笔记
1、基础配置
[AC6605]vlan 10
[AC6605-vlan10]description AP-Management-vlan
[AC6605-vlan10]vlan 100
[AC6605-vlan100]description service-vlan
[AC6605-vlan100]quit
[AC6605]dhcp enable
[AC6605]int vlan 10
[AC6605-Vlanif10]ip add 192.168.10.1 24
[AC6605-Vlanif10]dhcp select interface
[AC6605-Vlanif10]dhcp server excluded-ip-address 192.168.10.1 192.168.10.10
[AC6605-Vlanif10]int vlan 100
[AC6605-Vlanif100]description service
[AC6605-Vlanif100]ip add 192.168.100.1 22
[AC6605-Vlanif100]dhcp select interface
[AC6605-Vlanif100]dhcp server excluded-ip-address 192.168.100.1 192.168.100.10
[AC6605-Vlanif100]dhcp server dns-list 202.106.0.20 114.114.114.114
[AC6605-Vlanif100]quit
[AC6605]capwap source interface Vlanif 10 #配置AC的源接口
[AC6605]ip route-static 0.0.0.0 0 192.168.10.2 description route-to-Core-SW
[AC6605]interface g0/0/1
[AC6605-GigabitEthernet0/0/1]description link-to-A-building-1F-3Room-AP
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk pvid vlan 10
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 100
[AC6605-GigabitEthernet0/0/1]quit
2、无线部分
[AC6605]wlan
[AC6605-wlan-view]ap auth-mode mac-auth #添加AP方式MAC认证
[AC6605-wlan-view]regulatory-domain-profile name domain # 创建域管理模板
[AC6605-wlan-regulate-domain-domain]country-code CN #配置AC的国家码
[AC6605-wlan-regulate-domain-domain]quit
[AC6605-wlan-view]security-profile name security #创建安全模板
[AC6605-wlan-sec-prof-security]security open #安全为开放
[AC6605-wlan-sec-prof-security]quit
[AC6605-wlan-view]ssid-profile name ssid #创建SSID模板
[AC6605-wlan-ssid-prof-ssid]ssid Free-WIFI #SSID名称为Free-WIFI
[AC6605-wlan-ssid-prof-ssid]quit
[AC6605-wlan-view]vap-profile name vap #创建VAP模板
[AC6605-wlan-vap-prof-vap]ssid-profile ssid #引用SSID模板
[AC6605-wlan-vap-prof-vap]security-profile security #引用安全模板
[AC6605-wlan-vap-prof-vap]service-vlan vlan-id 100 #引用业务vlan
[AC6605-wlan-vap-prof-vap]forward-mode tunnel #转发模式为隧道模式
[AC6605-wlan-vap-prof-vap]quit
3、MESH部分配置
[AC6605-wlan-view]security-profile name security1 #配置Mesh链路使用的安全模板
[AC6605-wlan-sec-prof-security1]security wpa2 psk pass-phrase e123qwer aes
[AC6605-wlan-sec-prof-security1]quit
[AC6605-wlan-view] mesh-profile name mesh-profile
[AC6605-wlan-mesh-prof-mesh-profile] security-profile security1
[AC6605-wlan-mesh-prof-mesh-profile] mesh-id mesh-net
[AC6605-wlan-mesh-prof-mesh-profile]link-aging-time 30
[AC6605-wlan-mesh-prof-mesh-profile]quit
[AC6605-wlan-view] ap-system-profile name ap-system
[AC6605-wlan-ap-system-prof-ap-system] mesh-role mesh-portal
[AC6605-wlan-ap-system-prof-ap-system]quit
[AC6605-wlan-view]mesh-whitelist-profile name mesh-whitelist
[AC6605-wlan-mesh-whitelist-mesh-whitelist]peer-ap mac 00e0-fc20-4320
[AC6605-wlan-mesh-whitelist-mesh-whitelist]peer-ap mac 00e0-fc04-4a50
[AC6605-wlan-mesh-whitelist-mesh-whitelist]quit
[AC6605-wlan-view]wired-port-profile name wired-port
[AC6605-wlan-wired-port-wired-port]vlan tagged 10 100
[AC6605-wlan-wired-port-wired-port]quit
[AC6605-wlan-view]ap-group name mmp-group
[AC6605-wlan-ap-group-mmp-group]regulatory-domain-profile domain
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-service-group]vap-profile vap wlan 1 radio all
[AC6605-wlan-ap-group-serivce-group]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [1]
----------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
----------------------------------------------------------------------------------------------------
0 00e0-fc04-4a50 00e0-fc04-4a50 default 192.168.10.67 AP2050DN nor 0 51S
----------------------------------------------------------------------------------------------------
Total: 1
[AC6605-wlan-ap-group-serivce-group]quit
[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-group mmp-group
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc20-4320
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]ap-group name mp-group
[AC6605-wlan-ap-group-mp-group]regulatory-domain-profile domain
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-mp-group]vap-profile vap wlan 2 radio all
[AC6605-wlan-ap-group-mp-group]quit
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-group mp-group
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]ap-group name mp-group
[AC6605-wlan-ap-group-mp-group]radio 1
[AC6605-wlan-group-radio-mp-group/1]channel 20 157
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-group-radio-mp-group/1]mesh-whitelist-profile mesh-whitelist
[AC6605-wlan-group-radio-mp-group/1]quit
[AC6605-wlan-ap-group-mp-group]wired-port-profile wired-port gigabitethernet 0
[AC6605-wlan-ap-group-mp-group]ap-system-profile ap-system
[AC6605-wlan-ap-group-mp-group]quit
[AC6605-wlan-view]ap-group name mmp-group
[AC6605-wlan-ap-group-mmp-group]radio 1
[AC6605-wlan-group-radio-mmp-group/1]channel 20 157
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-group-radio-mmp-group/1]mesh-whitelist-profile mesh-whitelist
[AC6605-wlan-group-radio-mmp-group/1]quit
[AC6605-wlan-ap-group-mmp-group]quit
[AC6605-wlan-ap-group-mmp-group]wired-port-profile wired-port gigabitethernet 0
system-view
vlan 10
description AP-Management-vlan
vlan 100
description service-vlan
quit
dhcp enable
int vlan 10
ip add 192.168.10.1 24
dhcp select interface
dhcp server excluded-ip-address 192.168.10.1 192.168.10.10
int vlan 100
description service
ip add 192.168.100.1 22
dhcp select interface
dhcp server excluded-ip-address 192.168.100.1 192.168.100.10
dhcp server dns-list 202.106.0.20 114.114.114.114
quit
capwap source interface Vlanif 10
ip route-static 0.0.0.0 0 192.168.10.2 description route-to-Core-SW
interface g0/0/1
description link-to-A-building-1F-3Room-AP
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100
quit
wlan
ap auth-mode no-auth
ap auth-mode mac-auth
regulatory-domain-profile name domain
country-code CN
quit
security-profile name security
security open
quit
security-profile name security1
security wpa2 psk pass-phrase e123qwer aes
quit
ssid-profile name ssid
ssid Free-WIFI
quit
vap-profile name vap
ssid-profile ssid
security-profile security
service-vlan vlan-id 100
forward-mode tunnel
quit
mesh-profile name mesh-profile
security-profile security1
mesh-id mesh-net
quit
ap-system-profile name ap-system
mesh-role mesh-portal
quit
ap-group name service-group
ap-system-profile ap-system
y
mesh-whitelist-profile name mesh-whitelist
peer-ap mac 00e0-fc20-4320
peer-ap mac 00e0-fc04-4a50
quit
wired-port-profile name wired-port
vlan tagged 10 100
quit
ap-group name service-group
regulatory-domain-profile domain
y
vap-profile vap wlan 2 radio 1
quit
ap-id 0
ap-group service-group
y
ap-group name mp-group
regulatory-domain-profile domain
y
vap-profile vap wlan 2 radio 1
quit
ap-id 1
ap-group mp-group
y
quit
ap-group name mp-group
radio 1
channel 20 157
y
mesh-whitelist-profile mesh-whitelist
quit
wired-port-profile wired-port gigabitethernet 0
quit
ap-group name service-group
radio 1
channel 20 157
y
mesh-whitelist-profile mesh-whitelist
quit
wired-port-profile wired-port gigabitethernet 0