Motorola WS5100 Series Migration Giude page 190

11-32 WS5100 Series Switch Migration Guide
The use case described above can be configured with the following CLI commands:
NOTE: The CLI configuration shown below are for IPSec-L2TP connection over an mobile
unit. Use a windows default client for this configuration.
1. Create and configure a WLAN.
WS5100(config)#
WS5100(config)#wireless
WS5100(config-wireless)#wlan 2 enable
WS5100(config-wireless)#wlan 2 ssid MONARCH2
WS5100(config-wireless)#wlan 2 vlan 2
2. Create and configure a DHCP.
WS5100(config)#ip dhcp pool vlan2
WS5100(config-dhcp)#address range 10.1.1.2 10.1.1.254
WS5100(config-dhcp)#default-router 10.1.1.1
WS5100(config-dhcp)#network 10.1.1.0/24
3. Create and configure a VLAN interface named vlan2.
WS5100(config)#interface vlan2
WS5100(config-if)#ip address 10.1.1.1/24
4. Create and configure another VLAN interface named vlan3.
WS5100(config)#interface vlan 3
WS5100(config-if)#ip address dhcp
Use the CLI commands below to confiugre IPSec VPN on the Ws5100 switch:
1. Create an Extended ACL.
WS5100(config-ext-nacl)#ip access-list extended 101
2. Configure the local subnet and remote subnet as interesting traffic.
WS5100(config-ext-nacl)# permit ip 10.1.1.0/24 any
WS5100(config-ext-nacl)# permit ip 192.168.0.0/24 any
3. Configure private pool address.
WS5100(config)# ip local pool lo 192.168.0.2 hi 192.168.0.10
4. Specify DNS/WINS for the remote client.
WS5100(config)#crypto isakmp client configuration group default
WS5100(config-crypto-group)#dns 10.1.1.1
WS5100(config-crypto-group)#wins 10.1.1.1
5. Specify the authentication type.
WS5100(config)# aaa vpn-authentication local
WS5100(config)# local username harry password symbol123