1、实验拓扑
2、实验步骤
(1)了解cisco AP默认出厂配置
hostname ap //默认主机名
enable secret Cisco //默认密码,注意是大写的C
username Cisco password Cisco //默认的用户名和密码,注意是大写的C
interface Dot11Radio0 //默认无线接口是关闭的,要记得no shutdown
shutdown
interface FastEthernet0 //默认有线接口F0是打开的
no shutdown
interface BVI1 //AP的管理接口
ip address 10.0.0.1 255.0.0.0
ip http server //默认HTTP是打开
line con 0 //默认console是没有密码
line vty 0 4 //默认用本地的用户和密码进VTY进行认证
login local
(2)基本配置
- ap>enable
- Password:
- ap#configure terminal
- Enter configuration commands, one per line. End with CNTL/Z.
- ap(config)#interface bvI 1
- ap(config-if)#ip add 10.1.1.11 255.255.255.0
- ap(config-if)#no shut
- ap(config-if)#exit
- ap(config)#ip default-gateway 10.1.1.1
(2)配置SSID和KEY
- ap(config)#dot11 ssid dba //对SSID为dba进行配置
- ap(config-ssid)#authentication open //配置验证方式为open
- ap(config-ssid)#authentication key-management wpa //配置WPA加密
- ap(config-ssid)#wap-psk ascii 1234567890 //配置密码
- ap(config-ssid)#guest-mode //广播SSID,让用户可以看到
- ap(config-ssid)#exit
- ap(config)#interface dot11Radio 0 //进入无线接口
- ap(config-if)#encryption mode ciphers tkip //配置加密方式为TKIP
- ap(config-if)#no shut //关联SSID到无线接口
- ap(config-if)#end
(3)查看配置
- ap#show dot11 bssid
- Interface BSSID Guest SSID
- Dot11Radio0 001d.71e2.7060 Yes dba
(4)查看验证与加密
- ap#show dot11 associations all-client
- Address : bc76.708a.47f4 Name : NONE
- IP Address : 0.0.0.0 Interface : Dot11Radio 0
- Device : unknown Software Version : NONE
- CCX Version : NONE Client MFP : Off
- State : Assoc Parent : self
- SSID : dba
- VLAN : 0
- Hops to Infra : 1 Association Id : 1
- Clients Associated: 0 Repeaters associated: 0
- Tunnel Address : 0.0.0.0
- Key Mgmt type : WPAv2 PS Encryption : TKIP
- Current Rate : 54.0 Capability : WMM ShortHdr ShortSlot
- Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
- Voice Rates : disabled
- Signal Strength : -40 dBm Connected for : 38 seconds
- Signal to Noise : 48 dBm Activity Timeout : 60 seconds
- Power-save : On Last Activity : 0 seconds ago
- Apsd DE AC(s) : NONE
- Packets Input : 177 Packets Output : 9
- Bytes Input : 11596 Bytes Output : 1584
- Duplicates Rcvd : 0 Data Retries : 0
- Decrypt Failed : 0 RTS Retries : 0
- MIC Failed : 0 MIC Missing : 0
- Packets Redirected: 0 Redirect Filtered: 0
- Session timeout : 0 seconds
- Reauthenticate in : never
(4)测试
(5)配置文件
- ap#show running-config
- Building configuration...
- Current configuration : 1263 bytes
- !
- version 12.4
- no service pad
- service timestamps debug datetime msec
- service timestamps log datetime msec
- service password-encryption
- !
- hostname ap
- !
- enable secret 5 $1$n0fn$QUTdypb/n1aa1d7FXLkTD0
- !
- no aaa new-model
- !
- resource policy
- !
- ip subnet-zero
- !
- !
- !
- dot11 ssid dba
- authentication open
- authentication key-management wpa version 2
- guest-mode
- wpa-psk ascii 7 03550958525A771B165049
- !
- !
- !
- username Cisco password 7 112A1016141D
- !
- bridge irb
- !
- !
- interface Dot11Radio0
- no ip address
- no ip route-cache
- !
- encryption mode ciphers tkip
- !
- ssid dba
- !
- station-role root
- bridge-group 1
- bridge-group 1 subscriber-loop-control
- bridge-group 1 block-unknown-source
- no bridge-group 1 source-learning
- no bridge-group 1 unicast-flooding
- bridge-group 1 spanning-disabled
- !
- interface FastEthernet0
- no ip address
- no ip route-cache
- duplex auto
- speed auto
- bridge-group 1
- no bridge-group 1 source-learning
- bridge-group 1 spanning-disabled
- !
- interface BVI1
- ip address 10.1.1.11 255.255.255.0
- no ip route-cache
- !
- ip default-gateway 10.1.1.1
- ip http server
- no ip http secure-server
- ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
- !
- control-plane
- !
- bridge 1 route ip
- !
- !
- !
- line con 0
- line vty 0 4
- login local
- !
- end
转载于:https://blog.51cto.com/ganxing/754852
660
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
