H3C-AC間漫遊用户怎麼接入AP控制,接入AP控制配置過程有什麼要點,配置命令是什麼?下面跟yjbys小編一起來看看吧!
一、組網需求
兩個無線控制器 AC 1 和AC 2 通過一個二層交換機連接,兩個AC 處於同一個漫遊組,客户端先通過AP 1 獲取無線服務,然後漫遊到與AC 2 相連的AP 2 上。要求客户端通過允許接入的AP 接入無線網絡,並保證客户端在漫遊後還能獲取無線服務。
三、配置步驟
説明:radius服務的配置參考其他,本省略
(1) 配置AC 1
# 配置AP 1。
system-view
[AC1] port-security enable
[AC1] dot1x authentication-method eap
[AC1] interface wlan-ess 1
[AC1-WLAN-ESS1] port-security port-mode userlogin-secure-ext
[AC1-WLAN-ESS1] port-security tx-key-type 11key
[AC1-WLAN-ESS1] undo dot1x multicast-trigger
[AC1-WLAN-ESS1] undo dot1x handshake
[AC1-WLAN-ESS1] quit
[AC1] wlan service-template 1 crypto
[AC1-wlan-st-1] ssid abc
[AC1-wlan-st-1] bind wlan-ess 1
[AC1-wlan-st-1] authentication-method open-system
[AC1-wlan-st-1] cipher-suite ccmp
[AC1-wlan-st-1] security-ie rsn
[AC1-wlan-st-1] service-template enable
[AC1-wlan-st-1] quit
[AC1] wlan ap ap1 model WA2100
[AC1-wlan-ap-ap1] serial-id 210235A045B05B1236548
[AC1-wlan-ap-ap1] radio 1 type dot11g
[AC1-wlan-ap-ap1-radio-1] service-template 1
[AC1-wlan-ap-ap1-radio-1] radio enable
[AC1-wlan-ap-ap1-radio-1] quit
[AC1-wlan-ap-ap1] quit
# 配置AC 1 上的.漫遊組,並使能IACTP 服務。
[AC1] wlan mobility-group abc
[AC1-wlan-mg-abc] source ip
[AC1-wlan-mg-abc] member ip
[AC1-wlan-mg-abc] mobility-group enable
[AC1-wlan-mg-abc] return
# 配置AP 組並應用在User Profile 下。
system-view
[AC1] wlan ap-group 1
[AC1-ap-group1] ap ap1 ap2
[AC1-ap-group1] quit
[AC1] user-profile management
[AC1-user-profile-management] wlan permit-ap-group 1
[AC1-user-profile-management] quit
[AC1] user-profile management enable
(2) 配置AC 2
# 配置AP 2。
system-view
[AC2] port-security enable
[AC2] dot1x authentication-method eap
[AC2] interface wlan-ess 1
[AC2-WLAN-ESS1] port-security port-mode userlogin-secure-ext
[AC2-WLAN-ESS1] port-security tx-key-type 11key
[AC2-WLAN-ESS1] undo dot1x multicast-trigger
[AC2-WLAN-ESS1] undo dot1x handshake
[AC2-WLAN-ESS1] quit
[AC2] wlan service-template 1 crypto
[AC2-wlan-st-1] ssid abc
[AC2-wlan-st-1] bind wlan-ess 1
[AC2-wlan-st-1] authentication-method open-system
[AC2-wlan-st-1] cipher-suite ccmp
[AC2-wlan-st-1] security-ie rsn
[AC2-wlan-st-1] service-template enable
[AC2-wlan-st-1] quit
[AC2] wlan ap ap2 model WA2100
[AC2-wlan-ap-ap2] serial-id 210235A22W0076000103
[AC2-wlan-ap-ap2] radio 1 type dot11g
[AC2-wlan-ap-ap2-radio-1] service-template 1
[AC2-wlan-ap-ap2-radio-1] radio enable
[AC2-wlan-ap-ap2-radio-1] quit
[AC2-wlan-ap-ap2] quit
# 配置AC 2 上的漫遊組,並使能IACTP 服務。
[AC2] wlan mobility-group abc
[AC2-wlan-mg-abc] source ip
[AC2-wlan-mg-abc] member ip
[AC2-wlan-mg-abc] mobility-group enable
[AC2-wlan-mg-abc] quit
# 配置AP 組並應用在User Profile 下。
[AC2] wlan ap-group 1
[AC2-ap-group1] ap ap1 ap2
[AC2-ap-group1] quit
[AC2] user-profile management
[AC2-user-profile-management] wlan permit-ap-group 1
[AC2-user-profile-management] quit
[AC2] user-profile management enable
(3) 驗證結果
AP 1 和AP 2 下的User Profile 均允許接入AP 1,AP 2,客户端漫遊成功。
