华为无线设备配置WAPI-证书安全策略
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文
[LSW1]vlan batch 100
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[LSW1-GigabitEthernet0/0/2]port-isolate enable
[AC1]vlan batch 100
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100配置AC与上层网络设备互通
[AC1]vlan batch 101 102 103
[AC1-Vlanif101]ip add 10.1.101.1 24
[AC1-Vlanif102]ip add 10.1.102.1 24
[AC1-Vlanif103]ip add 10.1.103.1 24
[AC1-GigabitEthernet0/0/2]port link-type access
[AC1-GigabitEthernet0/0/2]port default vlan 102
[AC1-GigabitEthernet0/0/3]port link-type trunk
[AC1-GigabitEthernet0/0/3]port trunk allow-pass vlan 103
[AC1-GigabitEthernet0/0/3]port trunk pvid vlan 103
[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.102.2配置AC给AP分配IP地址,AR给STA分配IP地址
[AC1]dhcp enable
[AC1-Vlanif100]ip add 10.1.100.1 24
[AC1-Vlanif100]dhcp select interface
[AC1-Vlanif101]dhcp select relay
[AC1-Vlanif101]dhcp relay server-ip 10.1.102.2
[AR1]dhcp enable
[AR1-ip-pool-sta]gateway-list 10.1.101.1
[AR1-ip-pool-sta]dns-list 8.8.8.8
[AR1-ip-pool-sta]network 10.1.101.0 mask 24
[AR1-GigabitEthernet0/0/0]ip add 10.1.102.2 24
[AR1-GigabitEthernet0/0/0]dhcp select global
[AR1]ip route-static 10.1.101.0 24 10.23.102.1配置AP上线
创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name ap-group1
创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
[AC1]capwap source interface Vlanif 100
在AC上离线导入AP,并将AP加入AP组
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc19-7cf0
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group ap-group1
配置WLAN业务参数
创建安全模板,并配置安全策略
[AC1]wlan
[AC1-wlan-view]security-profile name wlan-security
[AC1-wlan-sec-prof-wlan-security]security wapi certificate
[AC1-wlan-sec-prof-wlan-security]wapi asu ip 10.1.103.2
[AC1-wlan-sec-prof-wlan-security]wapi import certificate ac format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import certificate asu format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import certificate issuer format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import private-key format pem file-name flash:/ae.cer
创建SSID模板,并配置SSID名称
[AC1-wlan-view]ssid-profile name wlan-ssid
[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net
创建VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板、认证模板和SSID模板
[AC1-wlan-view]vap-profile name wlan-vap
[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel
[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 101
[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security
[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid
配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板的配置
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 0
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 1配置AP射频的信道和功率
关闭射频的信道和功率自动调优功能
[AC1-wlan-view]rrm-profile name default
[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable
[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable
配置AP射频的信道和功率
[AC1-wlan-view]ap-id 0
[AC1-wlan-ap-0]radio 0
[AC1-wlan-radio-0/0]channel 20mhz 6
[AC1-wlan-radio-0/0]eirp 127
[AC1-wlan-ap-0]radio 1
[AC1-wlan-radio-0/1]channel 20mhz 149
[AC1-wlan-radio-0/1]eirp 127
华为无线设备配置WAPI-证书安全策略相关推荐
- 华为无线设备配置WPA2-802.1X-AES安全策略
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 100 [LSW1-GigabitEthernet0/0/1]port link-type trunk [ ...
- 华为无线设备配置同一业务VLAN的AP间快速漫游
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 100 [LSW1-GigabitEthernet0/0/1]port link-type trunk [ ...
- 华为无线设备配置不同业务VLAN的AP间快速漫游
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 100 [LSW1-GigabitEthernet0/0/1]port link-type trunk [ ...
- 华为无线设备配置WIDS和WIPS
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 100 [LSW1-GigabitEthernet0/0/1]port link-type trunk [ ...
- 华为无线设备配置静态负载均衡
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 10 [LSW1-GigabitEthernet0/0/1]port link-type trunk [L ...
- 华为无线设备配置动态负载均衡
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 10 [LSW1-GigabitEthernet0/0/1]port link-type trunk [L ...
- 华为无线设备配置用户CAC
配置LAW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 10 [LSW1-GigabitEthernet0/0/1]port link-type trunk [L ...
- 华为无线设备配置WMM和优先级映射
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 100 [LSW1-GigabitEthernet0/0/1]port link-type trunk [ ...
- 华为无线设备配置智能漫游
配置LSW和AC,使AP与AC之间能够传输CAPWAP报文 [LSW1]vlan batch 10 [LSW1-GigabitEthernet0/0/1]port link-type trunk [L ...
- 华为无线设备配置利用WDS技术部署WLAN业务
配AC与AP1之间网络互通,配置AP2与AP3之间网络互通 [LSW2]vlan batch 100 to 101 [LSW2-GigabitEthernet0/0/1]port link-type ...
最新文章
- 这些Java代码优化细节,你需要注意!
- SDNU 1085.爬楼梯再加强版(矩阵快速幂)
- QML - 小例子 - 文件目录浏览器
- Java中的代理设计模式
- 二建施工管理思维导图_备考二建不丢分?二建思维导图全程指导,知识点记忆快、不分散...
- FullCalendar 五:FullCalendar应用——编辑与删除日程事件
- ubuntu 系统相关
- 帆软日期格式转换_日期和时间函数- FineReport帮助文档 - 全面的报表使用教程和学习资料...
- Macbook Pro 扩展内存
- Unity3D “xx AnimationEvent has no function name specified!”解决方案
- window下nginx实现图片缩放实操
- 深入理解char * ,char ** ,char a[ ] ,char *a[]
- tar linux 跳过解压,【linux命令】linux解压压缩命令tar详解以及压缩的时候如何跳过某一个压缩目录或文件...
- PHP实战——开发遇到过的错误问题与解决方案汇总
- CG-23H 超声波风速风向传感器--易风(加热型)
- ( 题解 )第六届蓝桥杯决赛试题 -- 完美正方形 (线段树 + 深搜)
- 产品游戏化 工作叙述清单
- 2023年5月PMP应该如何备考?(含pmp资料)
- 斐讯盒子N1-docker入门二(制作openwrt)
- 看图神器ImageGlass v7.6.4.30