第一步、配置基础配置
<AC6005>system-view
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6005-GigabitEthernet0/0/1]quit
[AC6005]capwap source interface vlan 10
第二步、wlan配置
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth
[AC6005-wlan-view]regulatory-domain-profile name CN
[AC6005-wlan-regulate-domain-CN]country-code CN
[AC6005-wlan-regulate-domain-CN]quit
[AC6005-wlan-view]ap-group name ap-group
[AC6005-wlan-ap-group-ap-group]regulatory-domain-profile CN
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6005-wlan-ap-group-ap-group]quit
[AC6005-wlan-view]ssid-profile name wlan-ssid
[AC6005-wlan-ssid-prof-wlan-ssid]ssid 802.1X
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-view]security-profile name sec_802.1X #创建终端接入安全模板
[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes #认证方式dot1x
[AC6005-wlan-sec-prof-sec_802.1X]quit
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 11
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid
第三步、认证部分配置
[AC6005]radius-server template radius_temp #创建radius服务器模板
[AC6005-radius-radius_temp]radius-server authentication 192.168.14.254 1812 #radius认证服务器地址为192.168.14.254,认证端口1812
[AC6005-radius-radius_temp]radius-server accounting 192.168.14.254 1813
[AC6005-radius-radius_temp]radius-server shared-key cipher 123456 #设置预共享密钥123456
[AC6005-radius-radius_temp]radius-server user-name original #设备向RADIUS服务器发送的用户名为用户原始输入的用户名
[AC6005-radius-radius_temp]undo radius-server user-name domain-included #输入用户名之后不需要附带域名
[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456 #radius授权服务器地址为192.168.14.254
[AC6005]aaa
[AC6005-aaa]authentication-scheme auth_scheme #创建认证方案
[AC6005-aaa-authen-auth_scheme]authentication-mode radius #认证模式为radius
[AC6005-aaa]accounting-scheme account_scheme #创建计费方案
[AC6005-aaa-accounting-account_scheme]accounting-mode radius #计费模式为radius
[AC6005-aaa-accounting-account_scheme]accounting realtime 15 #设置计费周期15分钟
[AC6005-aaa-accounting-account_scheme]quit
[AC6005-aaa]domain radius_domain #创建域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme #绑定认证方案
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme #绑定计费方案
[AC6005-aaa-domain-radius_domain]radius-server radius_temp #绑定radius服务器模板
[AC6005-aaa-domain-radius_domain]quit
[AC6005]dot1x-access-profile name 802.1X #创建dot1x模板
[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X #创建认证模板
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X #应用dot1x模板
[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme #应用认证方案
[AC6005-authentication-profile-authen_802.1X]accounting-scheme account-scheme
[AC6005-authentication-profile-authen_802.1X]access-domain raduis_domain #应用接入域
[AC6005-authentication-profile-authen_802.1X]quit
[AC6005]wlan
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]
display ip pool interface vlanif2 used 查看dhcp使用多少地址
display station offline-record sta-mac 14cf-9208-9abf(终端MAC)#如果原因是The signal strength is too low表示终端信号低导致掉线
display aaa abnormal-offline-record all
display ap online-fail-record all #上线失败记录
display ap offline-record all #下线记录
来源:oschina
链接:https://my.oschina.net/u/4388188/blog/4293604