在此之前,我们首先要做这些操作,能让AP正确的获取到业务vlan的地址
#
sysname AC
#
vlan batch 10 20 //创建vlan10 20
#
dhcp enable //开启dhcp服务
#
ip pool vlan20 //创建名为“vlan20”的地址池,用作业务vlan(即无线设备获取到的上网地址)
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
lease unlimited
dns-list 114.114.114.114 8.8.8.8
#
ip pool vlan10 //创建名为“vlan10”的地址池,用作管理vlan(AP设备自身的IP地址)
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
lease unlimited
dns-list 114.114.114.114 8.8.8.8
#
interface Vlanif10 //管理vlan的地址池
ip address 192.168.10.254 255.255.255.0
dhcp select global //获取地址的方式是全局获取
#
interface Vlanif20//业务vlan的地址池
ip address 192.168.20.254 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1 //这里为啥要设置PVID呢?因为AP不能识别tag标签
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
undo info-center enable //关闭烦人的信息提示
#
capwap source interface vlanif10 //选择源接口地址
1:创建AP组,方便后面其他AP加入此组,统一配置。
[AC] wlan
[AC-wlan-view] ap-group name HYDQ //创建组名为HYDQ的AP组
[AC-wlan-ap-group-ap-group1] quit
2:创建域管理模板,国家代码CN
[AC-wlan-view] regulatory-domain-profile name domain1 //创建姓名为domain1的模板
[AC-wlan-regulate-domain-domain1] country-code cn
3:进入新创建的AP组,调用刚才创建的模板。
[AC-wlan-view] ap-group name HYDQ
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1 //新创建的HYDQ的组调用新建的domain1域控模板
1:AP上线,将此AP加入新建的AP组(HYDQ)
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth //AP上线的方式是mac认证
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1 //这个AP的区域命名为are_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0] ap-group HYDQ //将此AP加入组HYDQ
到这里后,AP已经上线了,可以通过命令,display ap all 查看,如果出现的列表里,状态为:nor 即正常
[AC] capwap source interface vlanif 10
1:创建安全模板(包含认证方式和密码)
[AC-wlan-view] security-profile name A
[AC-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-security] quit
2:创建SSID模板,并配置SSID的名称为“HYDQ-OFFICE ”
[AC-wlan-view] ssid-profile name B
[AC-wlan-ssid-prof-wlan-ssid] ssid HYDQ-OFFICE
[AC-wlan-ssid-prof-wlan-ssid] quit
3:创建VAP模板,配置业务数据转发模式,业务vlan,并且引用安全模板和SSID模板
[AC-wlan-view] vap-profile name C
[AC-wlan-vap-prof-wlan-vap] forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap] service-vlan vlan-id 20 //这里的业务VLAN会觉得手机或者SAT工作站的IP地址取决于哪个VLAN
[AC-wlan-vap-prof-wlan-vap] security-profile A
[AC-wlan-vap-prof-wlan-vap] ssid-profile B
[AC-wlan-vap-prof-wlan-vap] quit
4:让AP组引用VAP模板
[AC-wlan-view] ap-group HYDQ
[AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 0 //0为2.4Ghz射频
[AC-wlan-ap-group-ap-group1] vap-profile C wlan 1 radio 1 //1为5Ghz射频
[AC-wlan-ap-group-ap-group1] quit
截至此时,AP已经配置完毕可以正常连接,工作站和手机搜到的名称为:HYDQ-OFFICE,密码是a1234567
[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio 0
[AC-wlan-radio-0/0] calibrate auto-channel-select disable
[AC-wlan-radio-0/0] calibrate auto-txpower-select disable
[AC-wlan-radio-0/0] channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0] eirp 127
[AC-wlan-radio-0/0] quit
[AC-wlan-ap-0] radio 1
[AC-wlan-radio-0/1] calibrate auto-channel-select disable
[AC-wlan-radio-0/1] calibrate auto-txpower-select disable
[AC-wlan-radio-0/1] channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1] eirp 127
[AC-wlan-radio-0/1] quit
[AC-wlan-ap-0] quit