zoukankan      html  css  js  c++  java

  • 无线1

    企业网中SSID
    一个Guest,一个Internet,连接到Guest的外来用户只能访问内部业务,连接到Internet的用户可以访问互联网。
    要求:

    Guest连接的用户归纳到VLAN100,Internet连接的用户归纳到VLAN200,

    Guest为开放式认证,Internet为WPA2认证,密钥为123456789, 

    两个AP分别发送一个SSID的两个频段,其中AP1负责SSID:
    Guest的下发,AP2负责SSID:Internet的下发

    VLAN及端口配置

    [AC6605]vlan batch 100 200

    [AC6605]interface g0/0/10

    [AC6605-GigabitEthernet0/0/10]port link-type trunk

    [AC6605-GigabitEthernet0/0/10]port trunk allow vlan all
    ————————————————

    接口地址配置
    [AC6605]interface vlan 1

    [AC6605-Vlanif1]ip address 192.168.1.254 24

    [AC6605]interface vlan 100

    [AC6605-Vlanif100]ip address 192.168.100.254 24

    [AC6605]interface vlan 200

    [AC6605-Vlanif200]ip address 192.168.200.254 24

    DHCP地址池及关联接口配置
    [AC6605]dhcp enable

    [AC6605]ip pool vlan1

    [AC6605-ip-pool-vlan1]network 192.168.1.0 mask 24

    [AC6605-ip-pool-vlan1]gateway 192.168.1.254

    [AC6605-ip-pool-vlan1]option 43 sub-option 2 ip-address 192.168.1.254

    [AC6605]ip pool vlan100

    [AC6605-ip-pool-vlan100]network 192.168.100.0 mask 24

    [AC6605-ip-pool-vlan100]gateway 192.168.100.254

    [AC6605]ip pool vlan200

    [AC6605-ip-pool-vlan200]network 192.168.200.0 mask 24

    [AC6605-ip-pool-vlan200]gateway 192.168.200.254

    [AC6605]interface vlan 1

    [AC6605-Vlanif1]dhcp select global

    [AC6605]interface vlan 100

    [AC6605-Vlanif100]dhcp select global 

    [[AC6605]interface vlan 200

    [AC6605-Vlanif200]dhcp select global
    ————————————————

    WLAN无线配置
    [AC6605]capwap source interface vlan 1

    ————————————————

    ##设置CAPWAP隧道地址

    [AC6605]wlan

    [AC6605-wlan-view]ap whitelist mac 00e0-fc22-24b0

    [AC6605-wlan-view]ap whitelist mac 00e0-fcd3-49b0

    ————————————————

    ##设置AP白名单,在做任何配置之前,先确保AP成功上线

    [AC6605-wlan-view]ssid-profile name Guest

    [AC6605-wlan-ssid-prof-Guest]ssid Guest

    [AC6605-wlan-view]ssid-profile name Internet

    [AC6605-wlan-ssid-prof-Internet]ssid Internet

    ————————————————

    ##配置SSID模版

    [AC6605-wlan-view]security-profile name Guest

    [AC6605-wlan-sec-prof-Guest]security open

    [AC6605-wlan-view]security-profile name Internet

    [AC6605-wlan-sec-prof-Internet]security wpa2 psk pass-phrase 123456789 aes

    ————————————————

    ##配置认证模版

    [AC6605-wlan-view]vap-profile name Guest

    [AC6605-wlan-vap-prof-Guest]ssid-profile Guest

    [AC6605-wlan-vap-prof-Guest]security-profile Guest

    [AC6605-wlan-vap-prof-Guest]service-vlan vlan-id 100

    [AC6605-wlan-vap-prof-Guest]forward-mode direct-forward

    ————————————————

    ##创建名为Guest的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN

    [AC6605-wlan-view]vap-profile name Internet

    [AC6605-wlan-vap-prof-Internet]ssid Internet

    [AC6605-wlan-vap-prof-Internet]security-profile Internet

    [AC6605-wlan-vap-prof-Internet]service-vlan vlan-id 200

    [AC6605-wlan-vap-prof-Internet]forward-mode direct-forward

    ————————————————

    ##创建名为Internet的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN

    [AC6605-wlan-view]ap-id 0

    [AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 0

    [AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 1

    [AC6605-wlan-view]ap-id 1

    [AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 0

    [AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 1

    结果

    Internet登陆需要密码

     

    Guest登陆不需要密码:

     

     
  • 相关阅读:
    ipv6 for openwrt odhcpd
    openwrt package Makefile
    openwrt 中个网络接口协议说明[转]
    openwrt Package aircrack-ng is missing dependencies for the following libraries:
    linux kernel 从cmdline 提取值
    js 上传文件进度条 [uboot使用]
    printk打印级别 [转]
    linux c 宏定义
    uboot 开发记录
    mac ssh scp命令
  • 原文地址:https://www.cnblogs.com/TiAmoLJ/p/11461487.html
Copyright © 2011-2022 走看看