cisco无线AP设置VLAN配置样例。

思科AP配置脚本vlan加wpa认证说明

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RZTELE

enable secret 5 $1$WlqT$GgLfJfxBeZ.XgGuZfcajP.

no aaa new-model

dot11 vlan-name v-huiyishi vlan 271

dot11 vlan-name v-test vlan 270

dot11 vlan-name v-wangluobu vlan 263

dot11 vlan-name v-wangyunbu vlan 15

dot11 vlan-name vlan-1 vlan 1 \\给vlan命名

dot11 ssid ChinaNet \\定义ssid

vlan 1

authentication open

guest-mode

mbssid guest-mode \\以上不需要认证的配置

dot11 ssid HuiYiShi

vlan 271

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 0 1234567890 \\以上是wpa认证的配置

dot11 ssid WangLuobu

vlan 263

dot11 ssid WangYunBu

vlan 15

mbssid guest-mode 

wpa-psk ascii 0 wangyunbu.pass

username Cisco privilege 15 password 0 123456

bridge irb

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode ciphers tkip

encryption vlan 15 mode ciphers tkip

encryption vlan 270 mode ciphers tkip

encryption vlan 271 mode ciphers tkip 认证的加密配置

ssid ChinaNet

ssid HuiYiShi

ssid WangLuobu

ssid WangYunBu \\将ssid应用到端口上

mbssid \\启用多ssid功能

station-role root

interface Dot11Radio0.1

encapsulation dot1Q 1

interface Dot11Radio0.15

encapsulation dot1Q 15 native \\配置管理vlan要加上native

ip address 172.20.63.30 255.255.255.0

bridge-group 1 \\选择组别（范围是1-255），要和下面的interface FastEthernet0.15一致

bridge-group 1 port-protected

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

interface Dot11Radio0.263

encapsulation dot1Q 263

ip address 172.20.62.109 255.255.255.240

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 port-protected

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

interface Dot11Radio0.270

encapsulation dot1Q 270

bridge-group 254

bridge-group 254 subscriber-loop-control

bridge-group 254 port-protected

bridge-group 254 block-unknown-source

no bridge-group 254 source-learning

no bridge-group 254 unicast-flooding

bridge-group 254 spanning-disabled

interface Dot11Radio0.271

encapsulation dot1Q 271

bridge-group 253

bridge-group 253 subscriber-loop-control

bridge-group 253 port-protected

bridge-group 253 block-unknown-source

no bridge-group 253 source-learning

no bridge-group 253 unicast-flooding

bridge-group 253 spanning-disabled

interface FastEthernet0

speed 100

full-duplex

interface FastEthernet0.1

interface FastEthernet0.15

encapsulation dot1Q 15 native

ip address dhcp

bridge-group 1

interface FastEthernet0.263

ip address 172.20.62.110 255.255.255.240

interface FastEthernet0.270

interface FastEthernet0.271

interface BVI1

ip address 172.20.63.8 255.255.255.0 \\配置管理vlan的ip地址

ip http server

no ip http secure-server

no cdp run

bridge 1 route ip

line con 0

password Cisco

line vty 0 4

login

end

本文转自 qq8658868 51CTO博客，原文链接：http://blog.51cto.com/hujizhou/1130488，如需转载请自行联系原作者