拓扑如下图,我WLAN使用开放认证可以获取到IP地址,而使用WPA或者WPA2认证之后无法获取到IP地址,DHCP配置没有问题,那些PC都可以获取到业务VLAN的IP地址,而且开放认证的时候也都可以获取到IP地址。配置如下:
AC配置:
dis curr
#
snmp-agent local-engineid 800007DB03000000000000
undo snmp-agent community complexity-check disable
snmp-agent
#
http timeout 3
#
vlan batch 100 to 101
#
dhcp enable
#
diffserv domain default
#
pki realm default
enrollment self-signed
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@*bo]Dnyrm1\x`qC3g=d;3Uw}%@%@
local-user admin service-type http
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 192.168.101.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 100 to 101
#
interface Wlan-Ess0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface NULL0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan
wlan ac source interface vlanif100
ap-auth-mode no-auth
ap id 0 type-id 19 mac 00e0-fc03-6710 sn 21023544831012085732
wmm-profile name wmm id 0
traffic-profile name traffice id 0
security-profile name security id 0
security-policy wpa
wpa authentication-method psk pass-phrase cipher %@%@`8(;1SKs}R;EL:AN#)g(=.e\%@
%@ encryption-method tkip
service-set name service id 0
forward-mode tunnel
wlan-ess 0
ssid HUAWEI
traffic-profile id 0
security-profile id 0
service-vlan 101
radio-profile name radio id 0
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
#
return
交换机配置:
dis curr
#
sysname Huawei
#
vlan batch 100 to 101
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 101
#
interface Ethernet0/0/2
port link-type access
port default vlan 100
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return