第一步、配置基礎配置
<AC6005>system-view
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6005-GigabitEthernet0/0/1]quit
[AC6005]capwap source interface vlan 10
第二步、wlan配置
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth
[AC6005-wlan-view]regulatory-domain-profile name CN
[AC6005-wlan-regulate-domain-CN]country-code CN
[AC6005-wlan-regulate-domain-CN]quit
[AC6005-wlan-view]ap-group name ap-group
[AC6005-wlan-ap-group-ap-group]regulatory-domain-profile CN
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6005-wlan-ap-group-ap-group]quit
[AC6005-wlan-view]ssid-profile name wlan-ssid
[AC6005-wlan-ssid-prof-wlan-ssid]ssid 802.1X
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-view]security-profile name sec_802.1X #創建終端接入安全模板
[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes #認證方式dot1x
[AC6005-wlan-sec-prof-sec_802.1X]quit
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 11
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid
第三步、認證部分配置
[AC6005]radius-server template radius_temp #創建radius服務器模板
[AC6005-radius-radius_temp]radius-server authentication 192.168.14.254 1812 #radius認證服務器地址爲192.168.14.254,認證端口1812
[AC6005-radius-radius_temp]radius-server accounting 192.168.14.254 1813
[AC6005-radius-radius_temp]radius-server shared-key cipher 123456 #設置預共享密鑰123456
[AC6005-radius-radius_temp]radius-server user-name original #設備向RADIUS服務器發送的用戶名爲用戶原始輸入的用戶名
[AC6005-radius-radius_temp]undo radius-server user-name domain-included #輸入用戶名之後不需要附帶域名
[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456 #radius授權服務器地址爲192.168.14.254
[AC6005]aaa
[AC6005-aaa]authentication-scheme auth_scheme #創建認證方案
[AC6005-aaa-authen-auth_scheme]authentication-mode radius #認證模式爲radius
[AC6005-aaa]accounting-scheme account_scheme #創建計費方案
[AC6005-aaa-accounting-account_scheme]accounting-mode radius #計費模式爲radius
[AC6005-aaa-accounting-account_scheme]accounting realtime 15 #設置計費週期15分鐘
[AC6005-aaa-accounting-account_scheme]quit
[AC6005-aaa]domain radius_domain #創建域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme #綁定認證方案
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme #綁定計費方案
[AC6005-aaa-domain-radius_domain]radius-server radius_temp #綁定radius服務器模板
[AC6005-aaa-domain-radius_domain]quit
[AC6005]dot1x-access-profile name 802.1X #創建dot1x模板
[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X #創建認證模板
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X #應用dot1x模板
[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme #應用認證方案
[AC6005-authentication-profile-authen_802.1X]accounting-scheme account-scheme
[AC6005-authentication-profile-authen_802.1X]access-domain raduis_domain #應用接入域
[AC6005-authentication-profile-authen_802.1X]quit
[AC6005]wlan
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]
display ip pool interface vlanif2 used 查看dhcp使用多少地址
display station offline-record sta-mac 14cf-9208-9abf(終端MAC)#如果原因是The signal strength is too low表示終端信號低導致掉線
display aaa abnormal-offline-record all
display ap online-fail-record all #上線失敗記錄
display ap offline-record all #下線記錄