如图所示,本地转发架构下,AP和Client通过DHCP server获取IP地址,要求在AC上使用MAC地址用户名格式认证方式进行用户身份认证,并使用AC本地进行授权控制终端VLAN,可用于小型局点无服务器下发授权VLAN使用。
1.配置AC
(1)在AC配置相关vlan和对应虚接口地址,并放通对应接口,开启DHCP server功能,AP、无线客户端STA能通过DHCP server自动获取地址。 (2)配置本地认证域
[AC] domain local-mac
[AC-isp-local-mac] authentication lan-access local
[AC-isp-local-mac] authorization-attribute idle-cut 15 1024
(3)配置本地用户并添加授权VLAN
[AC] local-user 449160349157 class network
[AC-luser-network-449160349157] password simple 449160349157
[AC-luser-network-449160349157] authorization-attribute vlan 650
[AC-luser-network-449160349157] service-type lan-access authorization-attribute
(4)配置本地MAC地址的用户名格式
[AC] mac-authentication user-name-format mac-address without-hyphen lowercase
(5)配置无线服务,开启MAC认证与本地转发并调用相应的MAC域
[AC] wlan service-template 1
[AC-wlan-st-1] ssid service
[AC-wlan-st-1] vlan 601
[AC-wlan-st-1] client forwarding-location ap
[AC-wlan-st-1] client-security authentication-mode mac
[AC-wlan-st-1] mac-authentication domain local-mac
[AC-wlan-st-1] service-template enable
(6)配置AP
[AC] wlan ap wx-auth model WA5620
[AC-wlan-ap-wx-auth] serial-id 219801A0YH816CE00009
[AC-wlan-ap-wx-auth] radio 2
[AC-wlan-ap-wx-auth-radio-2] service-template 1
[AC-wlan-ap-wx-auth-radio-2] radio enable
2. apcfg.txt的配置
apcfg.txt的内容,要求为文本文件,按照命令行配置的顺序编写文本文件上传至AC即可,AC与AP关联后,通过map-configuration命令下发至AP生效,从而完成对AP的配置。
# apcfg.txt配置文件为:
system-view
vlan 601
vlan 650
quit
interface GigabitEthernet 1/0/1
port link-type trunk
port trunk permit vlan 601 650
在AC上下发配置文件:
[AC-wlan-ap-wx-auth] map-configuration apcfg.txt
3. Switch的配置
# 创建相关VLAN并放通相关VLAN,配置L2 switch和AP相连的接口为Trunk类型,PVID为AP 管理VLAN。
4. 验证配置
# 完成以上配置后,无线用户Client连接到WLAN网络并进行MAC地址认证。在AC上通过命令display wlan client可以看见无线用户Client从VLAN 650上线。
[AC] display wlan client
Total Number of Clients : 1
MAC address Username AP name RID IP address IPv6 address VLAN
4491-6034-9157 449160349157 wx-auth 2 201.1.2.3 N/A 650
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作