1、基础配置见不带认证接入
2、开启认证开关和认证方式
[Navigator]wlan service-template 1 cry
[Navigator-wlan-st-1]authentication-method open-system
[Navigator-wlan-st-1]service-template enable
缺省情况下,使用 open-system 认证
方式 需要注意的是:
只有在使用 WEP 加密时才可选用 shared-key 认证机制, 此时必须配置命令 authentication-method shared-key
对于 RSN 和 WPA ,开放系统认证
方式要求必须配置,共享密钥认证
方式不作要求
3、配置WPA
开启WPA
[Navigator-wlan-st-1]security-ie wpa
4、配置TKIP和ccmp加密套件
[Navigator-wlan-st-1]cipher-suite tkip
[Navigator-wlan-st-1]cipher-suite cc
[Navigator-wlan-st-1]cipher-suite ccmp
5、配置端口相关
在配置端口安全之前,完成了以下任务:
(1) 创建无线端口 [Sysname] interface wlan-bss 0
(2) 全局使能端口安全 [Sysname] port-security enable
5.1配置PSK认证
[Navigator-WLAN-BSS0]port-security tx-key-type 11key 开启密钥协商功能;
[Navigator-WLAN-BSS0]port-security preshared-key pass-phrase mis 配置共享密钥
[Navigator-WLAN-BSS0]port-security port-mode psk 配置端口安全模式
6、 将 WLAN-BSS 接口与服务模板绑定。 这里没有做,无线客户端找补到
[Navigator]int WLAN-Radio 2/0
[Navigator-WLAN-Radio2/0]radi
[Navigator-WLAN-Radio2/0]radio-type dot11
[Navigator-WLAN-Radio2/0]radio-type dot11b
[Navigator-WLAN-Radio2/0]radio-type dot11g
[Navigator-WLAN-Radio2/0]ser
[Navigator-WLAN-Radio2/0]service-template 1 int wlan-bss0
配置完成,检查:
dis wlan client
Total Number of Clients : 1
Total Number of Clients Connected : 1
Client Information
-------------------------------------------------------------------
MAC Address BSSID AID State PS Mo
-------------------------------------------------------------------
0013-cea9-9691 000f-e2bf-6b60 1 Running Activ
dis port-security preshared-key user
Index Mac-Address VlanID Interface
-------------------------------------------------------
0 0013-cea9-9691 1 WLAN-BSS0
特别说明带DHCP分配的配置:
1、全局启用DHCP功能;
[Navigator]dhcp en
2、配置DHCP服务器(本路由器作为服务器)
#
dhcp server ip-pool vlan1h3c extended
network ip range 192.168.192.100 192.168.192.199
network mask 255.255.255.0
gateway-list 192.168.192.254
dns-list 8.8.8.8
#
3、在INTERFACE VLAN 1接口中应用地址池vlan1h3c
interface Vlan-interface1
ip address 192.168.192.254 255.255.255.0
dhcp server apply ip-pool vlan1h3c
#
4、查看
[Navigator]dis dhcp server ip all
Global pool:
IP address Client-identifier/ Lease expiration Type
Hardware address
192.168.192.100 0013-cea9-9691 Jan 2 2007 04:11:15 Auto:COMMITTED
--- total 1 entry ---