第一次接触,所以临去前准备了一个晚上,到配置时,还是出现一些问题,耗了不少时间,特别是开始找到AP,并且AP的状态是R/M,但是我的电脑和手机就是搜不到信号,我可是照官方文档以最简单的方法配的。。。。搞了半天,原来是需要在radio2上加上service-template 。
另一个卡住的地方是想把无线接入的客户划到VLAN20上,搞了几次都不成功。最后只能放回VLAN1上,
因为客户只有一个SSID,所以,隐藏了我的问题。
我有几个问题未解决:
1。如何配置多个SSID在不同VLAN上?
2。交换模块跟无线模块起的那个会聚有什么作用?
3。对ESS的概念还是不是很懂,只知道它是那样去配。
4。radio 1 , radio 2 , radio 3这些代表什么?为什么只开radio1,我搜不到信号?
有看到我这篇文章然后又懂的,麻烦告诉我一下。
下面的我的配置是,无线接入在VLAN1上的。
AC设备:WX3010E
AP设备:WA2620-AGN-C
AC设备原来是分两部分,一个是无线控制部分,一部分是交换机部分(可以POE供电给AP)。
[AC-WX3010E-WLAN]
[AC-WX3010E-WLAN]dis cu
#
version 5.20, Release 3507P22
#
sysname AC-WX3010E-WLAN
#
domain default enable system
#
telnet server enable
#
port-security enable
#
oap management-ip 192.168.0.101 slot 0
#
wlan auto-ap enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 5
#
vlan 20
#
vlan30
#
vlan 40
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher$c$3$HERx/x+M3SPHhEyEfRjZiX1/7nxqymnxhzxr
authorization-attribute level 3
service-type telnet
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan radio-policy radpolicy1
beacon-interval 200
dtim 4
rts-threshold 2300
fragment-threshold 2200
short-retry threshold 6
long-retry threshold 5
max-rx-duration 500
#
wlan service-template 1 crypto
ssid SPK
bind WLAN-ESS 2
cipher-suite tkip
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
wlan service-template 2 clear
ssidTEST2
bind WLAN-ESS 0
service-template enable
#
wlan service-template 3 crypto
ssid TEST3
bind WLAN-ESS 1
cipher-suite tkip
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
wlan ap-group default_group
ap ap1
ap 5cdd-7097-cba0
ap 5cdd-7097-cc80
ap 5cdd-7097-cca0
ap 5cdd-7097-cee0
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.253 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 3 untagged
#
interface WLAN-ESS1
port link-type hybrid
port hybrid vlan 1 to 5 20 30 40 untagged
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher$c$3$h51mMeJb4RKnEPoqWUGYlcV/Xh0zbtvtDuWy
#
interface WLAN-ESS2
port link-type hybrid
port hybrid vlan 1 to 5 20 30 40 untagged
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher$c$3$h51mMeJb4RKnEPoqWUGYlcV/Xh0zbtvtDuWy
#
wlan ap 5cdd-7097-cba0 model WA2620-AGN-C id 5
serial-id 219801A0KXM143000167
radio 1
radio-policy radpolicy1
service-template 1
radio enable
radio 2
service-template 1
radio enable
#
wlan ap 5cdd-7097-cc80 model WA2620-AGN-C id 3
serial-id 219801A0KXM143000164
radio1
radio-policy radpolicy1
service-template 1
radio enable
radio 2
service-template 1
radio enable
#
wlan ap 5cdd-7097-cca0 model WA2620-AGN-C id 4
serial-id 219801A0KXM143000103
radio 1
radio-policy radpolicy1
service-template 1
radio enable
radio 2
service-template 1
radio enable
#
wlan ap 5cdd-7097-cee0 model WA2620-AGN-C id 2
serial-id 219801A0KXM143000157
radio 1
service-template 1
radio enable
radio2
service-template 1
radio enable
#
wlan ap ap1 model WA2620-AGN-C id 1
serial-id auto
radio 1
radio-policy radpolicy1
service-template 1
radio enable
radio 2
service-template 1
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
[AC-WX3010E-WLAN]
输入 oap connect slot 0进入交换模块,想回无线模块按 CTRL+K。(指在
[AC-WX3010E-Switch]
[AC-WX3010E-Switch]dis cu
#
version 5.20, Release 3507P22
#
sysname AC-WX3010E-Switch
#
domain default enable system
#
telnet server enable
#
oap management-ip 192.168.0.100 slot 1
#
password-recovery enable
#
vlan 1
#
vlan 2 to 5
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
password cipher$c$3$nIVX05Q1uMDUcMvsYM7XbjZcNqb6vq/H
authorization-attribute level 3
service-type telnet
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet1/0/1
poe enable
#
interface GigabitEthernet1/0/2
poe enable
#
interface GigabitEthernet1/0/3
poeenable
#
interface GigabitEthernet1/0/4
poe enable
#
interface GigabitEthernet1/0/5
poe enable
#
interface GigabitEthernet1/0/6
poe enable
#
interface GigabitEthernet1/0/7
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/8
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface GigabitEthernet1/0/12
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user-interface vty 5 15
#
return
[AC-WX3010E-Switch]
[AC-WX3010E-Switch]
[AC-WX3010E-Switch]local-user admin
[AC-WX3010E-Switch-luser-admin] passwordsim
[AC-WX3010E-Switch-luser-admin] password simple ghon0321
[AC-WX3010E-Switch-luser-admin]quit
[AC-WX3010E-Switch]sa
[AC-WX3010E-Switch]save
The current configuration will be written to the device. Are yousure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enterkey):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait..............
Saved the current configuration to mainboarddevice successfully.
Configuration is saved to devicesuccessfully.
[AC-WX3010E-Switch]
[AC-WX3010E-Switch]