如下拓撲圖
- 配置AP上線,PC可以連接使用
![在這裏插入圖片描述]()
配置交換機
- SW1配置相關VLAN,配置接口類型
[SW1]vlan batch 10 20 30
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 10
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk pvid vlan 10
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 30
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20 30
- SW2配置相關VLAN,配置接口類型
[SW2]vlan batch 10 20 30
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20 30
配置AC
- AC配置相關VLAN,配置接口類型
[AC]vlan batch 10 20 30
[AC]int g0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30
- 配置管理VLAN
[AC]int Vlanif 10
[AC-Vlanif10]ip ad 10.1.1.1 24
- 創建AP組
[AC]wlan
[AC-wlan-view]ap-group name Bad
- 開啓基於接口的DHCP功能
[AC]dhcp enable
[AC]int Vlanif 10
[AC-Vlanif10]dhcp select interface
[AC-Vlanif10]int vlan 20
[AC-Vlanif20]ip ad 20.1.1.1 24
[AC-Vlanif20]dhcp select interface
[AC-Vlanif20]int vlan 30
[AC-Vlanif30]ip ad 30.1.1.1 24
[AC-Vlanif30]dhcp select interface
- 創建管理域,配置國家碼
[AC]wlan
[AC-wlan-view]regulatory-domain-profile name YGL //創建管理域模板
[AC-wlan-regulate-domain-YGL]country-code CN //配置AC國家碼
[AC-wlan-regulate-domain-YGL]q
[AC-wlan-view]ap-group name Bad //域管理綁定至AP組
[AC-wlan-ap-group-Bad]regulatory-domain-profile YGL //綁定域管理模板
- 建立capwap隧道
[AC]capwap source interface Vlanif 10
- 配置AP認證
# 配置AP1
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth //使用MAC地址認證
[AC-wlan-view]ap-mac 00E0-FC90-7B80 ap-id 0 //配置認證
[AC-wlan-ap-0]ap-group Bad //添加至AP組
# 配置AP2
[AC-wlan-view]ap-mac 00E0-FCC3-6E60 ap-id 1
[AC-wlan-ap-1]ap-group Bad
AC配置VAP模板
- 配置安全模板
[AC-wlan-view]security-profile name 1
- 配置SSID模板
[AC-wlan-view]ssid-profile name 1 //配置SSID模板1
[AC-wlan-ssid-prof-1]ssid 1 //SSID配置1
[AC-wlan-ssid-prof-1]q
[AC-wlan-view]ssid-profile name 2
[AC-wlan-ssid-prof-2]ssid 2
- VAP模板調用SSID模板
[AC]wlan
[AC-wlan-view]vap-profile name 1 //配置VAP模板1
[AC-wlan-vap-prof-1]forward-mode direct-forward //配置直接轉發
[AC-wlan-vap-prof-1]service-vlan vlan-id 20 //指定業務VLAN
[AC-wlan-vap-prof-1]security-profile 1 //調用安全模板
[AC-wlan-vap-prof-1]ssid-profile 1 //調用SSID模板
[AC-wlan-vap-prof-1]q
[AC-wlan-view]vap-profile name 2
[AC-wlan-vap-prof-2]forward-mode direct-forward
[AC-wlan-vap-prof-2]service-vlan vlan-id 30
[AC-wlan-vap-prof-2]security-profile 1
[AC-wlan-vap-prof-2]ssid-profile 2
配置AP
- 加入所有模板
[AC-wlan-view]ap-group name Bad
[AC-wlan-ap-group-Bad]vap-profile 1 wlan 1 radio all
[AC-wlan-ap-group-Bad]vap-profile 2 wlan 2 radio all
實驗完成效果圖
以上內容均屬原創,如有不詳或錯誤,敬請指出。
本文鏈接:
https://blog.csdn.net/qq_45668124/article/details/105958730
版權聲明:
本博客所有文章除特別聲明外,均採用
CC BY-NC-SA 4.0
許可協議。轉載請註明出處!