cisco無線AP設定VLAN配置樣例。

思科AP配置指令碼vlan加wpa認證說明

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RZTELE

!

enable secret 5 $1$WlqT$GgLfJfxBeZ.XgGuZfcajP.

!

no aaa new-model

!

!

dot11 vlan-name v-huiyishi vlan 271

dot11 vlan-name v-test vlan 270

dot11 vlan-name v-wangluobu vlan 263

dot11 vlan-name v-wangyunbu vlan 15

dot11 vlan-name vlan-1 vlan 1 \給vlan命名

!

dot11 ssid ChinaNet \定義ssid

vlan 1

authentication open

guest-mode

mbssid guest-mode \以上不需要認證的配置


!

dot11 ssid HuiYiShi

vlan 271

authentication open

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 0 1234567890 \以上是wpa認證的配置

!

dot11 ssid WangLuobu

vlan 263

authentication open

mbssid guest-mode

!

dot11 ssid WangYunBu

vlan 15

authentication open

authentication key-management wpa version 2

mbssid guest-mode 

wpa-psk ascii 0 wangyunbu.pass

!

!

!

username Cisco privilege 15 password 0 123456

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

encryption vlan 15 mode ciphers tkip

!

encryption vlan 270 mode ciphers tkip

!

encryption vlan 271 mode ciphers tkip 認證的加密配置

!

ssid ChinaNet

!

ssid HuiYiShi

!

ssid WangLuobu

!

ssid WangYunBu \將ssid應用到埠上

!

mbssid \啟用多ssid功能

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1

no ip route-cache

!

interface Dot11Radio0.15

encapsulation dot1Q 15 native \配置管理vlan要加上native

ip address 172.20.63.30 255.255.255.0

no ip route-cache

bridge-group 1 \選擇組別（範圍是1-255），要和下面的interface FastEthernet0.15一致

bridge-group 1 port-protected

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.263

encapsulation dot1Q 263

ip address 172.20.62.109 255.255.255.240

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 port-protected

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

!

interface Dot11Radio0.270

encapsulation dot1Q 270

no ip route-cache

bridge-group 254

bridge-group 254 subscriber-loop-control

bridge-group 254 port-protected

bridge-group 254 block-unknown-source

no bridge-group 254 source-learning

no bridge-group 254 unicast-flooding

bridge-group 254 spanning-disabled

!

interface Dot11Radio0.271

encapsulation dot1Q 271

no ip route-cache

bridge-group 253

bridge-group 253 subscriber-loop-control

bridge-group 253 port-protected

bridge-group 253 block-unknown-source

no bridge-group 253 source-learning

no bridge-group 253 unicast-flooding

bridge-group 253 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

!

interface FastEthernet0.1

encapsulation dot1Q 1

no ip route-cache

!

interface FastEthernet0.15

encapsulation dot1Q 15 native

ip address dhcp

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.263

encapsulation dot1Q 263

ip address 172.20.62.110 255.255.255.240

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface FastEthernet0.270

encapsulation dot1Q 270

no ip route-cache

bridge-group 254

no bridge-group 254 source-learning

!

interface FastEthernet0.271

encapsulation dot1Q 271

ip address dhcp

no ip route-cache

bridge-group 253

no bridge-group 253 source-learning

bridge-group 253 spanning-disabled

!

interface BVI1

ip address 172.20.63.8 255.255.255.0 \配置管理vlan的ip地址

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

no cdp run

bridge 1 route ip

!

!

!

line con 0

password Cisco

line vty 0 4

password Cisco

login

!

end

本文轉自 qq8658868 51CTO部落格，原文連結：http://blog.51cto.com/hujizhou/1130488，如需轉載請自行聯絡原作者