无线AC基本配置注解

对配置进行拆解，其中各配置字段具体不清楚的可查配置手册。

本阶段只要熟悉配置，能用无线进行连接，获取IP，完成三种认证即可。

hostname AC-2	设备名
! aaa new-model ! ! aaa group server radius default server 50.1.1.2 ! ! aaa accounting update aaa accounting network default start-stop group radius aaa authentication dot1x default group radius ! ! radius-server host 50.1.1.2 radius-server key key ! ! security gsn enable security v2c community key	AAA记账与认证 1X认证时的服务器地址 1X认证时的radius key
vlan 40 name AP2-pool	AP的vlan
ip helper-address 40.1.1.1	DHCP获取地址，这里我放在57上
! ac-controller active-bin-file ap.bin location AC2 ap-serial serial2 AP220-E AP220-SE AP620-H ap-image ap.bin serial2 ac-name AC2-WS5302 !	配置AC信息与AP自动升级
! vlan 41 name 1X-auth ! vlan 42 name web-auth ! vlan 43 name mac-auth !	各种认证的vlan
! wlan-config 21 AC-2-1X AC-2--1X-SSID enable-broad-ssid ! ! wlan-config 22 AC-2-web AC-2-web-ssid enable-broad-ssid ! ! wlan-config 23 AC-2-mac AC-2-mac-ssid enable-broad-ssid !	配置各个wlan
! ap-group AP-2-group interface-mapping 21 41 interface-mapping 22 42 interface-mapping 23 43 !	AP组关联wlan与vlan
! ap-config ap-2 radio-type 2 802.11a radio-type 1 802.11b ap-group AP-2-group !	配置AP组中的AP
interface GigabitEthernet 0/1 switchport mode trunk description 57-g-0/2 !	配置与有线的接口
! interface Loopback 0 ip address 55.55.55.22 255.255.255.255 !	loopback
! wlansec 21 gsn address-bind security rsn enable security rsn akm 802.1x enable security rsn akm psk enable ! ! wlansec 22 gsn address-bind webauth ! ! wlansec 23 gsn address-bind dot1x-mab ! !	配置各类认证
interface VLAN 40 ip address 40.1.1.2 255.255.255.0 ! interface VLAN 41 ip address 41.1.1.2 255.255.255.0 ! interface VLAN 42 ip address 42.1.1.2 255.255.255.0 ! interface VLAN 43 ip address 43.1.1.2 255.255.255.0 !	Vlan地址
! ip route 0.0.0.0 0.0.0.0 40.1.1.1 !	路由
web-auth portal key key http redirect direct-site 40.1.1.1 arp http redirect homepage http://20.1.1.2:80/ess/webauthservlet http redirect 20.1.1.2 !	WEB认证时eportal设备管理中的web-auth portal key 放行网关
! snmp-server host 50.1.1.2 informs version 2c key web-auth snmp-server enable traps web-auth snmp-server community key rw !	Snmp 对应eportal系统配置里的Informs community 对应eportal系统配置与设备管理中的snmp community
line con 0 line vty 0 4 !	登录

 

##在AP到AC的中转设备（如S5750）上配置往loopback 55.55.55.55的地址指向AC，AP ping通loopback 即可 ip route 55.55.55.22 255.255.255.255 40.1.1.2

!

vlan 40

name AP2-pool

!

!

service dhcp

!

ip dhcp excluded-address 40.1.1.1 40.1.1.99

!

ip dhcp pool ap2-pool

option 138 ip 55.55.55.22

network 40.1.1.0 255.255.255.0

dns-server 192.168.5.119

default-router 40.1.1.1

!

!

interface VLAN 40

no ip proxy-arp

ip address 40.1.1.1 255.255.255.0

!

!

ip route 55.55.55.22 255.255.255.255 40.1.1.2

!