WLAN基础与简单认证
WLAN基础与认证(拓扑如下)
只是介绍一下命令行相关配置
1、sn认证
2、隧道转发
3、wpa2-psk 认证
相关命令:
交换机SW2
system-view
Dhcp enable
vlan batch 100 to 102
interface Ethernet 0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 101
interface Ethernet 0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 102
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102
汇聚交换机SW1
system-view
Dhcp enable
vlan batch 100 to 102
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 102
interface GigabitEthernet 0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 102
控制AC1:
<AC>system-view
[AC]Dhcp enable
[AC]vlan batch 100 to 102
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet 0/0/1]port link-type trunk
[AC-GigabitEthernet 0/0/1]port trunk allow-pass vlan 100 to 102
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
配置AC1为DHCP服务器
[AC]dhcp enable
[AC]interface vlanif100
[AC-Vlanif100]ip address 10.1.100.1 24
[AC-Vlanif100]dhcp select interface
[AC-Vlanif100]quit
[AC]interface vlanif101
[AC-Vlanif101]ip address 10.1.101.1 24
[AC-Vlanif101]dhcp select interface
[AC-Vlanif101]quit
[AC]interface vlanif102
[AC-Vlanif102]ip address 10.1.102.1 24
[AC-Vlanif102]dhcp select interface
[AC-Vlanif102]quit
创建域管理模板
[AC-wlan-view]regulatory-domain-profile name domain1
配置AC1的国家码
[AC-wlan-regulatory-domain-prof-domain1]country-code CN
[AC-wlan-regulatory-domain-prof-domain1]quit
绑定域管理模板到AP组
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power-level and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
配置AC1的源接口(与AP建隧道)
capwap source interface vlanif vlan-id
capwap source ip-address ip-address
[AC]capwap source interface vlanif 100
配置AP认证方式sn-auth
[AC-wlan-view]ap auth-mode sn-auth
[AC-wlan-view]ap-id 0 ap-sn 210235448310A24B4346
[AC-wlan-ap-0]ap-group ap-group1
[AC-wlan-view]ap-id 1 ap-sn 2102354483102637536D
[AC-wlan-ap-1]ap-group ap-group1
[AC-wlan-view]quit
配置AC1的安全模板wpa2 psk
[AC-wlan-view]security-profile name security-1
[AC-wlan-sec-prof-security-1] security wpa2 psk pass-phrase 12345678 tkip
[AC-wlan-sec-prof-security-1] quit
配置SSID模板
[AC-wlan-view]ssid-profile name huawei-1
[AC-wlan-ssid-prof-wlan-ssid]ssid huawei-1
[AC-wlan-ssid-prof-wlan-ssid]quit
[AC-wlan-view]ssid-profile name huawei-2
[AC-wlan-ssid-prof-wlan-ssid]ssid huawei-2
[AC-wlan-ssid-prof-wlan-ssid]quit
配置VAP模板
[AC-wlan-view]vap-profile name huawei-1
[AC-wlan-vap-prof-wlan-vap1]forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap1]service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-vap1]security-profile security-1
[AC-wlan-vap-prof-wlan-vap1]ssid-profile huawei-1
[AC-wlan-vap-prof-wlan-vap1]quit
[AC-wlan-view]vap-profile name huawei-2
[AC-wlan-vap-prof-wlan-vap1]forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap1]service-vlan vlan-id 102
[AC-wlan-vap-prof-wlan-vap1]security-profile security-1
[AC-wlan-vap-prof-wlan-vap1]ssid-profile huawei-2
[AC-wlan-vap-prof-wlan-vap1]quit
绑定模板到AP组
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile huawei-1 wlan 1 radio all
[AC-wlan-ap-group-ap-group1]vap-profile huawei-2 wlan 2 radio all
[AC-wlan-ap-group-ap-group1]quit
连接huawei1
配置完成(如图)
附上wlan业务流程图
- 点赞
- 收藏
- 关注作者
评论(0)