H3C-AC间漫游用户接入AP控制配置举例

发布时间:2019-08-07 05:30:00 编辑:培训基地 手机版

  H3C-AC间漫游用户怎么接入AP控制,接入AP控制配置过程有什么要点,配置命令是什么?下面跟yjbys小编一起来看看吧!

  一、组网需求

  两个无线控制器 AC 1 和AC 2 通过一个二层交换机连接,两个AC 处于同一个漫游组,客户端先通过AP 1 获取无线服务,然后漫游到与AC 2 相连的AP 2 上。要求客户端通过允许接入的AP 接入无线网络,并保证客户端在漫游后还能获取无线服务。

H3C-AC间漫游用户接入AP控制配置举例

  三、配置步骤

  说明:radius服务的配置参考其他,本省略

  (1) 配置AC 1

  # 配置AP 1。

  system-view

  [AC1] port-security enable

  [AC1] dot1x authentication-method eap

  [AC1] interface wlan-ess 1

  [AC1-WLAN-ESS1] port-security port-mode userlogin-secure-ext

  [AC1-WLAN-ESS1] port-security tx-key-type 11key

  [AC1-WLAN-ESS1] undo dot1x multicast-trigger

  [AC1-WLAN-ESS1] undo dot1x handshake

  [AC1-WLAN-ESS1] quit

  [AC1] wlan service-template 1 crypto

  [AC1-wlan-st-1] ssid abc

  [AC1-wlan-st-1] bind wlan-ess 1

  [AC1-wlan-st-1] authentication-method open-system

  [AC1-wlan-st-1] cipher-suite ccmp

  [AC1-wlan-st-1] security-ie rsn

  [AC1-wlan-st-1] service-template enable

  [AC1-wlan-st-1] quit

  [AC1] wlan ap ap1 model WA2100

  [AC1-wlan-ap-ap1] serial-id 210235A045B05B1236548

  [AC1-wlan-ap-ap1] radio 1 type dot11g

  [AC1-wlan-ap-ap1-radio-1] service-template 1

  [AC1-wlan-ap-ap1-radio-1] radio enable

  [AC1-wlan-ap-ap1-radio-1] quit

  [AC1-wlan-ap-ap1] quit

  # 配置AC 1 上的漫游组,并使能IACTP 服务。

  [AC1] wlan mobility-group abc

  [AC1-wlan-mg-abc] source ip 10.18.1.1

  [AC1-wlan-mg-abc] member ip 10.18.1.2

  [AC1-wlan-mg-abc] mobility-group enable

  [AC1-wlan-mg-abc] return

  # 配置AP 组并应用在User Profile 下。

  system-view

  [AC1] wlan ap-group 1

  [AC1-ap-group1] ap ap1 ap2

  [AC1-ap-group1] quit

  [AC1] user-profile management

  [AC1-user-profile-management] wlan permit-ap-group 1

  [AC1-user-profile-management] quit

  [AC1] user-profile management enable

  (2) 配置AC 2

  # 配置AP 2。

  system-view

  [AC2] port-security enable

  [AC2] dot1x authentication-method eap

  [AC2] interface wlan-ess 1

  [AC2-WLAN-ESS1] port-security port-mode userlogin-secure-ext

  [AC2-WLAN-ESS1] port-security tx-key-type 11key

  [AC2-WLAN-ESS1] undo dot1x multicast-trigger

  [AC2-WLAN-ESS1] undo dot1x handshake

  [AC2-WLAN-ESS1] quit

  [AC2] wlan service-template 1 crypto

  [AC2-wlan-st-1] ssid abc

  [AC2-wlan-st-1] bind wlan-ess 1

  [AC2-wlan-st-1] authentication-method open-system

  [AC2-wlan-st-1] cipher-suite ccmp

  [AC2-wlan-st-1] security-ie rsn

  [AC2-wlan-st-1] service-template enable

  [AC2-wlan-st-1] quit

  [AC2] wlan ap ap2 model WA2100

  [AC2-wlan-ap-ap2] serial-id 210235A22W0076000103

  [AC2-wlan-ap-ap2] radio 1 type dot11g

  [AC2-wlan-ap-ap2-radio-1] service-template 1

  [AC2-wlan-ap-ap2-radio-1] radio enable

  [AC2-wlan-ap-ap2-radio-1] quit

  [AC2-wlan-ap-ap2] quit

  # 配置AC 2 上的漫游组,并使能IACTP 服务。

  [AC2] wlan mobility-group abc

  [AC2-wlan-mg-abc] source ip 10.18.1.2

  [AC2-wlan-mg-abc] member ip 10.18.1.1

  [AC2-wlan-mg-abc] mobility-group enable

  [AC2-wlan-mg-abc] quit

  # 配置AP 组并应用在User Profile 下。

  [AC2] wlan ap-group 1

  [AC2-ap-group1] ap ap1 ap2

  [AC2-ap-group1] quit

  [AC2] user-profile management

  [AC2-user-profile-management] wlan permit-ap-group 1

  [AC2-user-profile-management] quit

  [AC2] user-profile management enable

  (3) 验证结果

  AP 1 和AP 2 下的User Profile 均允许接入AP 1,AP 2,客户端漫游成功。

本文已影响0
+1
0