在此之前,我们首先要做这些操作,能让AP正确的获取到管理vlan的地址。
- #
- sysname AC
- #
- vlan batch 10 20 //创建vlan10 20
- #
- dhcp enable //开启dhcp服务
- #
- ip pool vlan20 //创建名为“vlan20”的地址池,用作业务vlan(即无线设备获取到的上网地址)
- gateway-list 192.168.20.254
- network 192.168.20.0 mask 255.255.255.0
- lease unlimited
- dns-list 114.114.114.114 8.8.8.8
- #
- ip pool vlan10 //创建名为“vlan10”的地址池,用作管理vlan(AP设备自身的IP地址)
- gateway-list 192.168.10.254
- network 192.168.10.0 mask 255.255.255.0
- lease unlimited
- dns-list 114.114.114.114 8.8.8.8
- #
- interface Vlanif10 //管理vlan的地址池
- ip address 192.168.10.254 255.255.255.0
- dhcp select global //获取地址的方式是全局获取
- #
- interface Vlanif20//业务vlan的地址池
- ip address 192.168.20.254 255.255.255.0
- dhcp select global
- #
- interface GigabitEthernet0/0/1
- //这里为啥要设置PVID呢?因为AP不能识别tag标签,就像路由器和PC一样,需要端口剥离标签来识别
- //事实上,此处的端口也可以设置为ACCESS类型
- port link-type trunk
- port trunk pvid vlan 10
- undo port trunk allow-pass vlan 1
- port trunk allow-pass vlan 10
- #
- undo info-center enable //关闭烦人的信息提示
- #
- capwap source interface vlanif10 //选择源接口地址
1:创建AP组,方便后面其他AP加入此组,统一配置。
- [AC] wlan
- [AC-wlan-view] ap-group name HYDQ //创建组名为HYDQ的AP组
- [AC-wlan-ap-group-ap-group1] quit
2:创建域管理模板,国家代码CN
- [AC-wlan-view] regulatory-domain-profile name domain1 //创建姓名为domain1的模板
- [AC-wlan-regulate-domain-domain1] country-code cn
3:进入新创建的AP组,调用刚才创建的模板。
- [AC-wlan-view] ap-group name HYDQ
- [AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1 //新创建的HYDQ的组调用新建的domain1域控模板
1:AP上线,将此AP加入新建的AP组(HYDQ)[
- AC] wlan
- [AC-wlan-view] ap auth-mode mac-auth //AP上线的方式是mac认证
- [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
- [AC-wlan-ap-0] ap-name area_1 //这个AP的区域命名为are_1
- Warning: This operation may cause AP reset. Continue? [Y/N]:y
- [AC-wlan-ap-0] ap-group HYDQ //将此AP加入组HYDQ
- 到这里后,AP已经上线了,可以通过命令,display ap all 查看,如果出现的列表里,状态为:nor 即正常
[AC] capwap source interface vlanif 10
1:创建安全模板(包含认证方式和密码)
- [AC-wlan-view] security-profile name A
- [AC-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes//a1234567是密码
- [AC-wlan-sec-prof-wlan-security] quit
2:创建SSID模板,并配置SSID的名称为“HYDQ-OFFICE ”
- [AC-wlan-view] ssid-profile name B
- [AC-wlan-ssid-prof-wlan-ssid] ssid HYDQ-OFFICE //上线后的AP 的WiFi名称
- [AC-wlan-ssid-prof-wlan-ssid] quit
3:创建VAP模板,配置业务数据转发模式,业务vlan,并且引用安全模板和SSID模板
- [AC-wlan-view] vap-profile name C//创建VAP模板,“C”
- [AC-wlan-vap-prof-wlan-vap] forward-mode tunnel//设置转发模式为隧道转发
- [AC-wlan-vap-prof-wlan-vap] service-vlan vlan-id 20 //这里的业务VLAN会觉得手机或者SAT工作站的IP地址取决于哪个VLAN
- [AC-wlan-vap-prof-wlan-vap] security-profile A//调用安全模板
- [AC-wlan-vap-prof-wlan-vap] ssid-profile B//调用SSID模板
- [AC-wlan-vap-prof-wlan-vap] quit
4:让AP组引用VAP模板
- [AC-wlan-view] ap-group HYDQ
- [AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 0 //0为2.4Ghz射频
- [AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 1 //1为5Ghz射频
- [AC-wlan-ap-group-ap-group1] quit
截至此时,AP已经配置完毕可以正常连接,工作站和手机搜到的名称为:HYDQ-OFFICE,密码是a1234567
- [AC-wlan-view] ap-id 0
- [AC-wlan-ap-0] radio 0
- [AC-wlan-radio-0/0] calibrate auto-channel-select disable
- [AC-wlan-radio-0/0] calibrate auto-txpower-select disable
- [AC-wlan-radio-0/0] channel 20mhz 6
- Warning: This action may cause service interruption. Continue?[Y/N]y
- [AC-wlan-radio-0/0] eirp 127
- [AC-wlan-radio-0/0] quit
- [AC-wlan-ap-0] radio 1
- [AC-wlan-radio-0/1] calibrate auto-channel-select disable
- [AC-wlan-radio-0/1] calibrate auto-txpower-select disable
- [AC-wlan-radio-0/1] channel 20mhz 149
- Warning: This action may cause service interruption. Continue?[Y/N]y
- [AC-wlan-radio-0/1] eirp 127
- [AC-wlan-radio-0/1] quit
- [AC-wlan-ap-0] quit
联系客服