1、基础配置见不带认证接入 2、开启认证开关和认证方式 [Navigator]wlan service-template 1 cry [Navigator-wlan-st-1]authentication-method open-system [Navigator-wlan-st-1]service-template enable 缺省情况下,使用 open-system 认证 方式 需要注意的是: 只有在使用 WEP 加密时才可选用 shared-key 认证机制, 此时必须配置命令 authentication-method shared-key 对于 RSN 和 WPA ,开放系统认证 方式要求必须配置,共享密钥认证 方式不作要求 3、配置WPA 开启WPA [Navigator-wlan-st-1]security-ie wpa 4、配置TKIP和ccmp加密套件 [Navigator-wlan-st-1]cipher-suite tkip [Navigator-wlan-st-1]cipher-suite cc [Navigator-wlan-st-1]cipher-suite ccmp 5、配置端口相关 在配置端口安全之前,完成了以下任务: (1) 创建无线端口 [Sysname] interface wlan-bss 0 (2) 全局使能端口安全 [Sysname] port-security enable 5.1配置PSK认证 [Navigator-WLAN-BSS0]port-security tx-key-type 11key 开启密钥协商功能; [Navigator-WLAN-BSS0]port-security preshared-key pass-phrase mis 配置共享密钥 [Navigator-WLAN-BSS0]port-security port-mode psk 配置端口安全模式
6、 将 WLAN-BSS 接口与服务模板绑定。 这里没有做,无线客户端找补到 [Navigator]int WLAN-Radio 2/0 [Navigator-WLAN-Radio2/0]radi [Navigator-WLAN-Radio2/0]radio-type dot11 [Navigator-WLAN-Radio2/0]radio-type dot11b [Navigator-WLAN-Radio2/0]radio-type dot11g [Navigator-WLAN-Radio2/0]ser [Navigator-WLAN-Radio2/0]service-template 1 int wlan-bss0
配置完成,检查: <Navigator>dis wlan client Total Number of Clients : 1 Total Number of Clients Connected : 1 Client Information ------------------------------------------------------------------- MAC Address BSSID AID State PS Mo ------------------------------------------------------------------- 0013-cea9-9691 000f-e2bf-6b60 1 Running Activ <Navigator>dis port-security preshared-key user Index Mac-Address VlanID Interface ------------------------------------------------------- 0 0013-cea9-9691 1 WLAN-BSS0
特别说明带DHCP分配的配置: 1、全局启用DHCP功能; [Navigator]dhcp en 2、配置DHCP服务器(本路由器作为服务器) # dhcp server ip-pool vlan1h3c extended network ip range 192.168.192.100 192.168.192.199 network mask 255.255.255.0 gateway-list 192.168.192.254 dns-list 8.8.8.8 # 3、在INTERFACE VLAN 1接口中应用地址池vlan1h3c interface Vlan-interface1 ip address 192.168.192.254 255.255.255.0 dhcp server apply ip-pool vlan1h3c # 4、查看 [Navigator]dis dhcp server ip all Global pool: IP address Client-identifier/ Lease expiration Type Hardware address 192.168.192.100 0013-cea9-9691 Jan 2 2007 04:11:15 Auto:COMMITTED
--- total 1 entry ---
|