1.基本IP地址和网络连通性配置
[LSW1]vlan batch 12 15
[LSW1-Vlanif12]ip address 10.1.12.1 24
[LSW1-Vlanif15]ip address 10.1.15.1 24
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 15
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 12
[LSW2]vlan batch 12 24
[LSW2-Vlanif12]ip address 10.1.12.2 24
[LSW2-Vlanif24]ip add 10.1.24.2 24
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 12
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 24
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 24
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 24
[LSW1]ospf 1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[LSW2]ospf 1
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.2
[LSW2-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
2.配置AC1
(1)基本IP地址和连通性配置
[AC1]vlan batch 24
[AC1-Vlanif24]ip add 10.1.24.254 24
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 24
[AC1]ospf 1
[AC1-ospf-1]area 0
[AC1-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
(2)配置DHCP功能,为接入用户分配IP地址
[AC1]dhcp enable
[AC1]int Vlanif 24
[AC1-Vlanif24]dhcp select interface
3.配置AP上线
(1)配置域管理模板
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
(2)创建AP组,绑定域管理模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
(3)配置AC源接口
[AC1]capwap source interface Vlanif 24
4.配置AP认证
在AC上离线导入AP,采用默认MAC认证,并加入AP组
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fc71-6c10
[AC1-wlan-ap-0]ap-group ap-group1
[AC1-wlan-ap-0]ap-name ap0
5.配置wlan业务
(1)配置安全模板
[AC1-wlan-view]security-profile name mac_access
(2)配置ssid模板
[AC1-wlan-view]ssid-profile name mac_access
[AC1-wlan-ssid-prof-mac_access]ssid mac_access
(3)配置vap模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]forward-mode tunnel
[AC1-wlan-vap-prof-mac_access]service-vlan vlan-id 24
[AC1-wlan-vap-prof-mac_access]security-profile mac_access
[AC1-wlan-vap-prof-mac_access]ssid-profile mac_access
(4)配置AP组引用VAP模板,设置VAP ID为2,射频0和1都使用该模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile mac_access wlan 2 radio all
(5)检查配置
6.配置MAC准入控制
(1)配置radius服务器模板
[AC1]radius-server template radius
[AC1-radius-radius]radius-server authentication 10.1.15.5 1812
[AC1-radius-radius]radius-server accounting 10.1.15.5 1813
[AC1-radius-radius]radius-server shared-key cipher ABCabc@123
[AC1-radius-radius]radius-server user-name original
[AC1]radius-server authorization 10.1.15.5 shared-key cipher ABCabc@123
(2)配置AAA认证
[AC1]aaa
[AC1-aaa]authentication-scheme radius
[AC1-aaa-authen-radius]authentication-mode radius
[AC1-aaa]accounting-scheme radius
[AC1-aaa-accounting-radius]accounting-mode radius
(3)创建MAC接入模板
[AC1]mac-access-profile name mac_access_profile
(4)创建认证模板,应用各个模板
[AC1]authentication-profile name mac_authen_profile
[AC1-authentication-profile-mac_authen_profile]mac-access-profile mac_access_profile
[AC1-authentication-profile-mac_authen_profile]authentication-scheme radius
[AC1-authentication-profile-mac_authen_profile]accounting-scheme radius
[AC1-authentication-profile-mac_authen_profile]radius-server radius
(5)应用认证模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]authentication-profile mac_authen_profile
7.Agile Controller配置略
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
