H3C-Wlan-配置与基本维护指导

maybby
1 ℃
2020-04-29

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

一、AP配置（console登录ap设置）#wlanacip10.120.79.1//AP配置AC的地址#interfaceVlan-interface1ipaddress10.121.135.XXX255.255.255.224//静态设置AP的IP地址#iproute-static0.0.0.00.0.0.010.121.130.254//AP配置静态路由，下一跳指向网关二、AC配置（ACS认证相关+服务模板+ESS接口+AP）#domaindefaultenableacs//缺省认证域为domainacs#port-securityenable//启用端口安全#dot1xauthentication-methodeap//设置1X认证模式为EAP透传#wlanauto-apenable//使能ap自动注册#radiusschemeacs//ACS认证方案server-typeextendedprimaryauthentication10.121.128.116//认证服务器primaryaccounting10.121.128.116keyauthenticationciphertdrCitzJT/5mpJ0ZLjtloQ==keyaccountingciphertdrCitzJT/5mpJ0ZLjtloQ==user-name-formatwithout-domainnas-ip10.121.128.114//认证Nas-IP#domainacs//设置ACS认证域authenticationlan-accessradius-schemeacsauthorizationlan-accessradius-schemeacsaccountinglan-accessradius-schemeacsaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#wlanservice-template1crypto//服务模板1ssidABC_OA//SSID为ABC_OAbindWLAN-ESS1//绑定无线逻辑口1cipher-suitetkip//配置加密套件cipher-suiteccmpsecurity-iersn//配置信标和探查帧携带IE信息类型security-iewpaservice-templateenable//使能服务模板#wlanservice-template2cryptossidABC_YXXZbindWLAN-ESS2user-isolationenablecipher-suitetkipcipher-suiteccmpsecurity-iersnsecurity-iewpaservice-templateenable#interfaceBridge-Aggregation1portlink-typetrunkporttrunkpermitvlan141718//配置与75E内部互联为Trunk并permit相应的vlan#interfaceVlan-interface4ipaddress10.121.128.114255.255.255.128#interfaceVlan-interface17ipaddress10.120.78.1255.255.255.0#interfaceVlan-interface18ipaddress10.120.79.1255.255.255.128#interfaceTen-GigabitEthernet1/0/1portlink-typetrunkporttrunkpermitvlan141718portlink-aggregationgroup1#interfaceTen-GigabitEthernet1/0/2portlink-typetrunkporttrunkpermitvlan141718shutdownportlink-aggregationgroup1#interfaceWLAN-ESS1//配置逻辑ESS口portaccessvlan18port-securityport-modeuserlogin-secure-ext//802.1x模式port-securitytx-key-type11key//使能11key类型的密钥协商undodot1xhandshake//取消1X握手功能dot1xmandatory-domainacs//修改默认域undodot1xmulticast-trigger#interfaceWLAN-ESS2portaccessvlan18port-securityport-modeuserlogin-secure-extport-securitytx-key-type11keyundodot1xhandshakedot1xmandatory-domainacsundodot1xmulticast-trigger#wlanapjx-apmodelWA2620i-AGNserial-idauto//AP序列号自动注册radio1radio2service-template1radioenable#wlanapjx-ap_0001modelWA2620i-AGNid2//以下为注册后AP自动设置serial-id219801A0CNC123001318radio1radio2service-template1radioenable#iproute-static0.0.0.00.0.0.010.121.128.126#//设置静态路由三、用户名/密码AC（10.120.78.1/10.120.79.1）：用户名admin；密码adminAPtelnet密码：h3capadmin四、ap可管理功能缺省情况下ap无法手工管理，需要以下设置才能telnet管理ap：[Jiaxing-AC]wlanauto-appersistentall[Jiaxing-AC]_hide[Jiaxing-AC-hidecmd]wlanap-executejx-ap_0001exec-controlenable配置上述命令后就可以从AC或其它地方手工登录AP进行注册了。五、AP自动注册后命名规则自动注册原：jx-ap自动注册后：jx-ap_0001至jx-ap_9999六、指示灯显示一个AP从注册到用户成功接入整个过程的指示灯变化情况如下：1、AP上电启动：绿色闪烁2、开机完成：红色快闪2S3、开机完成后未连接到AC：绿色闪烁4、连接到AC：红色快闪2S5、成功连接到AC后并注册成功但无客户端在线：蓝色闪烁6、成功连接到AC后并注册成功且有客户端在线：绿色呼吸七、如何查看AP注册状态当AP配置完成且正常连接到网络后，会自动连接到AC并完成注册，才能完后信号的发出。注册完成后，可以在AC上查看AP的注册状态。在AC上查看AP的注册状态的命令如下：Jiaxing-ACdisplaywlanapallTotalNumberofAPsconfigured:4TotalNumberofconfiguredAPsconnected:3TotalNumberofautoAPsconnected:0APProfilesState:I=Idle,J=Join,JA=JoinAck,IL=ImageLoadC=Config,R=Run,KU=KeyUpdate,KC=KeyCfm--------------------------------------------------------------------------------APNameStateModelSerial-ID--------------------------------------------------------------------------------jx-apIWA2620i-AGNautojx-ap_0001R/MWA2620i-AGN219801A0CNC123001318jx-ap_0005R/MWA2620i-AGN219801A0CNC123001319jx-ap_0006R/MWA2620i-AGN219801A0CNC123001324说明：对应AP的状态处于“R/M”（running）状态则说明AP注册正常；若AP处于“I”（Idle）状态则说明AP未注册（主虚拟AP“jx-ap”除外）。八、如何查看客户端成功连接到APJiaxing-ACdisplaywlanclient//查看用户在线的简要信息TotalNumberofClients:1ClientInformationSSID:ABC_YXXZ--------------------------------------------------------------------------------MACAddressUserNameAPID/RIDIPAddressVLAN--------------------------------------------------------------------------------0022-fb9c-0302H3C_test2/20.0.0.018Jiaxing-ACdisplaywlanclientverbose//查看所有在线用户的详细信息TotalNumberofClients:1ClientInformation-------------------------------------------------------------------------------MACAddress:0022-fb9c-0302//客户端mac地址UserName:H3C_testAID:126APName:jx-ap_0001//客户端所连接的APRadioId:2SSID:ABC_YXXZBSSID:5866-ba2b-e4d1Port:WLAN-DBSS2:22VLAN:18State:RunningPowerSaveMode:ActiveWirelessMode:11gQoSMode:WMMListenInterval(BeaconInterval):10RSSI:47Rx/TxRate:48/54ClientType:WPA2(RSN)AuthenticationMethod:OpenSystemAKMMethod:Dot1X4-WayHandshakeState:PTKINITDONEGroupKeyState:IDLEEncryptionCipher:TKIPRoamStatus:NormalRoamCount:0UpTime(hh:mm:ss):00:04:33Jiaxing-ACdisplaywlanclientapjx-ap_0001verbose//查看指定AP下连接用户的详细信息TotalNumberofClients:1ClientInformation-------------------------------------------------------------------------------MACAddress:0022-fb9c-0302//客户端MAC地址UserName:H3C_testAID:126APName:jx-ap_0001RadioId:2SSID:ABC_YXXZBSSID:5866-ba2b-e4d1Port:WLAN-DBSS2:29VLAN:18State:RunningPowerSaveMode:ActiveWirelessMode:11gQoSMode:WMMListenInterval(BeaconInterval):10RSSI:45Rx/TxRate:48/54ClientType:WPA2(RSN)AuthenticationMethod:OpenSystemAKMMet