路由器做胖ap配置双ssid的方法

问题描述

路由器做胖ap配置双ssid的方法

 解决方案

如上面拓扑举例说明

数据规划

DHCP服务器：AR路由器

员工业务：VLAN 10，SSID为“employee”，密码为“huawei@123”，网段为10.10.10.1/24

访客业务：VLAN 20，SSID为“guest”，密码为“abcd@123”，网段为10.10.20.1/24

操作步骤

一、配置接口IP并启用DHCP

<AR> system-view    //先从用户视图切换到系统视图再进行配置

[AR] vlan batch 10 20 //创建规划好的业务VLAN

[AR] dhcp enable      //打开DHCP总开关

[AR] interface vlanif 10 //创建VLANIF10接口

[AR-Vlanif10] ip address 10.10.10.1 255.255.255.0 

//配置IP地址，此IP地址是VLAN10用户的网关地址

[AR-Vlanif10] dhcp select interface /开启接口的DHCP服务器功能

[AR-Vlanif10] dhcp server dns-list 114.114.114.114                           

 //配置用户上网时用到的DNS服务器地址

[AR-Vlanif10] quit

[AR] interface vlanif 20 //创建VLANIF20接口

[AR-Vlanif20] ip address 10.10.20.1 255.255.255.0                              

//配置IP地址，此IP地址是VLAN20用户的网关地址

[AR-Vlanif20] dhcp server dns-list 114.114.114.114

[AR-Vlanif20] quit

二、WLAN业务配置（提供无线网络）

1. 全局启用dot1x

说明：认证方式为WPA/WAP2-PSK认证时，需要全局启用dot1x特性。

[AR] dot1x enable

2.  配置服务集

·    配置员工网络的服务集（employee）

[AR] interface wlan-bss 1  //创建WLAN-BSS1接口并加入相应业务VLAN 

[AR-Wlan-Bss1] port hybrid tagged vlan 10

[AR-Wlan-Bss1]  quit

[AR] wlan      //进入WLAN视图

[AR-wlan-view] security-profile name employee                                

//创建名称为“employee”的安全模板

[AR-wlan-sec-prof-employee] security-policy wpa2    

 //配置使用WPA2安全策略并设置密码

[AR-wlan-sec-prof-employee] wpa2 authentication-method psk pass-phrase cipher huawei@123 encryption-method ccmp

[AR-wlan-sec-prof-employee] quit

[AR-wlan-view] traffic-profile name employee                                   

//创建名称为“employee”的流量模板，参数采用默认配置

[AR-wlan-traffic-prof-employee] quit

[AR-wlan-view] service-set name employee               

//创建名称为“employee”的服务集，并绑定WLAN-BSS接口、安全模板和流量模板

[AR-wlan-service-set-employee] ssid employee                                

 //指定SSID为“employee”

[AR-wlan-service-set-employee] wlan-bss 1

[AR-wlan-service-set-employee] security-profile name employee

[AR-wlan-service-set-employee] traffic-profile name employee

[AR-wlan-service-set-employee] quit

[AR-wlan-view] quit

·    配置访客网络的服务集（guest）

[AR] interface wlan-bss 2                                                                 

//创建WLAN-BSS2接口并加入相应业务VLAN 

[AR-Wlan-Bss2] port hybrid tagged vlan 20

[AR-Wlan-Bss2]  quit

[AR] wlan

[AR-wlan-view] security-profile name guest                                      

//创建名称为“guest”的安全模板

[AR-wlan-sec-prof-guest] security-policy wpa2

[AR-wlan-sec-prof-guest] wpa2 authentication-method psk pass-phrase cipher abcd@123 encryption-method ccmp

[AR-wlan-sec-prof-guest] quit

[AR-wlan-view] traffic-profile name guest                                         

//创建名称为“guest”的流量模板，参数采用默认配置

[AR-wlan-traffic-prof-guest] quit

[AR-wlan-view] service-set name  guest                   

//创建名称为“guest”的服务集，并绑定WLAN-BSS接口、安全模板和流量模板

[AR-wlan-service-set-guest] ssid guest                                             

//指定SSID为“guest”

[AR-wlan-service-set-guest] wlan-bss 2

[AR-wlan-service-set-guest] security-profile name guest

[AR-wlan-service-set-guest] traffic-profile name guest

[AR-wlan-service-set-guest] quit

[AR-wlan-view] quit