本实验主要是掌握 AP认证上线的配置方法、各种无线配置模板、配置WLAN业务的基础流程。
主要配置如下:
1.WLAN有线侧、无线侧组网规划。
2.WLAN有线侧组网配置。
3.AP上线配置。
WLAN业务参数配置,包括:安全模板、SSID模板、VAP模板,最终在AP组中调用。
【实验背景】
1、S1交换机支持WLAN-AC功能(若实际环境所用交换机不支持,可用普通AC替代),作为AC使用(后面内容中的AC就是实际的S2交换机);
2、AC采用旁挂式组网,AC与AP处于同一个二层网络.
3、AC作为DHCP服务器给AP分配IP地址,S1交换机作为DHCP服务器给接入的STA分配IP地址。
4、业务数据采用直接转发模式。
第一步:参数规划
第二步:配置任务(思路):
1、配置有线网络侧互联互通;
2、配置AP上线
第三步:配置步骤
1.设备基础配置
1-1:登录设备:
1、PC已安装终端仿真程序(如Putty等)
2、准备好Console通讯电缆
1-2:关闭多余链路:
[S1] Int G 0/0/11
[S1-GigabitEthrnet0/0/11] shutdown
[S1-GigabitEthrnet0/0/11] Int G 0/0/12
[S1-GigabitEthrnet0/0/12] shutdown
1-3:开启POE功能:
[S3-GigabitEthrnet0/0/4] poe enable
[S4-GigabitEthrnet0/0/4] poe enable
2.有线侧网络配置
2-1:Vlan配置:
[S1] vlan batch 100 101
[S1-GigabitEthrnet0/0/13] port link-type trunk
[S1-GigabitEthrnet0/0/13] port trunk allow-pass vlan 100 101
[S1-GigabitEthrnet0/0/14] port link-type trunk
[S1-GigabitEthrnet0/0/14] port trunk allow-pass vlan 100 101
[S1-GigabitEthrnet0/0/10] port link-type trunk
[S1-GigabitEthrnet0/0/10] port trunk allow-pass vlan 100 101
[AC] vlan batch 100 101
[AC-GigabitEthrnet0/0/10] port link-type trunk
[AC-GigabitEthrnet0/0/10] port trunk allow-pass vlan 100 101
[S3] vlan batch 100 101
[S3-GigabitEthrnet0/0/1] port link-type trunk
[S3-GigabitEthrnet0/0/1] trunk allow-pass vlan 100 101
[S3-GigabitEthrnet0/0/4] port link-type trunk
[S3-GigabitEthrnet0/0/4] port trunk pvid vlan 100
[S3-GigabitEthrnet0/0/4] trunk allow-pass vlan 100 101
[S4] vlan batch 100 101
[S4-GigabitEthrnet0/0/1] port link-type trunk
[S4-GigabitEthrnet0/0/1] trunk allow-pass vlan 100 101
[S4-GigabitEthrnet0/0/4] port link-type trunk
[S4-GigabitEthrnet0/0/4] port trunk pvid vlan 100
[S4-GigabitEthrnet0/0/4] trunk allow-pass vlan 100 101
2-2:接口配置IP
[S1-vlanif101 ] ip add 192.168.101.254 24 /* STA网关
[S1] int Loopback
[S1-Loopback0 ] ip add 10.0.1.1 32 /*测试用
[AC-vlanif100 ] ip add 192.168.100.254 24
2-3:DHCP配置
[S1] dhcp enable
[S1] ip pool sta
[S1-ip-pool-sta] network 192.168.101.0 mask 24
[S1-ip-pool-sta] gateway-list 192.168.101.254
[S1-Vlanif101] dhcp select global
[AC] dhcp enable
[AC] ip pool ap
[AC-ip-pool-ap] network 192.168.100.0 mask 24
[AC-ip-pool-ap] gateway-list 192.168.100.254
[AC-Vlanif100] dhcp select global
3.配置AP上线
3-1:创建AP组
[AC] wlan
[AC-wlan-view] ap-group name ap-group1
3-2:配置域管理模板
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
Info:The current country code is same with the input country code.
3-3:引用域管理模板
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning:Modifying the country code will clear channel,power and antenna gain configurations of the radio adn reset the AP.Continue?[Y/N]: y /* 输 y 继续
3-4:配置CAPWAP隧道
[AC] capwap source interface Vlanif 100
3-5:配置AP1
[AC] wlan
[AC-Wlan-view] ap auth-mode mac-auth
[AC-Wlan-view] ap-id 0 ap-mac 00E0-FC11-7C80
[AC-Wlan-ap-0] ap-name ap1
[AC-Wlan-ap-0] ap-group ap-group1
Warning:This operation may causee AP reset,If the country code changes,it will clear channel,power and antenna gain configurations of the radio,Whether to continue?[Y/N]: y /* 输 y 继续
3-6:配置AP2
[AC] wlan
[AC-Wlan-view] ap auth-mode mac-auth
[AC-Wlan-view] ap-id 1 ap-mac 00E0-FC26-02D0
[AC-Wlan-ap-1] ap-name ap2
[AC-Wlan-ap-1] ap-group ap-group1
Warning:This operation may causee AP reset,If the country code changes,it will clear channel,power and antenna gain configurations of the radio,Whether to continue?[Y/N]: y /* 输 y 继续
3-7:查看当前AP信息
[AC] wlan
[AC-Wlan-view] dis ap all
4.配置WLAN业务参数
4-1:配置安全模板(security psk 命令用来配置 WPA/WPA2 的预共享密钥认证和加密)
[AC-Wlan-view] security-profile name HCIA-WLAN
[AC-wlan-sec-pro-HCIA-WLAN] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
4-2:配置SSID模板(创建名为:"HCIA-WLAN"的SSID模板,并配置SSID名称为"HCIA-WLAN")
[AC-Wlan-view] ssid-profile name HCIA-WLAN
[AC-Wlan-ssid-prof-HCIA-WLAN] ssid HCIA-WLAN
4-3:配置VAP模板
[AC-Wlan-view] vap-profile name HCIA-WLAN
[AC-Wlan-vap-prof-HCIA-WLAN] forward-mode direct-forward /*转发模式为直接转发
[AC-Wlan-vap-prof-HCIA-WLAN] service-vlan vlan-id 101
Info:This operation may take a few seconds,please wait.done.
[AC-Wlan-vap-prof-HCIA-WLAN] security-profile HCIA-WLAN
Info:This operation may take a few seconds,please wait.done.
[AC-Wlan-vap-prof-HCIA-WLAN] ssid-profile HCIA-WLAN
Info:This operation may take a few seconds,please wait.done.
4-4:引用VAP模板
[AC-Wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile HCIA-WLAN wlan 1 radio all
Info:This operation may take a few seconds,please wait.done.
<配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板"HCIA-WLAN"的配置>
结果验证:
1.使用无线终端接入到SSID为"HCIA-WLAN"的无线信号,查看STA获取的IP地址,同时访问S1的LoopBack0接口的IP地址(对10.0.1.1做ping测试)。
2.在STA连接的同时,在AC上使用命令:display station all查看STA信息。