无线1

无线1_第1张图片

 

 

 

企业网中SSID
一个Guest,一个Internet,连接到Guest的外来用户只能访问内部业务,连接到Internet的用户可以访问互联网。
要求:

Guest连接的用户归纳到VLAN100,Internet连接的用户归纳到VLAN200,

Guest为开放式认证,Internet为WPA2认证,密钥为123456789, 

两个AP分别发送一个SSID的两个频段,其中AP1负责SSID:
Guest的下发,AP2负责SSID:Internet的下发

VLAN及端口配置

[AC6605]vlan batch 100 200

[AC6605]interface g0/0/10

[AC6605-GigabitEthernet0/0/10]port link-type trunk

[AC6605-GigabitEthernet0/0/10]port trunk allow vlan all
————————————————

接口地址配置
[AC6605]interface vlan 1

[AC6605-Vlanif1]ip address 192.168.1.254 24

[AC6605]interface vlan 100

[AC6605-Vlanif100]ip address 192.168.100.254 24

[AC6605]interface vlan 200

[AC6605-Vlanif200]ip address 192.168.200.254 24

DHCP地址池及关联接口配置
[AC6605]dhcp enable

[AC6605]ip pool vlan1

[AC6605-ip-pool-vlan1]network 192.168.1.0 mask 24

[AC6605-ip-pool-vlan1]gateway 192.168.1.254

[AC6605-ip-pool-vlan1]option 43 sub-option 2 ip-address 192.168.1.254

[AC6605]ip pool vlan100

[AC6605-ip-pool-vlan100]network 192.168.100.0 mask 24

[AC6605-ip-pool-vlan100]gateway 192.168.100.254

[AC6605]ip pool vlan200

[AC6605-ip-pool-vlan200]network 192.168.200.0 mask 24

[AC6605-ip-pool-vlan200]gateway 192.168.200.254

[AC6605]interface vlan 1

[AC6605-Vlanif1]dhcp select global

[AC6605]interface vlan 100

[AC6605-Vlanif100]dhcp select global 

[[AC6605]interface vlan 200

[AC6605-Vlanif200]dhcp select global
————————————————

WLAN无线配置
[AC6605]capwap source interface vlan 1

————————————————

##设置CAPWAP隧道地址

[AC6605]wlan

[AC6605-wlan-view]ap whitelist mac 00e0-fc22-24b0

[AC6605-wlan-view]ap whitelist mac 00e0-fcd3-49b0

————————————————

##设置AP白名单,在做任何配置之前,先确保AP成功上线

[AC6605-wlan-view]ssid-profile name Guest

[AC6605-wlan-ssid-prof-Guest]ssid Guest

[AC6605-wlan-view]ssid-profile name Internet

[AC6605-wlan-ssid-prof-Internet]ssid Internet

————————————————

##配置SSID模版

[AC6605-wlan-view]security-profile name Guest

[AC6605-wlan-sec-prof-Guest]security open

[AC6605-wlan-view]security-profile name Internet

[AC6605-wlan-sec-prof-Internet]security wpa2 psk pass-phrase 123456789 aes

————————————————

##配置认证模版

[AC6605-wlan-view]vap-profile name Guest

[AC6605-wlan-vap-prof-Guest]ssid-profile Guest

[AC6605-wlan-vap-prof-Guest]security-profile Guest

[AC6605-wlan-vap-prof-Guest]service-vlan vlan-id 100

[AC6605-wlan-vap-prof-Guest]forward-mode direct-forward

————————————————

##创建名为Guest的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN

[AC6605-wlan-view]vap-profile name Internet

[AC6605-wlan-vap-prof-Internet]ssid Internet

[AC6605-wlan-vap-prof-Internet]security-profile Internet

[AC6605-wlan-vap-prof-Internet]service-vlan vlan-id 200

[AC6605-wlan-vap-prof-Internet]forward-mode direct-forward

————————————————

##创建名为Internet的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN

[AC6605-wlan-view]ap-id 0

[AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 0

[AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 1

[AC6605-wlan-view]ap-id 1

[AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 0

[AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 1

结果

无线1_第2张图片

 

 

 

Internet登陆需要密码

无线1_第3张图片

 

 

 无线1_第4张图片

 

Guest登陆不需要密码:

 

 无线1_第5张图片

 

 

 无线1_第6张图片

 

转载于:https://www.cnblogs.com/TiAmoLJ/p/11461487.html

你可能感兴趣的:(无线1)