=enabled
ip6tables.status=disabled
iptables.status=enabled
iptables.1.status=enabled
iptables.1.cmd=-A FIREWALL -i br0 --protocol 17 --src 0.0.0.0/0 --sport 68 --dst 0.0.0.0/0 --dport 67 -j ACCEPT
iptables.1.comment=
iptables.2.status=enabled
iptables.2.cmd=-A FIREWALL -i br0 --protocol 17 --src 0.0.0.0/0 --dst 0.0.0.0/0 --dport 53 -j ACCEPT
iptables.2.comment=
iptables.3.status=enabled
iptables.3.cmd=-A FIREWALL -i br0 --protocol 6 --src 0.0.0.0/0 --dst 0.0.0.0/0 --dport 53 -j ACCEPT
iptables.3.comment=
iptables.4.status=enabled
iptables.4.cmd=-A FIREWALL -i br0 --src 0.0.0.0/0 --dst 172.16.0.0/12 -j DROP
iptables.4.comment=
iptables.5.status=enabled
iptables.5.cmd=-A FIREWALL -i br0 --src 0.0.0.0/0 --dst 192.168.1.0/24 -j DROP
iptables.5.comment=
iptables.6.status=enabled
iptables.6.cmd=-A FIREWALL -i br0 --protocol 6 --src 192.168.50.0/24 --dst 0.0.0.0/0 --dport 80 -j ACCEPT
iptables.6.comment=
iptables.7.status=enabled
iptables.7.cmd=-A FIREWALL -i br0 --protocol 6 --src 192.168.50.0/24 --dst 0.0.0.0/0 --dport 443 -j ACCEPT
iptables.7.comment=
iptables.8.status=enabled
iptables.8.cmd=-A FIREWALL -i br0 --src 0.0.0.0/0 --dst 192.168.10.0/24 -j DROP
iptables.8.comment=
iptables.9.status=enabled
iptables.9.cmd=-A FIREWALL -i br0 --protocol 6 --src 0.0.0.0/0 --dst 0.0.0.0/0 --dport 444 -j DROP
iptables.9.comment=
iptables.sys.dmz.status=disabled
iptables.sys.masq.status=enabled
iptables.sys.masq.1.devname=eth0
iptables.sys.masq.1.status=enabled
iptables.sys.mgmt.status=disabled
iptables.sys.portfw.status=disabled
iptables.sys.status=enabled
iptables.sys.upnpd.status=enabled
iptables.sys.upnpd.devname=eth0
iptables.sys.fw.status=enabled
netconf.status=enabled
netconf.1.status=enabled
netconf.1.devname=eth0
netconf.1.mtu=1500
netconf.1.role=wan
netconf.1.autoip.status=disabled
netconf.1.hwaddr.status=disabled
netconf.1.hwaddr.mac=
netconf.1.ip=0.0.0.0
netconf.1.netmask=255.255.255.0
netconf.1.promisc=enabled
netconf.1.up=enabled
netconf.2.status=enabled
netconf.2.devname=ath0
netconf.2.mtu=1500
netconf.2.role=lan
netconf.2.autoip.status=disabled
netconf.2.hwaddr.status=disabled
netconf.2.hwaddr.mac=
netconf.2.ip=192.168.1.1
netconf.2.netmask=255.255.255.0
netconf.2.promisc=enabled
netconf.2.up=enabled
netconf.3.status=enabled
netconf.3.devname=eth0.50
netconf.3.mtu=1500
netconf.3.role=bridge_port
netconf.3.autoip.status=disabled
netconf.3.hwaddr.status=disabled
netconf.3.hwaddr.mac=
netconf.3.ip=0.0.0.0
netconf.3.netmask=255.255.255.0
netconf.3.up=enabled
netconf.4.status=disabled
netconf.4.devname=eth0
netconf.4.mtu=1500
netconf.4.role=mlan
netconf.4.autoip.status=disabled
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.up=enabled
netconf.5.status=enabled
netconf.5.devname=br0
netconf.5.mtu=1500
netconf.5.role=lan
netconf.5.autoip.status=disabled
netconf.5.hwaddr.status=disabled
netconf.5.hwaddr.mac=
netconf.5.ip=192.168.50.1
netconf.5.netmask=255.255.255.0
netconf.5.up=enabled
netconf.6.devname=ath1
netconf.6.mtu=1500
netconf.6.role=bridge_port
netconf.6.autoip.status=disabled
netconf.6.hwaddr.status=disabled
netconf.6.hwaddr.mac=
netconf.6.ip=0.0.0.0
netconf.6.netmask=255.255.255.0
netconf.6.up=enabled
netmode=router
ppp.status=disabled
radio.1.ack.auto=enabled
radio.1.ackdistance=600
radio.1.acktimeout=25
radio.1.airsync.ip=
radio.1.airsync.mode=
radio.1.airsync.port=
radio.1.airsync.slot.down=
radio.1.airsync.slot.override=disabled
radio.1.airsync.slot.up=
radio.1.airsync.status=disabled
radio.1.ampdu.bytes=50000
radio.1.ampdu.frames=32
radio.1.ampdu.status=enabled
radio.1.ani.status=disabled
radio.1.antenna.gain=8
radio.1.antenna.id=4
radio.1.cable.loss=0
radio.1.chanbw=20
radio.1.countrycode=380
radio.1.cwm.enable=0
radio.1.cwm.mode=0
radio.1.devname=ath0
radio.1.dfs.status=enabled
radio.1.forbiasauto=1
radio.1.freq=0
radio.1.ieee_mode=11nght20
radio.1.mcastrate=15
radio.1.mode=master
radio.1.obey=enabled
radio.1.polling=disabled
radio.1.polling_fh=0
radio.1.polling_fh_announce_cnt=30
radio.1.polling_fh_time=3000
radio.1.pollingnoack=0
radio.1.pollingpri=
radio.1.qdur=
radio.1.rate.auto=enabled
radio.1.rate.mcs=15
radio.1.reg_obey=enabled
radio.1.rts=off
radio.1.status=enabled
radio.1.subsystemid=0xe867
radio.1.thresh62a=
radio.1.thresh62b=
radio.1.thresh62g=
radio.1.txpower=10
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master
radio.1.virtual.1.status=enabled
radio.countrycode=380
radio.rate_module=atheros
radio.status=enabled
resolv.status=disabled
resolv.host.1.name=UnknownAP
resolv.host.1.status=enabled
resolv.nameserver.1.ip=192.168.10.20
resolv.nameserver.1.status=enabled
resolv.nameserver.2.ip=
resolv.nameserver.2.status=disabled
resolv.nameserver.status=enabled
route.status=enabled
route.1.ip=
route.1.netmask=
route.1.gateway=
route.1.comment=
route.1.status=disabled
route6.status=enabled
route6.1.ip=
route6.1.netmask=
route6.1.gateway=
route6.1.comment=
route6.1.status=enabled
sshd.port=22
sshd.status=enabled
system.button.reset=enabled
system.cfg.version=65546
system.date.status=disabled
system.date.timestamp=
system.eirp.status=enabled
system.latitude=
system.longitude=
system.modules.blacklist.status=disabled
system.timezone=GMT
tshaper.status=disabled
update.check.status=enabled
upnpd.status=enabled
upnpd.devname=eth0
upnpd.listening.1.ip=192.168.1.1
upnpd.listening.1.netmask=255.255.255.0
upnpd.listening.1.status=enabled
users.1.name=ubnt --> QUI CI SARA' LO USERNAME DI ACCESSO ALLA WEBGUI
users.1.password= QUI CI SARA' LA VS PWD DI ACCESSO ALLA WEBGUI CRIPTATA
users.1.status=enabled
users.2.status=disabled
users.status=enabled
vlan.status=enabled
vlan.1.status=enabled
vlan.1.devname=eth0
vlan.1.id=50
vlan.1.comment=Guest VLAN
wireless.1.addmtikie=enabled
wireless.1.ap=
wireless.1.authmode=1
wireless.1.autowds=disabled
wireless.1.compression=0
wireless.1.devname=ath0
wireless.1.fastframes=0
wireless.1.frameburst=0
wireless.1.hide_ssid=disabled
wireless.1.l2_isolation=disabled
wireless.1.mac_acl.status=disabled
wireless.1.mcast.enhance=2
wireless.1.scan_list.channels=
wireless.1.scan_list.status=disabled
wireless.1.security.type=none
wireless.1.sens=0
wireless.1.signal_led1=94
wireless.1.signal_led2=80
wireless.1.signal_led3=73
wireless.1.signal_led4=65
wireless.1.signal_led_status=enabled
wireless.1.ssid=MAINSSID ---> NOME SSID PRINCIPALE
wireless.1.status=enabled
wireless.1.wds.1.peer=
wireless.1.wds.2.peer=
wireless.1.wds.3.peer=
wireless.1.wds.4.peer=
wireless.1.wds.5.peer=
wireless.1.wds.6.peer=
wireless.1.wds.status=enabled
wireless.1.wmm=enabled
wireless.1.wmmlevel=
wireless.2.addmtikie=enabled
wireless.2.ap=
wireless.2.authmode=1
wireless.2.autowds=disabled
wireless.2.devname=ath1
wireless.2.hide_ssid=disabled
wireless.2.l2_isolation=enabled
wireless.2.ssid=GUESTSSID ---> NOME SSID GUEST
wireless.2.status=enabled
wireless.2.wds.status=disabled
wireless.2.wmm=enabled
wireless.hideindoor.status=disabled
wireless.status=enabled
wpasupplicant.device.1.status=disabled
wpasupplicant.profile.1.network.1.psk=abc123456 ---> PWD SSID PRINCIPALE
wpasupplicant.status=disabled

Per qualsiasi info o richiesta sono disponibile :okok:
Ciao a tutti e buon smanettamento :eheh:

Re: Guida creazione MultiSSID con NSM

MessaggioInviato: 6 gennaio 2018, 17:48
di thema3x
Ciao,

ottimo lavoro, grazie mille :okok:

TheMa3x