AIR-AP1131AG-C-K9 with 802.1x configuration
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
no logging console
enable secret 5 *
!
aaa new-model
!
!
aaa group server radius abc
server * auth-port 1812 acct-port 1813
!
aaa group server radius rad_acct
server * auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login eap_methods group abc
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
ip domain name abc
ip name-server *
!
!
dot11 vlan-name a vlan 80
dot11 vlan-name b vlan 30
dot11 vlan-name c vlan 50
dot11 vlan-name d vlan 20
dot11 vlan-name default vlan 1
!
dot11 ssid abc
vlan 50
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
accounting acct_methods
guest-mode
!
dot11 arp-cache
power inline negotiation prestandard source
!
!
username cisco secret 5 *
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 50 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
encryption vlan 30 mode ciphers tkip
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 80 mode ciphers tkip
!
broadcast-key vlan 50 change 3600
!
broadcast-key vlan 20 change 3600
!
broadcast-key vlan 30 change 3600
!
broadcast-key vlan 1 change 3600
!
broadcast-key vlan 80 change 3600
!
!
ssid abc
!
channel 2462
station-role root
world-mode dot11d country CN indoor
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
!
interface Dot11Radio0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
!
interface FastEthernet0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
no bridge-group 80 source-learning
bridge-group 80 spanning-disabled
!
interface BVI1
ip address * (此ip定属于native vlan)
no ip route-cache
!
ip default-gateway *
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
ip access-list standard abc
permit *
!
radius-server attribute 32 include-in-access-req format %h
radius-server host * auth-port 1812 acct-port 1813 key 7 *
radius-server directed-request
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
access-class abc in
exec-timeout 0 0
password 7 *
!
end
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
no logging console
enable secret 5 *
!
aaa new-model
!
!
aaa group server radius abc
server * auth-port 1812 acct-port 1813
!
aaa group server radius rad_acct
server * auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login eap_methods group abc
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
ip domain name abc
ip name-server *
!
!
dot11 vlan-name a vlan 80
dot11 vlan-name b vlan 30
dot11 vlan-name c vlan 50
dot11 vlan-name d vlan 20
dot11 vlan-name default vlan 1
!
dot11 ssid abc
vlan 50
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
accounting acct_methods
guest-mode
!
dot11 arp-cache
power inline negotiation prestandard source
!
!
username cisco secret 5 *
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 50 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
encryption vlan 30 mode ciphers tkip
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 80 mode ciphers tkip
!
broadcast-key vlan 50 change 3600
!
broadcast-key vlan 20 change 3600
!
broadcast-key vlan 30 change 3600
!
broadcast-key vlan 1 change 3600
!
broadcast-key vlan 80 change 3600
!
!
ssid abc
!
channel 2462
station-role root
world-mode dot11d country CN indoor
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
!
interface Dot11Radio0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
!
interface FastEthernet0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
no bridge-group 80 source-learning
bridge-group 80 spanning-disabled
!
interface BVI1
ip address * (此ip定属于native vlan)
no ip route-cache
!
ip default-gateway *
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
ip access-list standard abc
permit *
!
radius-server attribute 32 include-in-access-req format %h
radius-server host * auth-port 1812 acct-port 1813 key 7 *
radius-server directed-request
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
access-class abc in
exec-timeout 0 0
password 7 *
!
end
Notice: 上联端口配置成Trunk,Native Vlan在此例中被配置为Vlan 1(默认);
#sh run int g0/1
Building configuration...
Building configuration...
Current configuration : 104 bytes
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,20,30,50,80
switchport mode trunk
end
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,20,30,50,80
switchport mode trunk
end
本文出自 “sukhoi” 博客,谢绝转载!