本实验主要是掌握 AP认证上线的配置方法、各种无线配置模板、配置WLAN业务的基础流程。主要配置如下1.WLAN有线侧、无线侧组网规划。2.WLAN有线侧组网配置。3.AP上线配置。WLAN业务参数配置包括安全模板、SSID模板、VAP模板最终在AP组中调用。【实验背景】1、S1交换机支持WLAN-AC功能若实际环境所用交换机不支持可用普通AC替代作为AC使用后面内容中的AC就是实际的S2交换机2、AC采用旁挂式组网AC与AP处于同一个二层网络.3、AC作为DHCP服务器给AP分配IP地址S1交换机作为DHCP服务器给接入的STA分配IP地址。4、业务数据采用直接转发模式。第一步参数规划第二步配置任务思路1、配置有线网络侧互联互通2、配置AP上线第三步配置步骤1.设备基础配置1-1登录设备1、PC已安装终端仿真程序如Putty等2、准备好Console通讯电缆1-2关闭多余链路[S1] Int G 0/0/11[S1-GigabitEthrnet0/0/11] shutdown[S1-GigabitEthrnet0/0/11] Int G 0/0/12[S1-GigabitEthrnet0/0/12] shutdown1-3开启POE功能[S3-GigabitEthrnet0/0/4] poe enable[S4-GigabitEthrnet0/0/4] poe enable2.有线侧网络配置2-1Vlan配置[S1] vlan batch 100 101[S1-GigabitEthrnet0/0/13] port link-type trunk[S1-GigabitEthrnet0/0/13] port trunk allow-pass vlan 100 101[S1-GigabitEthrnet0/0/14] port link-type trunk[S1-GigabitEthrnet0/0/14] port trunk allow-pass vlan 100 101[S1-GigabitEthrnet0/0/10] port link-type trunk[S1-GigabitEthrnet0/0/10] port trunk allow-pass vlan 100 101[AC] vlan batch 100 101[AC-GigabitEthrnet0/0/10] port link-type trunk[AC-GigabitEthrnet0/0/10] port trunk allow-pass vlan 100 101[S3] vlan batch 100 101[S3-GigabitEthrnet0/0/1] port link-type trunk[S3-GigabitEthrnet0/0/1] trunk allow-pass vlan 100 101[S3-GigabitEthrnet0/0/4] port link-type trunk[S3-GigabitEthrnet0/0/4] port trunk pvid vlan 100[S3-GigabitEthrnet0/0/4] trunk allow-pass vlan 100 101[S4] vlan batch 100 101[S4-GigabitEthrnet0/0/1] port link-type trunk[S4-GigabitEthrnet0/0/1] trunk allow-pass vlan 100 101[S4-GigabitEthrnet0/0/4] port link-type trunk[S4-GigabitEthrnet0/0/4] port trunk pvid vlan 100[S4-GigabitEthrnet0/0/4] trunk allow-pass vlan 100 1012-2接口配置IP[S1-vlanif101 ] ip add 192.168.101.254 24 /* STA网关[S1] int Loopback[S1-Loopback0 ] ip add 10.0.1.1 32 /*测试用[AC-vlanif100 ] ip add 192.168.100.254 242-3DHCP配置[S1] dhcp enable[S1] ip pool sta[S1-ip-pool-sta] network 192.168.101.0 mask 24[S1-ip-pool-sta] gateway-list 192.168.101.254[S1-Vlanif101] dhcp select global[AC] dhcp enable[AC] ip pool ap[AC-ip-pool-ap] network 192.168.100.0 mask 24[AC-ip-pool-ap] gateway-list 192.168.100.254[AC-Vlanif100] dhcp select global3.配置AP上线3-1创建AP组[AC] wlan[AC-wlan-view] ap-group name ap-group13-2配置域管理模板[AC-wlan-view] regulatory-domain-profile name default[AC-wlan-regulate-domain-default] country-code cnInfo:The current country code is same with the input country code.3-3引用域管理模板[AC-wlan-view] ap-group name ap-group1[AC-wlan-ap-group-ap-group1] regulatory-domain-profile defaultWarning:Modifying the country code will clear channel,power and antenna gain configurations of the radio adn reset the AP.Continue?[Y/N]: y /* 输 y 继续3-4配置CAPWAP隧道[AC] capwap source interface Vlanif 1003-5配置AP1[AC] wlan[AC-Wlan-view] ap auth-mode mac-auth[AC-Wlan-view] ap-id 0 ap-mac 00E0-FC11-7C80[AC-Wlan-ap-0] ap-name ap1[AC-Wlan-ap-0] ap-group ap-group1Warning:This operation may causee AP reset,If the country code changes,it will clear channel,power and antenna gain configurations of the radio,Whether to continue?[Y/N]: y /* 输 y 继续3-6配置AP2[AC] wlan[AC-Wlan-view] ap auth-mode mac-auth[AC-Wlan-view] ap-id 1 ap-mac 00E0-FC26-02D0[AC-Wlan-ap-1] ap-name ap2[AC-Wlan-ap-1] ap-group ap-group1Warning:This operation may causee AP reset,If the country code changes,it will clear channel,power and antenna gain configurations of the radio,Whether to continue?[Y/N]: y /* 输 y 继续3-7查看当前AP信息[AC] wlan[AC-Wlan-view] dis ap all4.配置WLAN业务参数4-1配置安全模板(security psk 命令用来配置 WPA/WPA2 的预共享密钥认证和加密)[AC-Wlan-view] security-profile name HCIA-WLAN[AC-wlan-sec-pro-HCIA-WLAN] security wpa-wpa2 psk pass-phrase HCIA-Datacom aes4-2配置SSID模板创建名为“HCIA-WLAN”的SSID模板并配置SSID名称为“HCIA-WLAN”)[AC-Wlan-view] ssid-profile name HCIA-WLAN[AC-Wlan-ssid-prof-HCIA-WLAN] ssid HCIA-WLAN4-3配置VAP模板[AC-Wlan-view] vap-profile name HCIA-WLAN[AC-Wlan-vap-prof-HCIA-WLAN] forward-mode direct-forward /*转发模式为直接转发[AC-Wlan-vap-prof-HCIA-WLAN] service-vlan vlan-id 101Info:This operation may take a few seconds,please wait.done.[AC-Wlan-vap-prof-HCIA-WLAN] security-profile HCIA-WLANInfo:This operation may take a few seconds,please wait.done.[AC-Wlan-vap-prof-HCIA-WLAN] ssid-profile HCIA-WLANInfo:This operation may take a few seconds,please wait.done.4-4引用VAP模板[AC-Wlan-view] ap-group name ap-group1[AC-wlan-ap-group-ap-group1] vap-profile HCIA-WLAN wlan 1 radio allInfo:This operation may take a few seconds,please wait.done.配置AP组引用VAP模板AP上射频0和射频1都使用VAP模板“HCIA-WLAN”的配置结果验证:1.使用无线终端接入到SSID为“HCIA-WLAN”的无线信号查看STA获取的IP地址同时访问S1的LoopBack0接口的IP地址对10.0.1.1做ping测试。2.在STA连接的同时在AC上使用命令display station all查看STA信息。