前面写了如何利用锐捷的AC设备构建无线网络,但是还有小伙伴还是不清楚到底该如何配置无线网络,这里我利用华为设备在来具体讲讲无线网络该如何搭建,不同设备上该如何配置,有兴趣的小伙伴不妨把我的所有配置保存下来自己试试。
具体配置如下:
核心交换机配置:
#
sysname Huawei
#
vlan batch 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
ip address 192.168.1.254 255.255.255.0
dhcp select interface
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
AC配置:
#
undo http secure-server enable
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$I=$e96(_O4$(edvJE|N^/'3^80z^d
aTGr(W"^u.BBJMM=B:LV-)$
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
undo negotiation auto
duplex half
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
capwap source interface vlanif1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name ssid
ssid huawei
ssid-profile name default
vap-profile name vap
service-vlan vlan-id 100
ssid-profile ssid
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
calibrate auto-txpower-select disable
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile vap wlan 1
eirp 70
ap-id 0 type-id 56 ap-mac 00e0-fcf0-6f10 ap-sn 2102354483106C68D65F
ap-id 1 type-id 56 ap-mac 00e0-fc72-1440 ap-sn 210235448310D2176025
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
AP配置:
<00e0-fc72-1440>dis cu
#
clock timezone Indian Standard Time minus 05:13:20
clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-2
3 00:00 2005 2005
#
set memory-usage threshold 0
#
ipv6
#
vlan batch 100
#
arp learning strict
#
lldp enable
#
dns resolve
#
interface Eth-Trunk0
port hybrid tagged vlan 2 to 4094
#
interface GigabitEthernet0/0/0
port hybrid tagged vlan 2 to 4094
lldp dot3-tlv power 802.3at
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 2 to 4094
lldp dot3-tlv power 802.3at
#
sftp server enable
stelnet server enable
undo telnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
配置验证:
