對于安全認證來說,也是無線比較重要的一塊,在SOHO級别以及小型環境中,比較傾向于預共享的方式進行認證,也就是配置一個大家知道的密碼,輸入後就能連接到無線網絡,常用的有WEP、WPA、WPA2,WEP已經漸漸的淘汰了,非常容易被破解,推薦的是WPA2的AES,對應小型環境或者SOHO級别的來說還是比較容易部署的。當然認證還有很多,比如基于MAC地址認證、dot1x方式 或者portal網頁認證等,這些方式會在後續陸續演示。
掌握目标1、AC的基本業務配置2、認證方式的配置
拓撲寫了對應的IP網段,以及各自的VLAN信息,可以對應配置看
路由的配置interface GigabitEthernet0/0/0ip address 10.1.200.1 255.255.255.0#interface LoopBack100ip address 100.100.100.100 255.255.255.255#ospf 1 router-id 1.1.1.1default-route-advertise alwaysarea 0.0.0.0network 10.1.200.1 0.0.0.0
AC的配置#interface Vlanif100ip address 10.1.100.1 255.255.255.0dhcp select interface#interface Vlanif101ip address 10.1.101.1 255.255.255.0dhcp select interfacedhcp server dns-list 8.8.8.8#interface Vlanif102ip address 10.1.102.1 255.255.255.0dhcp select interfacedhcp server dns-list 8.8.8.8#interface Vlanif103ip address 192.168.103.1 255.255.255.0dhcp select interfacedhcp server dns-list 8.8.8.8#interface Vlanif200ip address 10.1.200.2 255.255.255.0
說明:該VLAN接口地址一個是用于與AR路由器相連,其餘的是作為無線客戶端的網關
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 to 102#interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 to 102#interface GigabitEthernet0/0/3port link-type accessport default vlan 200
說明:這裡由于AP是雙頻的,也可以每個AP發送多個SSID,所以要允許對應的VLAN流量。
interface wlan-Ess0port hybrid untagged vlan 101#interface Wlan-Ess1port hybrid untagged vlan 102#interface Wlan-Ess2port hybrid untagged vlan 103
ospf 1 router-id 2.2.2.2area 0.0.0.0network 10.1.200.2 0.0.0.0area 0.0.0.1network 10.1.100.1 0.0.0.0network 10.1.101.1 0.0.0.0network 10.1.102.1 0.0.0.0network 192.168.103.1 0.0.0.0
wlanwlan ac source interface vlanif100ap id 0 type-id 19 mac 00e0-fc03-7820 sn 210235448310F3277942ap id 1 type-id 19 mac 00e0-fc03-9730 sn 2102354483100A13F850wmm-profile name wmm1 id 0traffic-profile name tra1 id 0security-profile name open id 0
security-profile name wep40 id 1wep authentication-method share-keywep key wep-40 pass-phrase 0 simple 12345
security-profile name wpapsk id 2security-policy wpawpa authentication-method psk pass-phrase simple huaweipsk encryption-method ccmp
定義了3種不同的認證方式,分别為open、WEP與WPA
service-set name vlan101 id 0wlan-ess 0ssid vlan101traffic-profile id 0security-profile id 1service-vlan 101service-set name vlan102 id 1wlan-ess 1ssid vlan102traffic-profile id 0security-profile id 2service-vlan 102service-set name guest103 id 2wlan-ess 2ssid guest103user-isolatetraffic-profile id 0security-profile id 0service-vlan 103radio-profile name 2g id 0wmm-profile id 0ap 0 radio 0radio-profile id 0service-set id 0 wlan 1service-set id 1 wlan 2service-set id 2 wlan 3ap 1 radio 0radio-profile id 0channel 20MHz 6service-set id 0 wlan 1service-set id 1 wlan 2service-set id 2 wlan 3 #
最後記得comm下發業務給AP即可。
上一篇回顧
由淺入深玩轉華為WLAN—-7 旁挂 三層 隧道轉發方式組網
下一篇學習
由淺入深玩轉華為WLAN-9 基于無線的MAC地址認證
,更多精彩资讯请关注tft每日頭條,我们将持续为您更新最新资讯!
zpostcode 
Recruit 
weather 
mreligion 
Yellowpages 
sport 
constellation 
shopping 
name 
game 
directory 
literature 
Word 
tour 
furnish 
Lottery 
tftnews 
lyrics 
News 
digital 
car 
dir 
Edu 
Finance 
