思科AP配置脚本vlan加wpa认证说明
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RZTELE
enable secret 5 $1$WlqT$GgLfJfxBeZ.XgGuZfcajP.
no aaa new-model
dot11 vlan-name v-huiyishi vlan 271
dot11 vlan-name v-test vlan 270
dot11 vlan-name v-wangluobu vlan 263
dot11 vlan-name v-wangyunbu vlan 15
dot11 vlan-name vlan-1 vlan 1 \\给vlan命名
dot11 ssid ChinaNet \\定义ssid
vlan 1
authentication open
guest-mode
mbssid guest-mode \\以上不需要认证的配置
dot11 ssid HuiYiShi
vlan 271
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 0 1234567890 \\以上是wpa认证的配置
dot11 ssid WangLuobu
vlan 263
dot11 ssid WangYunBu
vlan 15
mbssid guest-mode
wpa-psk ascii 0 wangyunbu.pass
username Cisco privilege 15 password 0 123456
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers tkip
encryption vlan 15 mode ciphers tkip
encryption vlan 270 mode ciphers tkip
encryption vlan 271 mode ciphers tkip 认证的加密配置
ssid ChinaNet
ssid HuiYiShi
ssid WangLuobu
ssid WangYunBu \\将ssid应用到端口上
mbssid \\启用多ssid功能
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1
interface Dot11Radio0.15
encapsulation dot1Q 15 native \\配置管理vlan要加上native
ip address 172.20.63.30 255.255.255.0
bridge-group 1 \\选择组别(范围是1-255),要和下面的interface FastEthernet0.15一致
bridge-group 1 port-protected
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.263
encapsulation dot1Q 263
ip address 172.20.62.109 255.255.255.240
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 port-protected
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
interface Dot11Radio0.270
encapsulation dot1Q 270
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 port-protected
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
interface Dot11Radio0.271
encapsulation dot1Q 271
bridge-group 253
bridge-group 253 subscriber-loop-control
bridge-group 253 port-protected
bridge-group 253 block-unknown-source
no bridge-group 253 source-learning
no bridge-group 253 unicast-flooding
bridge-group 253 spanning-disabled
interface FastEthernet0
speed 100
full-duplex
interface FastEthernet0.1
interface FastEthernet0.15
encapsulation dot1Q 15 native
ip address dhcp
bridge-group 1
interface FastEthernet0.263
ip address 172.20.62.110 255.255.255.240
interface FastEthernet0.270
interface FastEthernet0.271
interface BVI1
ip address 172.20.63.8 255.255.255.0 \\配置管理vlan的ip地址
ip http server
no ip http secure-server
no cdp run
bridge 1 route ip
line con 0
password Cisco
line vty 0 4
login
end
本文转自 qq8658868 51CTO博客,原文链接:http://blog.51cto.com/hujizhou/1130488,如需转载请自行联系原作者