配置内容如图↓
AC:DCWS-6028 版本:7.0.5.0 AP:DCWL-7962AP 版本:2.0.5.36
在AC上配置DHCP服务↓
service dhcp /开启DHCP服务/ ! ip dhcp excluded-address 192.168.100.254 /排除地址/ ! ip dhcp pool vlan100 /配置地址池/ network-address 192.168.100.0 255.255.255.0 /地址池网段地址/ lease 2 0 0 /租约时间 日/时/分 / default-router 192.168.100.254 /网关地址/ dns-server 8.8.8.8 /DNS服务器地址/ !
管理地址ip&网关配置ip↓
interface Vlan100 ip address 192.168.100.1 255.255.255.0 /管理地址/ ip address 192.168.100.254 255.255.255.0 secondary /网关地址/
接口配置↓
vlan 1;100 ! interface Ethernet1/0/1 switchport mode trunk switchport trunk allowed vlan all switchport trunk native vlan 100
因为连接AP的接口本征vlan为100,所以当vlan100过去AP时会去掉vlan100的标签,就变成了不带标签的数据帧,进入ap接口时打上vlan1标签,再设置vlan列表为vlan1,因为在同一个广播域内,就能让ap获取DHCP服务分配过来的地址。
查看AP获取的DCHP地址:在AP下查看↓
DCN-WLAN-AP# get management detail Property Value --------------------------------------------- vlan-id 1 /接口vlan/ interface brvlan1 static-ip 192.168.1.10 /AP默认ip地址/ static-mask 255.255.255.0 /默认掩码/ ip 192.168.100.2 /通过DHCP获取的ip地址/ mask 255.255.255.0 /通过DHCP获取的掩码/ ipv6 ipv6-prefix-length 0 mac 00:03:0F:30:A1:60 dhcp-status up dhcpv6-status down ipv6-status up ipv6-autoconfig-status up static-ipv6 static-ipv6-prefix-length 0 autoconfig-link-local autoconfig-ipv6-global-all
AP接口是一个trunk口,vlan 1为本征vlan。
查看AP获取的DCHP地址:AC上查看 ↓
DCWS#show ip dhcp binding /查看DHCP分配表/ Total dhcp binding items: 1, the matched: 1 IP address Hardware address Lease expiration Type 192.168.100.2 00-03-0F-30-A1-60 Thu Jan 20 03:46:00 2005 Dynamic
开启无线,设置管理地址↓
wireless /进入无线配置/ no auto-ip-assign /关闭无线ip自动选取功能/ static-ip 192.168.100.1 /设置静态无线ip/ enable /开启无线功能/
vlan列表默认为vlan1
设置vlan列表:discovery vlan-list xxx(vlan)。
查看无线配置↓
DCWS(config)#show wireless Administrative Mode............................ Enable /必须此选项/ Operational Status............................. Enabled /必须此选项/ WS IP Address.................................. 192.168.100.1 WS IPv6 Address................................ ----- WS Auto IP Assign Mode ........................ Disable WS Switch Static IP ........................... 192.168.100.1 WS Switch Static IPv6 ......................... ----- AP Authentication Mode......................... Mac AP Auto Upgrade Mode........................... Disable AP Validation Method........................... Local Client Roam Timeout (secs)..................... 30 Country Code................................... CN - China Peer Group ID.................................. 1 Cluster Priority............................... 1 Cluster Controller............................. Yes Cluster Controller IP Address.................. 192.168.100.1 Cluster Controller IPv6 Address................ ----- Wireless System IP control port................ 57775 Wireless Management Protocol................... TLS AP Client QoS Mode............................. Disable AP Igmp Snooping Mode.......................... Disable Switch Provisioning............................ Enable Network Mutual Authentication Mode............. Disable Unmanaged AP Re-provisioning Mode.............. Enable Network Mutual Authentication Status........... Not Started Regenerate X.509 Certificate Status............ Not In Progress Keep Alive Interval(ms)........................ 10000 Keep Alive Max Count........................... 3 Force Wifi Compatible.......................... Disable Statistics Interval(secs)...................... Auto(5) Rf Scan Report Interval(secs).................. -----
建议项目实施时采用静态指定无线IP地址的方式,防止动态选取时IP地址变化导致无线网络中断
用户配置↓
wireless l2tunnel vlan-list add 1 /此命令用于集中式转发模式下的二层用户隔离,将用户添加到二层用户隔离列表中/ l2tunnel station-isolation allowed vlan 1 /启动二层用户隔离/ ap client-qos /开启无线QOS功能/ network 1 /网络1/ ssid DCN /网络名称:DCN/ security mode wpa-personal /加密模式:wpa-personal/ wpa key encrypted dbcb90d1a2f1c331c2859e93e350a20065272217eec0941f081796539df932e78ced8582004ac005e3b15a3e7f801d0f6a527ff652426e16aaf9d0d211a54f24 /加密后的密码字符串/ ! network 2 /网络2/ ssid GUEST /网络名称:GUEST/ qos max-bandwidth down 2048 /GUEST网络最大下行/下载速度/ qos max-bandwidth up 1024 /GUEST网络最大上行/上载速度/ max-clients 10 /最大连接数/
这里要说说为什么用户vlan为1,思路拓扑如图
DHCP分配的地址为vlan100,经过AC的GE_0/0接口出去时,因为接口的pvid为100,所以去掉标签,到达AP接口时,没标签的数据帧打上AP接口上pvid的标签,此时为vlan1,到达ap内部,因为和用户vlan一样所以,用户能获取到ip。
AP配置下发结构图↓
AP下发配置↓
wireless ap profile 1 hwtype 22 /ap硬件类型/ ap escape /ap脱离ac可继续工作/ radio 1 /默认radio 1 处于2.4GHZ/ mode n-only-g /模式:802.11n/ vap 0 /vap0默认开启,默认绑定network1/ ! vap 1 /vap1默认绑定network2,需要手动开启/ enable ! ! radio 2 /默认radio 2 处于5GHZ/ dot11n channel-bandwidth 40 vap 0
如果在不同AP广播不同SSID的应用场景下,不要使用Network1配置SSID,并将Network1的默认SSID隐藏,因为vap0默认开启且不能关闭。
ap上查看硬件类型↓
DCN-WLAN-AP# get system detail Property Value --------------------------------------------------------------------------- username admin model Wireless Infrastructure Platform Reference AP version 2.0.5.36 altversion 2.0.3.44 protocol-version 2 country CN nmode-supported Y forty-mhz-supported-g Y forty-mhz-supported-a Y base-mac 00:03:0f:30:a1:60 base-mac-status on serial-number 13451976 country-code-is-configurable on device-type 22 /硬件类型/ system-name system-contact system-location band-plan lastboot success reboot-mode cold apmode fit
AP 注册
AP注册到AC时,AC需要对AP进行认证。
主要认证方式:
MAC认证:通过检查AP的mac地址来决定AP是否能够注册到AC上。默认的认证方式。AC上面通过ap database来添加AP的mac地址。大规模部署时比较麻烦。
None:免认证,即AP自动注册,便于部署。推荐使用这种方式。
Pass-Phase认证:密码认证,AC和AP比对密码,密码一致时AP可以注册到AC上。AP需要做配置,使用不便,用的较少。
默认是MAC认证。
这里使用免认证注册↓
wireless ap authentication none
注册成功↓
DCWS(config-wireless)#show wireless ap status MAC Address Configuration (*) Peer Managed IP Address Profile Status Status Age ------------------ ---------------------------------------------- 00-03-0f-30-a1-60 192.168.100.2 1 Managed Success 0d:00:00:02 Total Access Points............................ 1
注册失败↓
DCWS(config-wireless)#show wireless ap status MAC Address Configuration (*) Peer Managed IP Address Profile Status Status Age ------------------ ---------------------------------------------- 00-03-0f-30-a1-60 192.168.100.2 1 Managed Failure 0d:00:00:10 Total Access Points............................ 1
成功后进行下发↓
DCWS#wireless ap profile apply 1 All configurations will be send to the aps associated to this profile and associated clients on these aps will be disconnected. Are you sure you want to apply the profile configuration? [Y/N] y AP Profile apply is in progress. /下发成功/
4 条评论
杰瑞 · 2018年1月9日 下午5:04
six six six
Mr.LJJ · 2018年3月3日 下午6:08
666
yarnson · 2022年7月5日 上午10:42
大佬,ap如何进入命令行
k · 2024年3月3日 上午9:25
大佬我也想知道