【7】如何给Autonomous AP创建SSID
1.简介
Autonomous AP是思科IOS胖AP的叫法,现在使用的场景很少见,通常在临时使用或者单个区域的使用时出现,本文主要为该模式的AP的WLAN进行基本的配置,能满足日常临时使用的基本要求。
2.SSID配置
SSID配置这部分,可以分为单个SSID或多个SSID。
2.1.单SSID配置
假如只有单个SSID需要使用,可以这样做。直接在2.4G接口和5G接口直接绑定对应的 SSID。
关于配置设备的Hostname、账号密码这些操作,这里就不做单独的介绍了,我们直接进行相关的关键配置。
1)dot11 ssid xxx
配置一个名称叫做test的SSID。
!
dot11 ssid test
authentication open
authentication key-management wpa
guest-mode >>>>注意这一命令,如果默认不配置,将会看不到SSID。
wpa-psk ascii 0 12345678
!2)接口下关联SSID
interface Dot11Radio0
no ip address
!
encryption mode ciphers aes-ccm tkip
!
ssid test
!
...
interface Dot11Radio1
no ip address
!
encryption mode ciphers aes-ccm tkip
!
ssid test
!3)设备IP和网关配置
interface BVI1
ip address 172.29.98.14 255.255.255.0
no ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip default-gateway 172.29.98.1
2.2.多SSID配置
在开始之前,有一些基本的注意事项,AP通常是连接在SW接口的,那么AP的上行接口需要放行我们SSID对应的VLAN。如果SSID对应的VLAN和DHCP Server跨网段,需要注意在GW配置到DHCP Server的中继。
1)配置VLAN-WLAN映射
dot11 pause-time 100
dot11 syslog
dot11 vlan-name employee vlan 10
dot11 vlan-name guest vlan 202)配置SSID
dot11 ssid employee
vlan 10
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 Cisco@123
!
dot11 ssid guest
vlan 20
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 0 123abcd
!
3)接口下关联SSID
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 20 mode ciphers aes-ccm tkip
!
ssid employee
!
ssid guest
!
antenna gain 0
stbc
beamform ofdm
mbssid
...
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
...
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
encryption vlan 20 mode ciphers aes-ccm tkip
!
ssid employee
!
ssid guest
!
antenna gain 0
stbc
beamform ofdm
mbssid
station-role root
...
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 spanning-disabled
no bridge-group 10 source-learning
!
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 spanning-disabled
no bridge-group 20 source-learning
!4)配置IP和GW
interface BVI1
mac-address bc16.xxx8.0c65
ip address 192.168.1.100 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip default-gateway 192.168.1.254
ip forward-protocol nd本期就到这里~ :)