本手册适用于如下产品:支持11ac协议的V5平台fat模式的ap,包含:WAP712C、WAP722等
设备默认管理地址是192.168.0.50,登录账号是admin/h3capadmin。
注:因AP的推荐功能是做无线接入点,推荐将NAT和路由做在上层路由设备上,AP推荐当无线交换机使用。
本案例介绍如何通过命令行给WAP712C配置静态ip地址上网。
假设WAP712C 以太网口连接上层交换机(可以直连运营商),分配的公网地址、网关及DNS如下:
上联地址 |
网关 |
DNS |
192.168.1.2/24 |
192.168.1.1/24 |
114.114.114.114 |
内网网段 |
内网网关 |
DNS |
192.168.10.0/24 |
192.168.10.1/24 |
114.114.114.114 |
AP发射无线信号让无线终端连接并获取地址上网。PC自动获取192.168.10.0/24网段,网关为vlan2口地址192.168.10.1,DNS服务器地址为114.114.114.114。
外网ip vlan1:192.168.1.2
内网ip vlan2:192.168.10.1
# 配置外部ip地址。
[H3C]int Vlan-interface 1
[H3C-Vlan-interface1] ip address 192.168.1.2 24
[H3C-Vlan-interface1]quit
# 创建vlan2,配置内网ip地址。
[H3C]vlan 2
[H3C-vlan2]quit
[H3C]int Vlan-interface 2
[H3C-Vlan-interface2]ip address 192.168.10.2 24
[H3C-Vlan-interface2]quit
# 配置出口缺省路由下一跳指向公网网关,外网互联接口下开启NAT地址转换功能。
[H3C]ip route-static 0.0.0.0 0 192.168.1.1
[H3C]int Vlan-interface 1
[H3C-Vlan-interface1]nat outbound
[H3C-Vlan-interface1]quit
# 给内网客户端开启地址自动分配功能,客户端连接无线能自动获取ip地址和网关以及DNS信息。
[H3C]dhcp enable
[H3C]dhcp server ip-pool 1
[H3C-dhcp-pool-1] network 192.168.10.0 24
[H3C-dhcp-pool-1] gateway-list 192.168.10.1
[H3C-dhcp-pool-1] dns-list 114.114.114.114
[H3C-dhcp-pool-1] quit
# 开启端口安全功能(有无线秘钥时必配),创建Bss口设置无线密码12345678和无线客户端所在VLAN2。
[H3C]port-security enable
[H3C]interface wlan-bss 1
[H3C-WLAN-BSS1]port-security port-mode psk
[H3C-WLAN-BSS1]port-security preshared-key pass-phrase simple 12345678
[H3C-WLAN-BSS1]port-security tx-key-type 11key
[H3C-WLAN-BSS1]port access vlan 2
[H3C-WLAN-BSS1]quit
# 设置无线服务模板,设置SSID为psktest并启用。
[H3C]wlan service-template 1 crypto
[H3C-wlan-st-1]ssid psktest
[H3C-wlan-st-1]security-ie rsn
[H3C-wlan-st-1]cipher-suite ccmp
[H3C-wlan-st-1]authentication-method open-system
[H3C-wlan-st-1]service-template enable
[H3C-wlan-st-1]quit
# 进入无线radio口绑定服务模板。
[H3C]interface wlan-radio1/0/1
[H3C-WLAN-Radio1/0/1]service-template 1 interface wlan-bss 1
[H3C]interface wlan-radio1/0/2
[H3C-WLAN-Radio1/0/2]service-template 1 interface wlan-bss 1
[H3C-WLAN-Radio1/0/2]quit
[H3C]save force
我按照这样的配置配置了无线路由,但是还是上不了网,有没有大神能解释一下
# version 5.20, Release 1509P01
# sysname WA4320
# clock timezone UTC add 00:00:00
# domain default enable system
# ip host DNS 218.203.59.116 ip host DNS1 218.203.59.216
# telnet server enable
# port-security enable
# password-recovery enable
# undo attack-defense tcp fragment enable
# vlan 1
# vlan 2
# domain system access-limit disable state active idle-cut disable self-service-url disable
# dhcp server ip-pool 1
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 218.203.59.116
# user-group system
group-attribute allow-guest
# local-user admin
password cipher $c$3$K+PTBmOvzwflQze7Oos+NvFDERIM23JA
authorization-attribute level 3
service-type telnet
service-type web
# wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
# wlan service-template 3 crypto
ssid DigitalBranch
cipher-suite ccmp
security-ie rsn
service-template enable
# cwmp undo cwmp enable
# interface NULL0
# interface Vlan-interface1
ip address 192.168.1.52 255.255.255.0
undo dhcp select server global-pool
nat outbound
# interface Vlan-interface2
ip address 192.168.10.2 255.255.255.0
# interface GigabitEthernet1/0/1
# interface WLAN-BSS36
port link-type hybrid
port hybrid vlan 1 to 2 untagged
port hybrid pvid vlan 2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$vEzyPaFzIwwpS551kpsfoOTE7HPNcglSWNIw1A==
# interface WLAN-BSS37
port link-type hybrid
port hybrid vlan 1 to 2 untagged
port hybrid pvid vlan 2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$vEzyPaFzIwwpS551kpsfoOTE7HPNcglSWNIw1A==
# interface WLAN-Radio1/0/1
service-template 3 interface wlan-bss 36
# interface WLAN-Radio1/0/2
service-template 3 interface wlan-bss 37
# ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
# dhcp enable
# ssh server enable
# arp-snooping enable
# load xml-configuration
# load tr069-configuration
# user-interface con 0
user-interface vty 0 4
authentication-mode scheme #
(0)
找到原因了 内网地址应该是192.168.10.1
[H3C]vlan 2
[H3C-vlan2]quit
[H3C]int Vlan-interface 2
[H3C-Vlan-interface2]ip address 192.168.10.1 24
[H3C-Vlan-interface2]quit
这里
(0)
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作