1.基础配置
管理vlan
dhcp
capwap【源接机】
路由
2.AP认证
3 WLAN
安全
SSID
VAP
VAP模块
AC1:属于数据俩露出2层
配置AC1上端口VLAN的配置
int vlanif 1
ip add 10.0.10.254 24
quit
配置VLANIF接口DHCP功能
dhcp enable
int vlanif 1
dhcp select interface
dhcp server excluded-ip-address 10.0.10.254
quit
配置AP上线
创建AP组
capwap source interface vlanif 1
wlan
ap-id 1 ap-mac 00E0-FCD2-69C0
ap-name AP1
quit
ap-id 2 ap-mac 00E0-FCE6-6F00
ap-name AP2
quit
quit
将AP绑定AP组中
wlan
ap auth-mode mac-auth
quit
dis ap all
配置WLAN的业务参数
配置安全模板
wlan
security-profile name sec-cfg-1
security wpa-wpa2 psk pass-phrase abcd1111 aes
quit
创建SSID模板
ssid-profile name ssid-cfg-1
ssid wifi-2.4G
quit
ssid-profile name ssid-cfg-2
ssid wifi-5G
创建VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
vap-profile name vap-cfg-1
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-1
quit
引用安全和VAP
vap-profile name vap-cfg-2
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-2
quit
进入AP1:5G-1;2,4G-0
ap-name AP1
vap-profile vap-cfg-1 wlan 1 radio 0
vap-profile vap-cfg-2 wlan 1 radio 1
quit
ap-name AP2
vap-profile vap-cfg-1 wlan 1 radio 0
vap-profile vap-cfg-2 wlan 1 radio 1
quit
quit
STA1:
SWA1:
AP1:
00-E0-FC-D2-69-C0
00-E0-FC-E6-6F-00
实现无线局域网
在4个AP划分VLAN
四台笔记本化VLAN 11
手机 VLAN
业务数据VLAN 11 12
管理数据 VLAN10
先启动SW、RS1、AC1
SW1:
vlan batch 10 11 12
int e0/0/1
port link-type trunk
port trunk pvid vlan 10 //管理
port trunk allow-pass vlan 10 11 12
quit
int e0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 11 12
quit
int g0/0/1
port link-type trunk
port trunk allow-pass vlan 10 11 12
quit
SW2同
RS1:
vlan batch 10 to 12 100
int g0/0/2
port link-type trunk
port trunk allow-pass vlan 10 11 12
quit
int g0/0/3
port link-type trunk
port trunk allow-pass vlan 10 11 12
quit
int g0/0/1
port link-type access
port default vlan 100
quit
int vlanif 100
ip add 10.0.0.1 30
quit
int vlanif 10
配地址VLAN 11 12
配置中机
dhcp enable
int vlanif 10
dhcp select relay
dhcp relay server-ip 10.0.0.2
quit
int vlanif 11
dhcp select relay
dhcp relay server-ip 10.0.0.2
quit
int vlanif 12
dhcp select relay
dhcp relay server-ip 10.0.0.2
quit
AC1:
VLAN的配置
vlan 100
quit
int g0/0/1
port link-type access
port default vlan 100
quit
int vlanif 100
ip add 10.0.0.2 30
quit
VLANIF接口DHCP功能
dhcp enable
int vlanif 100
dhcp select global
quit
ip pool pool-vlan10
network 192.168.100.0 mask 24
gateway-list 192.168.100.254
option 43 sub-option 3 ascii 10.0.0.2
ZJ:
AP1:00E0-FCC2-5410
AP2:00E0-FC1D-1420
AP3:00E0-FC40-5670
AP4:00E0-FC74-3450
capwap【源接机】
capwap source interface vlanif 100
wlan
ap-id 1 ap-mac 00E0-FCC2-5410
ap-name AP1
quit
ap-id 2 ap-mac 00E0-FC1D-1420
ap-name AP2
quit
ap-id 3 ap-mac 00E0-FC40-5670
ap-name AP3
quit
ap-id 4 ap-mac 00E0-FC74-3450
ap-name AP4
quit
quit
路由["[]下配置“
ip route-static 192.168.100.0 24 10.0.0.1
ip route-static 192.168.64.0 23 10.0.0.1
2.AP认证
wlan
ap auth-mode mac-auth
quit
dis ap all
3 WLAN
安全
wlan
security-profile name sec-cfg-1
security wpa-wpa2 psk pass-phrase abcd1111 aes
security wpa-wpa2 psk pass-phrase a123 aes
quit
SSID
ssid-profile name ssid-cfg-1
ssid wifi-2G
quit
ssid-profile name ssid-cfg-2
ssid wifi-5G
quit
VAP
VAP模块
vap-profile name vap-cfg-1
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-1
quit
vap-profile name vap-cfg-2
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-2
quit
进入AP1:5G-1;2,3G-0
ap-name AP1
vap-profile vap-cfg-1 wlan 1 radio 0
vap-profile vap-cfg-2 wlan 1 radio 1
quit
ap-name AP2
vap-profile vap-cfg-1 wlan 1 radio 0
vap-profile vap-cfg-2 wlan 1 radio 1
quit
再加:
SSID
ssid-profile name ssid-cfg-3
ssid wifi-3G
quit
ssid-profile name ssid-cfg-4
ssid wifi-4G
quit
VAP
VAP模块
vap-profile name vap-cfg-3
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-3
quit
vap-profile name vap-cfg-4
forward-mode direct-forward
security-profile sec-cfg-1
ssid-profile ssid-cfg-4
quit
ap-name AP3
vap-profile vap-cfg-1 wlan 1 radio 0
vap-profile vap-cfg-3 wlan 1 radio 1
quit
ap-name AP4
vap-profile vap-cfg-4 wlan 1 radio 0
vap-profile vap-cfg-2 wlan 1 radio 1
quit
quit