企业网中SSID
一个Guest,一个Internet,连接到Guest的外来用户只能访问内部业务,连接到Internet的用户可以访问互联网。
要求:
Guest连接的用户归纳到VLAN100,Internet连接的用户归纳到VLAN200,
Guest为开放式认证,Internet为WPA2认证,密钥为123456789,
两个AP分别发送一个SSID的两个频段,其中AP1负责SSID:
Guest的下发,AP2负责SSID:Internet的下发
VLAN及端口配置
[AC6605]vlan batch 100 200
[AC6605]interface g0/0/10
[AC6605-GigabitEthernet0/0/10]port link-type trunk
[AC6605-GigabitEthernet0/0/10]port trunk allow vlan all
————————————————
接口地址配置
[AC6605]interface vlan 1
[AC6605-Vlanif1]ip address 192.168.1.254 24
[AC6605]interface vlan 100
[AC6605-Vlanif100]ip address 192.168.100.254 24
[AC6605]interface vlan 200
[AC6605-Vlanif200]ip address 192.168.200.254 24
DHCP地址池及关联接口配置
[AC6605]dhcp enable
[AC6605]ip pool vlan1
[AC6605-ip-pool-vlan1]network 192.168.1.0 mask 24
[AC6605-ip-pool-vlan1]gateway 192.168.1.254
[AC6605-ip-pool-vlan1]option 43 sub-option 2 ip-address 192.168.1.254
[AC6605]ip pool vlan100
[AC6605-ip-pool-vlan100]network 192.168.100.0 mask 24
[AC6605-ip-pool-vlan100]gateway 192.168.100.254
[AC6605]ip pool vlan200
[AC6605-ip-pool-vlan200]network 192.168.200.0 mask 24
[AC6605-ip-pool-vlan200]gateway 192.168.200.254
[AC6605]interface vlan 1
[AC6605-Vlanif1]dhcp select global
[AC6605]interface vlan 100
[AC6605-Vlanif100]dhcp select global
[[AC6605]interface vlan 200
[AC6605-Vlanif200]dhcp select global
————————————————
WLAN无线配置
[AC6605]capwap source interface vlan 1
————————————————
##设置CAPWAP隧道地址
[AC6605]wlan
[AC6605-wlan-view]ap whitelist mac 00e0-fc22-24b0
[AC6605-wlan-view]ap whitelist mac 00e0-fcd3-49b0
————————————————
##设置AP白名单,在做任何配置之前,先确保AP成功上线
[AC6605-wlan-view]ssid-profile name Guest
[AC6605-wlan-ssid-prof-Guest]ssid Guest
[AC6605-wlan-view]ssid-profile name Internet
[AC6605-wlan-ssid-prof-Internet]ssid Internet
————————————————
##配置SSID模版
[AC6605-wlan-view]security-profile name Guest
[AC6605-wlan-sec-prof-Guest]security open
[AC6605-wlan-view]security-profile name Internet
[AC6605-wlan-sec-prof-Internet]security wpa2 psk pass-phrase 123456789 aes
————————————————
##配置认证模版
[AC6605-wlan-view]vap-profile name Guest
[AC6605-wlan-vap-prof-Guest]ssid-profile Guest
[AC6605-wlan-vap-prof-Guest]security-profile Guest
[AC6605-wlan-vap-prof-Guest]service-vlan vlan-id 100
[AC6605-wlan-vap-prof-Guest]forward-mode direct-forward
————————————————
##创建名为Guest的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN
[AC6605-wlan-view]vap-profile name Internet
[AC6605-wlan-vap-prof-Internet]ssid Internet
[AC6605-wlan-vap-prof-Internet]security-profile Internet
[AC6605-wlan-vap-prof-Internet]service-vlan vlan-id 200
[AC6605-wlan-vap-prof-Internet]forward-mode direct-forward
————————————————
##创建名为Internet的VAP模版,并分别调用SSID模版,安全模版,设置转发状态,以及关联VLAN
[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 0
[AC6605-wlan-ap-0]vap-profile Guest wlan 1 radio 1
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 0
[AC6605-wlan-ap-1]vap-profile Internet wlan 1 radio 1
结果
Internet登陆需要密码
Guest登陆不需要密码:
