1、所有的dhcp都在核心
2、ap管理地址dhcp也在核心
3、接入交换机接ap口要设置pvlan
4、业务vlan 10 20
5、ap管理vlan 100 这个vlan下要有一条option 43 sub-option 3 ascii 10.0.0.2
10.0.0.2为ac的vlan999 地址用于和核心互连
核心配置:
dis cu
dis current-configuration
sysname HX
undo info-center enable
vlan batch 10 20 100 999
stp disable
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
drop-profile default
dhcp server group vlan10
ip pool vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
ip pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
ip pool vlan100
gateway-list 172.16.0.1
network 172.16.0.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.0.0.2
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select global
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select global
interface Vlanif100
ip address 172.16.0.1 255.255.255.0
dhcp select global
interface Vlanif999
ip address 10.0.0.1 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
port link-type access
port default vlan 999
interface NULL0
user-interface con 0
user-interface vty 0 4
return
接入配置:
dis curr
dis current-configuration
sysname jr
vlan batch 10 20 100
stp disable
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 10 20 100
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 10 20 100
interface NULL0
user-interface con 0
user-interface vty 0 4
return
ac控制器配置(web配置):
设置源ip
创建互通vlan
设置虚拟ip
设置默认路由:
新建立SSID使用自带的默认default模版,不用自己建立模版了:
改上线的ap名称并加入到default组的ssid中:
ac控制器配置(命令行配置):
dis curr
dis current-configuration
sysname ac
http server enable
set memory-usage threshold 0
ssl renegotiation-rate 1
vlan 999
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
diffserv domain default
radius-server template default
pki realm default
rsa local-key-pair default
enrollment self-signed
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
free-rule-template name default_free_rule
portal-access-profile name portal_access_profile
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user yu password irreversible-cipher
1
a
1a
1a:3Pg*Q1bG~
n
Z
]
.
O
H
A
t
X
(
)
o
(
p
+
)
C
(
5
e
5
9
ˆ
"
"
i
p
nZ].OHAtX()o(p+)C^(5e 5\^9""ip
nZ].OHAtX()o(p+)C(5e59ˆ""ip&v0>-R\DER$
local-user yu privilege level 15
local-user yu service-type telnet terminal ssh ftp http
local-user yeng password cipher %%#V]W{-v`S63a!r1D3WoC*=YFsCQ`:WB{VD_"pENy,%%
local-user yeng privilege level 15
local-user yeng service-type web
local-user admin password irreversible-cipher
1
a
1a
1a<aFd6RYqV/KaTeX parse error: Expected 'EOF', got '&' at position 4: /Dl&̲!/1~h5w6r#*;gL …
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh ftp http
interface Vlanif999
ip address 10.0.0.2 255.255.255.0
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
interface GigabitEthernet0/0/8
undo negotiation auto
duplex half
interface NULL0
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
capwap source interface vlanif999
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
wlan
traffic-profile name default
security-profile name nwy
security wpa-wpa2 psk pass-phrase %^%#"#0d)#b5[O3A-2)%Ko7N|Mx=DdMU1>8jJ#]Ml|-
%^%# aes-tkip
security-profile name guest
security-profile name default
security wpa2 psk pass-phrase %%#P{n#-T=*C);OE$;L>aN59$RM4Cu@R@Z’_@#%m]ZJ%%#
aes
security-profile name tRadio0
security wpa2 psk pass-phrase %%#,`-"P{5I^O5Xq!8asY5>lUy4PEsoaIM[y9LM’`*0%%#
aes
security-profile name tRadio1
security wpa2 psk pass-phrase %%#2hCPy8[vB}&
;
∗
F
;*F
;∗F<F5|kN7GW1gT6~kc(B;/wT%^%#
aes
security-profile name default-wds
security-profile name default-mesh
ssid-profile name nwy
ssid nwy
ssid-profile name guest
ssid guest
ssid-profile name default
vap-profile name 1
vap-profile name nwy
service-vlan vlan-id 10
permit-vlan vlan-id 10
ssid-profile nwy
security-profile nwy
vlan-mobility-group 10
vap-profile name nwy1
vap-profile name guest
service-vlan vlan-id 20
ssid-profile guest
security-profile guest
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-whitelist-profile name tRadio0
peer-ap mac 00e0-fce4-57d0
mesh-whitelist-profile name tRadio1
peer-ap mac 00e0-fce4-57d0
mesh-profile name default
mesh-profile name tRadio0
security-profile default
mesh-id 1
mesh-profile name tRadio1
security-profile tRadio1
mesh-id 1
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile nwy wlan 1
vap-profile guest wlan 2
radio 1
vap-profile nwy wlan 1
vap-profile guest wlan 2
radio 2
vap-profile nwy wlan 1
vap-profile guest wlan 2
ap-id 0 type-id 69 ap-mac 00e0-fce4-57d0 ap-sn 210235448310EC3F0A67
ap-name jxl1
ap-group default
ap-id 1 type-id 69 ap-mac 00e0-fc01-5950 ap-sn 2102354483103213D216
ap-name jxl2
ap-id 2 type-id 69 ap-mac 00e0-fcf7-4de0 ap-sn 210235448310E659C225
provision-ap
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
return