H3C无线加密配置(亲手实施过的模板)
无管理VLAN的情况
MAC验证:
wlan service-template 2 crypto
ssid h3c-mac
authentication-method shared-key
service-template enable
port-security enable
interface WLAN-BSS2
port-security port-mode mac-authentication
interface WLAN-Radio1/0/2
service-template 2 interface wlan-bss 2
interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
local-user ef45gfas
password ef45gfas
service-type lan-access
------------------------------------------------------------------------------
PSK验证
port-security enable
#
wlan service-template 2 crypto
ssid shengli
cipher-suite tkip
security-ie wpa
service-template enable
interface WLAN-BSS2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher 93182417
interface WLAN-Radio1/0/1
service-template 2 interface wlan-bss 2
interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
---------------------------------------------------------------
WEP加密方式:
wlan service-template 2 crypto
ssid sanlou-dong
authentication-method shared-key
cipher-suite wep40
wep default-key 1 wep40 pass-phrase simple 93182
service-template enable
quit
#
interface WLAN-BSS2
#
interface WLAN-Radio1/0/2
channel 6
service-template 2 interface wlan-bss 2
#
ip route-static 0.0.0.0 0.0.0.0 192.168.117.1
interface Vlan-interface1
ip address 192.168.117.251 255.255.255.0
----------------------------------------------------------------
WPA2+PSK:
wlan service-template 2 crypto
ssid Stonehome
authentication-method open-system
cipher-suite ccmp
security-ie rsn
service-template enable
interface Vlan-interface1
ip address 192.168.1.50 255.255.255.0
interface WLAN-BSS2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase stone1234
interface WLAN-Radio1/0/2
service-template 2 interface wlan-bss 2
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
-------------------------------------------------------------------------------
有管理VLAN和业务VLAN时;AP就不能相当于一台PC来配置了;要相当于一台交换机;之间的链路要打成TRUNK行。
? Fat AP上配置两个vlan:vlan 1000和vlan 256
? vlan 1000为管理vlan;vlan 256为业务vlan,所有的无线客户端都属于vlan 256
? Fat AP的管理IP地址为10.10.1.50/24,网关为10.10.1.254
? 服务集标识SSID为H3C-wireless,无认证无加密
Fat AP上配置两个vlan:vlan 1000和vlan 256 1000管理VLAN;256业务VLAN
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] port link-type trunk
[H3C-Ethernet1/0/1] port trunk permit vlan all
创建无线接口,并指定此接口属于vlan 256(即连接此无线接口的无线客户端都属于vlan 256
)
[H3C] interface WLAN-BSS 1
[H3C-WLAN-BSS1] port access vlan 256
[H3C] wlan service-template 1 crypto
[H3C-wlan-st-1] authentication-method open-system
[H3C-wlan-st-1] ssid H3C-wireless
[H3C-wlan-st-1] service-template enable
[H3C] interface WLAN-Radio 1/0/2
[H3C-WLAN-Radio1/0/1] service-template 1 interface WLAN-BSS 1
[H3C-WLAN-Radio1/0/1] radio-type 11g
[H3C-WLAN-Radio1/0/1] channel 6
[H3C] ip route-static 0.0.0.0 0 10.10.1.254 VLAN 1000的IP 网关上或者三层上的
1 6 11 1 6 11