As shown in the networking diagram, the registered VLAN is VLAN 100 and the service VLAN is VLAN 200.
By authenticating the MAC of the terminal device, the purpose of controlling user access is achieved.
1. Configure the IP address on the wireless controller.
2.AC:
[AC] domain local-mac
[AC-isp-local-mac] authentication lan-access local
[AC-isp-local-mac] accounting lan-access local
[AC-isp-local-mac] authorization lan-access local
[AC-isp-local-mac] authorization-attribute idle-cut 15 1024
[AC] quit
#
[AC] local-user b0eb57595cea class network
[AC-luser-network-3ca9f4144c20] password simple b0eb57595cea
[AC-luser-network-3ca9f4144c20] service-type lan-access
[AC-luser-network-3ca9f4144c20] quit
[AC] mac-authentication user-name-format mac-address without-hyphen lowercase
#
[AC] wlan service-template 1
[AC-wlan-st-1] ssid service
[AC-wlan-st-1] vlan 200
[AC-wlan-st-1] client-security authentication-mode mac
[AC-wlan-st-1] mac-authentication domain local-mac
[AC-wlan-st-1] akm mode psk
[AC-wlan-st-1]preshared-key pass-phrase simple 12345678
[AC-wlan-st-1]cipher-suite ccmp
[AC-wlan-st-1]security-ie rsn
[AC-wlan-st-1] service-template enable
[AC] wlan ap officeap model WA4320i-ACN
[AC-wlan-ap-officeap] radio 2
[AC-wlan-ap-officeap-radio-2] service-template 1 vlan 200
[AC-wlan-ap-officeap-radio-2] radio enable
[AC-wlan-ap-officeap-radio-2] quit
[AC-wlan-ap-officeap] quit
#
SWITCH:
[H3C] interface gigabitethernet1/0/1 //uplink to AC
[H3C-GigabitEthernet1/0/1] port link-type trunk
[H3C-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[H3C-GigabitEthernet1/0/1] port trunk permit vlan 100 200
[H3C-GigabitEthernet1/0/1] quit
#
[H3C] interface gigabitethernet1/0/2 //TO AP
[H3C-GigabitEthernet1/0/2]port trunk permit vlan 100 200
[H3C-GigabitEthernet1/0/2] port trunk pvid 100
[H3C-GigabitEthernet1/0/2] poe enable
[H3C-GigabitEthernet1/0/2] quit
###################################################
Total Number of Clients : 1
MAC address User name AP name RID IP address IPv6 address VLAN
b0eb-5759-5cea b0eb57595cea officeap 2 192.168.200.2 -NA- 200
[AC-wlan-st-1] client-security authentication-mode mac
[AC-wlan-st-1] mac-authentication domain local-mac
No comments
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作