拓扑图
![](https://img-blog.csdnimg.cn/2a5fdf2d388a43f19e60fd305db58628.png)
胖AP(FAT)密码admin
接入模式
三层交换机
sw1(config)#vlan range 10,20,30
sw1(config)#int vlan 10
sw1(config-VLAN 10)#ip address 192.168.10.254 255.255.255.0
sw1(config)#int vlan 20
sw1(config-VLAN 20)#ip address 192.168.20.254 255.255.255.0
sw1(config)#int vlan 30
sw1(config-VLAN 30)#ip address 192.168.30.254 255.255.255.0
sw1(config)#int fastEthernet 0/1
sw1(config-FastEthernet 0/1)#switchport mode trunk
AP
AP1(config)#sh ap-mode -->查看AP模式
current mode: fat
AP1(config)#vlan range 10,20,30
AP1(config)#dot11 wlan 1 -->创建wlan 1
AP1(dot11-wlan-config)#ssid ruijie_20 -->设置无线ssid
AP1(config)#dot11 wlan 2
AP1(dot11-wlan-config)#ssid ruijie_30
AP1(config)#int dot11radio 1/0 -->进入射频接口
AP1(config-if-Dot11radio 1/0)#encapsulation dot1Q 20 -->封装vlan20的标签
AP1(config-if-Dot11radio 1/0)#wlan-id 1 -->关联无线信号组
AP1(config)#int dot11radio 2/0
AP1(config-if-Dot11radio 2/0)#encapsulation dot1Q 30
AP1(config-if-Dot11radio 2/0)#wlan-id 2
AP1(config)#
AP1(config)#int gigabitEthernet 0/1 -->配置AP上联接口,封装vlan
AP1(config-if-GigabitEthernet 0/1)#encapsulation dot1Q 1 -->封装vlan1的标签
AP1(config)#int gigabitEthernet 0/1.10
AP1(config-subif-GigabitEthernet 0/1.20)#encapsulation dot1Q 10
AP1(config)#int gigabitEthernet 0/1.20
AP1(config-subif-GigabitEthernet 0/1.20)#encapsulation dot1Q 20
AP1(config)#int gigabitEthernet 0/1.30
AP1(config-subif-GigabitEthernet 0/1.30)#encapsulation dot1Q 30
AP1(config)#int bvI 10
AP1(config-if-BVI 10)#ip address 192.168.10.253 255.255.255.0
AP1(config)#int bvI 20
AP1(config-if-BVI 10)#ip address 192.168.20.253 255.255.255.0 -->DHCP服务器地址
AP1(config)#int bvI 30
AP1(config-if-BVI 10)#ip address 192.168.20.253 255.255.255.0
AP1(config)#service dhcp
AP1(config)#ip dhcp pool vlan20
AP1(dhcp-config)#network 192.168.20.0 255.255.255.0
AP1(dhcp-config)#default-router 192.168.20.254
AP1(dhcp-config)#dns-server 114.114.114.114
AP1(config)#ip dhcp pool vlan30
AP1(dhcp-config)#network 192.168.30.0 255.255.255.0
AP1(dhcp-config)#default-router 192.168.30.254
AP1(dhcp-config)#dns-server 114.114.114.114
AP1(config)#wlansec 1 -->配置wlan 1加密
AP1(config-wlansec)#security rsn enable -->开启无线WPA2加密功能
AP1(config-wlansec)#security rsn ciphers aes enable -->启用AES加密算法
AP1(config-wlansec)#security rsn akm psk enable -->启用共享密钥认证方式
AP1(config-wlansec)#security rsn akm psk set-key ascii 123456789 -->配置该无线wlan的SSID密码
AP1(config)#wlansec 2 -->配置wlan 2加密
AP1(config-wlansec)#security rsn enable -->开启无线WPA2加密功能
AP1(config-wlansec)#security rsn ciphers aes enable -->启用AES加密算法
AP1(config-wlansec)#security rsn akm psk enable -->启用共享密钥认证方式
AP1(config-wlansec)#security rsn akm psk set-key ascii 123456789 -->配置该无线wlan的SSID密码
无线路由模式(NAT转换)
三层交换机
sw1(config)#int fastEthernet 0/1
sw1(config-FastEthernet 0/1)#no switchport
sw1(config-FastEthernet 0/1)#ip address 10.0.0.1 255.255.255.252
AP
Ruijie#sh ap-mode
current mode: fat
Ruijie(config)#dot11 wlan 1
Ruijie(dot11-wlan-config)#ssid ruijie--1
Ruijie(config)#int dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#encapsulation dot1Q 1
Ruijie(config-if-Dot11radio 1/0)#wlan-id 1
Ruijie(config)#int bVI 1
Ruijie(config-if-BVI 1)#no ip address
Ruijie(config-if-BVI 1)#ip address 10.0.0.2 255.255.255.252
Ruijie(config)#service dhcp
Ruijie(config)#ip dhcp pool vlan1
Ruijie(dhcp-config)#network 192.168.1.0 255.255.255.0
Ruijie(dhcp-config)#default-router 192.168.1.254
Ruijie(dhcp-config)#dns-server 114.114.114.114
Ruijie(config)#access-list 1 permit any
Ruijie(config)#ip nat inside source list 1 int gigabitEthernet 0/1 overload
Ruijie(config)#int gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#ip nat outside
Ruijie(config)#ip rout 0.0.0.0 0.0.0.0 10.0.0.1
Ruijie(config)#int bVI 1
Ruijie(config-if-BVI 1)#ip nat inside
Ruijie#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 10.0.0.2:53745 192.168.1.1:53745 117.144.243.160:80 117.144.243.160:80
tcp 10.0.0.2:53741 192.168.1.1:53741 14.17.52.184:80 14.17.52.184:80
tcp 10.0.0.2:53747 192.168.1.1:53747 123.151.190.158:80 123.151.190.158:80
tcp 10.0.0.2:53742 192.168.1.1:53742 14.215.140.28:80 14.215.140.28:80
tcp 10.0.0.2:53740 192.168.1.1:53740 180.76.76.112:443 180.76.76.112:443
udp 10.0.0.2:57381 192.168.1.1:57381 114.114.114.114:53 114.114.114.114:53
udp 10.0.0.2:7607 192.168.1.1:7607 116.179.34.69:8829 116.179.34.69:8829
tcp 10.0.0.2:53746 192.168.1.1:53746 117.144.243.160:80 117.144.243.160:80
udp 10.0.0.2:63563 192.168.1.1:63563 114.114.114.114:53 114.114.114.114:53
tcp 10.0.0.2:53743 192.168.1.1:53743 140.207.72.148:80 140.207.72.148:80
udp 10.0.0.2:56754 192.168.1.1:56754 114.114.114.114:53 114.114.114.114:53
tcp 10.0.0.2:64940 192.168.1.1:64940 110.242.70.51:80 110.242.70.51:80
tcp 10.0.0.2:53735 192.168.1.1:53735 153.37.235.46:5287 153.37.235.46:5287
tcp 10.0.0.2:53749 192.168.1.1:53749 59.82.31.169:443 59.82.31.169:443
udp 10.0.0.2:63591 192.168.1.1:63591 114.114.114.114:53 114.114.114.114:53
tcp 10.0.0.2:53744 192.168.1.1:53744 124.161.24.139:80 124.161.24.139:80
udp 10.0.0.2:52859 192.168.1.1:52859 114.114.114.114:53 114.114.114.114:53
tcp 10.0.0.2:53733 192.168.1.1:53733 59.82.31.169:443 59.82.31.169:443
tcp 10.0.0.2:53732 192.168.1.1:53732 113.96.213.20:80 113.96.213.20:80
tcp 10.0.0.2:53734 192.168.1.1:53734 153.37.235.46:5287 153.37.235.46:5287