环境描述:
实验环境是一般的企业网络架构,如下图所示。
目标:在AP中配置9个SSID,并通过DHCP服务器获取对应VLAN的IP地址。
DHCP服务器的配置和三层交换机的VLAN配置,DHCP中继配置就不再详述,如不明白,可以给我留言或查看我的其它博客。本文只重点介绍AP的配置。
配置思路如下:
1、创建SSID
2、在dot11Radio 0接口调用
3、创建dot11Radio 0.*子接口
4、创建GigabitEthernet0.*子接口
注意:AP连接的交换机端口的模式需要设置为Trunk.
配置完的结果如下,Cisco的配置可直接拷贝到配置模式下执行。可以直接拷贝以下的信息按你的需求修改。
Test_AP#sh run
Building configuration...
Current configuration : 8208 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Test_AP
!
logging rate-limit console 9
enable secret 5 $1$9JRr$7xB04nUsXesZ.p08rypkE/
!
no aaa new-model
!
!
dot11 syslog
dot11 vlan-name Test_WLAN_100 vlan 100
dot11 vlan-name Test_WLAN_101 vlan 101
dot11 vlan-name Test_WLAN_102 vlan 102
dot11 vlan-name Test_WLAN_103 vlan 103
dot11 vlan-name Test_WLAN_104 vlan 104
dot11 vlan-name Test_WLAN_105 vlan 105
dot11 vlan-name Test_WLAN_106 vlan 106
dot11 vlan-name Test_WLAN_107 vlan 107
dot11 vlan-name Test_WLAN_108 vlan 108
!
dot11 ssid Test_WLAN_100
vlan 100
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 06291C3B1C1F594953
!
dot11 ssid Test_WLAN_101
vlan 101
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 002B001C540A5B575D
!
dot11 ssid Test_WLAN_102
vlan 102
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 143801115C557A797D
!
dot11 ssid Test_WLAN_103
vlan 103
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 05241515711D1E5B4A
!
dot11 ssid Test_WLAN_104
vlan 104
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 143801115C557A7F75
!
dot11 ssid Test_WLAN_105
vlan 105
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 080E5F54594855424A
!
dot11 ssid Test_WLAN_106
vlan 106
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 080E5F545948554143
!
dot11 ssid Test_WLAN_107
vlan 107
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 153D1816547B7B737A
!
dot11 ssid Test_WLAN_108
vlan 108
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 032B4811565E711418
!
power inline negotiation prestandard source
!
!
username Cisco password 7 1531021F0725
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
encryption vlan 101 mode ciphers aes-ccm tkip
!
encryption vlan 102 mode ciphers aes-ccm tkip
!
encryption vlan 103 mode ciphers aes-ccm tkip
!
encryption vlan 104 mode ciphers aes-ccm tkip
!
encryption vlan 105 mode ciphers aes-ccm tkip
!
encryption vlan 106 mode ciphers aes-ccm tkip
!
encryption vlan 107 mode ciphers aes-ccm tkip
!
encryption vlan 108 mode ciphers aes-ccm tkip
!
ssid Test_WLAN_100
!
ssid Test_WLAN_101
!
ssid Test_WLAN_102
!
ssid Test_WLAN_103
!
ssid Test_WLAN_104
!
ssid Test_WLAN_105
!
ssid Test_WLAN_106
!
ssid Test_WLAN_107
!
ssid Test_WLAN_108
!
antenna gain 0
mbssid
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 101
bridge-group 101 subscriber-loop-control
bridge-group 101 block-unknown-source
no bridge-group 101 source-learning
no bridge-group 101 unicast-flooding
bridge-group 101 spanning-disabled
!
interface Dot11Radio0.102
encapsulation dot1Q 102
no ip route-cache
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
bridge-group 102 spanning-disabled
!
interface Dot11Radio0.103
encapsulation dot1Q 103
no ip route-cache
bridge-group 103
bridge-group 103 subscriber-loop-control
bridge-group 103 block-unknown-source
no bridge-group 103 source-learning
no bridge-group 103 unicast-flooding
bridge-group 103 spanning-disabled
!
interface Dot11Radio0.104
encapsulation dot1Q 104
no ip route-cache
bridge-group 104
bridge-group 104 subscriber-loop-control
bridge-group 104 block-unknown-source
no bridge-group 104 source-learning
no bridge-group 104 unicast-flooding
bridge-group 104 spanning-disabled
!
interface Dot11Radio0.105
encapsulation dot1Q 105
no ip route-cache
bridge-group 105
bridge-group 105 subscriber-loop-control
bridge-group 105 block-unknown-source
no bridge-group 105 source-learning
no bridge-group 105 unicast-flooding
bridge-group 105 spanning-disabled
!
interface Dot11Radio0.106
encapsulation dot1Q 106
no ip route-cache
bridge-group 106
bridge-group 106 subscriber-loop-control
bridge-group 106 block-unknown-source
no bridge-group 106 source-learning
no bridge-group 106 unicast-flooding
bridge-group 106 spanning-disabled
!
interface Dot11Radio0.107
encapsulation dot1Q 107
no ip route-cache
bridge-group 107
bridge-group 107 subscriber-loop-control
bridge-group 107 block-unknown-source
no bridge-group 107 source-learning
no bridge-group 107 unicast-flooding
bridge-group 107 spanning-disabled
!
interface Dot11Radio0.108
encapsulation dot1Q 108
no ip route-cache
bridge-group 108
bridge-group 108 subscriber-loop-control
bridge-group 108 block-unknown-source
no bridge-group 108 source-learning
no bridge-group 108 unicast-flooding
bridge-group 108 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
no keepalive
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface GigabitEthernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 101
no bridge-group 101 source-learning
bridge-group 101 spanning-disabled
!
interface GigabitEthernet0.102
encapsulation dot1Q 102
no ip route-cache
bridge-group 102
no bridge-group 102 source-learning
bridge-group 102 spanning-disabled
!
interface GigabitEthernet0.103
encapsulation dot1Q 103
no ip route-cache
bridge-group 103
no bridge-group 103 source-learning
bridge-group 103 spanning-disabled
!
interface GigabitEthernet0.104
encapsulation dot1Q 104
no ip route-cache
bridge-group 104
no bridge-group 104 source-learning
bridge-group 104 spanning-disabled
!
interface GigabitEthernet0.105
encapsulation dot1Q 105
no ip route-cache
bridge-group 105
no bridge-group 105 source-learning
bridge-group 105 spanning-disabled
!
interface GigabitEthernet0.106
encapsulation dot1Q 106
no ip route-cache
bridge-group 106
no bridge-group 106 source-learning
bridge-group 106 spanning-disabled
!
interface GigabitEthernet0.107
encapsulation dot1Q 107
no ip route-cache
bridge-group 107
no bridge-group 107 source-learning
bridge-group 107 spanning-disabled
!
interface GigabitEthernet0.108
encapsulation dot1Q 108
no ip route-cache
bridge-group 108
no bridge-group 108 source-learning
bridge-group 108 spanning-disabled
!
interface BVI1
ip address 192.168.10.100 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
Test_AP#
本文出自 “海纳百川” 博客,转载请与作者联系!