H3C无线加密配置(亲手实施过的模板)

无管理VLAN的情况
MAC验证：

wlan service-template 2 crypto
ssid h3c-mac
authentication-method shared-key
service-template enable

port-security enable

interface WLAN-BSS2
port-security port-mode mac-authentication

interface WLAN-Radio1/0/2
service-template 2 interface wlan-bss 2

interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

local-user ef45gfas
password ef45gfas
service-type lan-access

------------------------------------------------------------------------------

PSK验证
port-security enable
#
wlan service-template 2 crypto
ssid shengli
cipher-suite tkip
security-ie wpa
service-template enable


interface WLAN-BSS2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher 93182417

interface WLAN-Radio1/0/1
service-template 2 interface wlan-bss 2

interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

---------------------------------------------------------------

WEP加密方式：

wlan service-template 2 crypto
ssid sanlou-dong
authentication-method shared-key
cipher-suite wep40
wep default-key 1 wep40 pass-phrase simple 93182
service-template enable
quit
#

interface WLAN-BSS2

#
interface WLAN-Radio1/0/2
channel 6
service-template 2 interface wlan-bss 2

#
ip route-static 0.0.0.0 0.0.0.0 192.168.117.1


interface Vlan-interface1
ip address 192.168.117.251 255.255.255.0

----------------------------------------------------------------

WPA2+PSK:

wlan service-template 2 crypto
ssid Stonehome
authentication-method open-system
cipher-suite ccmp
security-ie rsn
service-template enable

interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0

interface WLAN-BSS2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase stone1234

interface WLAN-Radio1/0/2
service-template 2 interface wlan-bss 2
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

-------------------------------------------------------------------------------
有管理VLAN和业务VLAN时；AP就不能相当于一台PC来配置了；要相当于一台交换机；之间的链路要打成TRUNK行。


? Fat AP上配置两个vlan：vlan 1000和vlan 256
? vlan 1000为管理vlan；vlan 256为业务vlan，所有的无线客户端都属于vlan 256
? Fat AP的管理IP地址为10.10.1.50/24，网关为10.10.1.254
? 服务集标识SSID为H3C-wireless，无认证无加密



Fat AP上配置两个vlan：vlan 1000和vlan 256 1000管理VLAN；256业务VLAN


[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] port link-type trunk
[H3C-Ethernet1/0/1] port trunk permit vlan all
创建无线接口，并指定此接口属于vlan 256（即连接此无线接口的无线客户端都属于vlan 256

）
[H3C] interface WLAN-BSS 1
[H3C-WLAN-BSS1] port access vlan 256



[H3C] wlan service-template 1 crypto
[H3C-wlan-st-1] authentication-method open-system
[H3C-wlan-st-1] ssid H3C-wireless
[H3C-wlan-st-1] service-template enable

[H3C] interface WLAN-Radio 1/0/2
[H3C-WLAN-Radio1/0/1] service-template 1 interface WLAN-BSS 1
[H3C-WLAN-Radio1/0/1] radio-type 11g
[H3C-WLAN-Radio1/0/1] channel 6

[H3C] ip route-static 0.0.0.0 0 10.10.1.254 VLAN 1000的IP 网关上或者三层上的

1 6 11 1 6 11