二层WLAN无线配置

avatar

危险人物

选项没错,但与题目无关
文章 评论 标签
39 38 13
最新回复
快乐的钟好烦
快乐的钟好烦
good
小白
小白
大佬666
admin
admin
666
快乐的钟好烦
快乐的钟好烦
是啥丫
小白
小白
博主666666
随便看看
2025 年 02 月 05 日
Bugku CTF平台-滑稽(web)
2025 年 01 月 12 日
Linux常用命令(上)
2025 年 02 月 09 日
攻防世界-weak_auth (web)
首页
/ WLAN / 正文

今天来一个Wlan的实验(以下是需求):
m8xxjykf.png
m8xxk6wz.png

首先在那朵云里添加一个端口

m8xxnv2m.png
总体拓扑是这个样子的
m8y3cadp.png
1.按照需求先划分vlan
在交换机上配vlan IP作为网关

[SW1]int l1
[SW1-LoopBack1]ip add 101.101.101.101 32
[SW1]vlan batch  10 to 13
[SW1]interface Vlanif 10    
[SW1-Vlanif10]ip address 10.1.10.1 24
[SW1-Vlanif10]interface Vlanif 11
[SW1-Vlanif11]ip address 10.1.11.1 24
[SW1-Vlanif11]interface Vlanif 12
[SW1-Vlanif12]ip address 10.1.12.1 24
[SW1-Vlanif12]interface Vlanif 13
[SW1-Vlanif13]ip address 10.1.13.1 24
[SW1-Vlanif13]q

m8y3mbuj.png

AC上配vlna的虚拟接口

[AC6005]vlan  batch 10 to 13
[AC6005]interface Vlanif 10
[AC6005-Vlanif10]ip address 10.1.10.100 24
[AC6005-Vlanif10]interface Vlanif 11
[AC6005-Vlanif11]ip address 10.1.11.100 24
[AC6005-Vlanif11]interface Vlanif 12
[AC6005-Vlanif12]ip address 10.1.12.100 24
[AC6005-Vlanif12]interface Vlanif 13
[AC6005-Vlanif13]ip address 10.1.13.100 24

交换机与各设备之间使用trunk链路

[SW1]interface Ethernet0/0/1
[SW1-Ethernet0/0/1]port link-type trunk 
[SW1-Ethernet0/0/1]port trunk allow-pass vlan 10 to 13
[SW1-Ethernet0/0/1]interface Ethernet0/0/2
[SW1-Ethernet0/0/2]port link-type trunk
[SW1-Ethernet0/0/2]port trunk pvid vlan 10
[SW1-Ethernet0/0/2]port trunk allow-pass vlan 10 to 13
[SW1-Ethernet0/0/2]interface Ethernet0/0/3
[SW1-Ethernet0/0/3]port link-type trunk
[SW1-Ethernet0/0/3]port trunk pvid vlan 10
[SW1-Ethernet0/0/3]port trunk allow-pass vlan 10 to 13
[SW1-Ethernet0/0/3]q

m8y4ehyl.png

[AC6005]interface GigabitEthernet0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk     
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 20
[AC6005-GigabitEthernet0/0/1]q

m8y4ru6s.png
可以ping通交换机的环回口
m8y51ii8.png

[AC6005]wlan    
[AC6005-wlan-view]ap-group name ap-group1

[AC6005]dhcp enable 
[AC6005]ip pool ap
[AC6005-ip-pool-ap]network 10.1.10.0 mask 24    
[AC6005-ip-pool-ap]gateway-list 10.1.10.1
[AC6005-ip-pool-ap]ip pool employee
[AC6005-ip-pool-employee]network 10.1.11.0 mask 24
[AC6005-ip-pool-employee]gateway-list 10.1.11.1
[AC6005-ip-pool-employee]ip pool voice
[AC6005-ip-pool-voice]network 10.1.12.0 mask 24
[AC6005-ip-pool-voice]gateway-list 10.1.12.1
[AC6005-ip-pool-voice]ip pool guest
[AC6005-ip-pool-guest]network 10.1.13.0 mask 24
[AC6005-ip-pool-guest]gateway-list 10.1.13.1
[AC6005-ip-pool-guest]

一共创建了四个地址池
m8y5ah5q.png

进入虚拟接口为vlan的DHCP服务器选择模式为全局

[AC6005]interface Vlanif 10    
[AC6005-Vlanif10]dhcp select global 
[AC6005-Vlanif10]interface Vlanif 11
[AC6005-Vlanif11]dhcp select global
[AC6005-Vlanif11]interface Vlanif 12
[AC6005-Vlanif12]dhcp select global
[AC6005-Vlanif12]interface Vlanif 13
[AC6005-Vlanif13]dhcp select global

在交换机上查mac
m8y5fele.png


配置AP认证方式为MAC,并加入组
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth         
[AC6005-wlan-view]ap-mac 00e0-fc02-7850 ap-id 1
[AC6005-wlan-ap-1]ap-group ap-group1
[AC6005-wlan-ap-1]ap-name ap1
[AC6005-wlan-view]ap-mac 00e0-fc57-26f0 ap-id 2
[AC6005-wlan-ap-2]ap-group ap-group1    
[AC6005-wlan-ap-2]ap-name ap2

建立capwap隧道
m8y5l6j9.png

配置并引用WLAN模板

[AC6005]wlan
[AC6005-wlan-view]regulatory-domain-profile name domain1    
[AC6005-wlan-regulate-domain-domain1]country-code CN

在AC上创建安全模板

[AC6005-wlan-view]security-profile name security-1
[AC6005-wlan-sec-prof-security-1]security wpa-wpa2 psk pass-phrase fanl@123 aes        
[AC6005-wlan-view]security-profile name  security-2    
[AC6005-wlan-sec-prof-security-2]security open

在AC上创建SSID模板

[AC6005-wlan-view]ssid-profile name employee
[AC6005-wlan-ssid-prof-employee]ssid employee.
[AC6005-wlan-view]ssid-profile name voice
[AC6005-wlan-ssid-prof-voice]ssid voice
[AC6005-wlan-view]ssid-profile name guest    
[AC6005-wlan-ssid-prof-guest]ssid guest
[AC6005-wlan-ssid-prof-guest]q

在AC上创建VAP模板

[AC6005-wlan-view]vap-profile name employee
[AC6005-wlan-vap-prof-employee]service-vlan vlan-id 11    
[AC6005-wlan-vap-prof-employee]security-profile security-1
[AC6005-wlan-vap-prof-employee]ssid-profile employee
[AC6005-wlan-view]vap-profile name voice
[AC6005-wlan-vap-prof-voice]service-vlan vlan-id 12
[AC6005-wlan-vap-prof-voice]security-profile security-1
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-voice]ssid-profile voice
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-voice]q
[AC6005-wlan-view]vap-profile name guest
[AC6005-wlan-vap-prof-guest]service-vlan vlan-id 13
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-guest]security-profile security-2
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-guest]ssid-profile guest
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-guest]q

为AP组引用域管理模板

[AC6005-wlan-view]ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1]regulatory-domain-profile domain1

为AP组引用全部VAP模板

[AC6005-wlan-ap-group-ap-group1]vap-profile employee wlan 1 radio all 
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-ap-group1]vap-profile voice wlan 2 radio all
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-ap-group1]vap-profile guest wlan 3 radio all
Info: This operation may take a few seconds, please wait...done.

最终成果
m8y6dqgf.png

学习分享WLAN
版权属于:危险人物
本文链接:https://ml.fanl.cn/archives/125.html
作品采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可
摩斯密码
« 上一篇
Linux--开启路由转发功能(Debian)
下一篇 »
评论区
头像