show run
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname myap //设置名称
!
enable secret 5$1$HEM4$4xBQt1xZCkFBAga1R6tJ8/ //enable密码
!
no aaa new-model
!
!
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname myap //设置名称
!
enable secret 5$1$HEM4$4xBQt1xZCkFBAga1R6tJ8/ //enable密码
!
no aaa new-model
!
!
dot11 vlan-name internalvlan 10 //定义2个vlan 10,20 命名分别为internal guest
dot11 vlan-name guest vlan 20
!
dot11 ssid internal //创建并配置ssid
!
dot11 ssid internal //创建并配置ssid
vlan 10 //加入vlan10
authentication open //对所有设备开放认证
authentication key-management wpa version 2 //选择加密方式(wpa2)
mbssid guest-mode //来宾模式
wpa-psk ascii 70605062F424B1D485744465E5A//设置密码
!
authentication open //对所有设备开放认证
authentication key-management wpa version 2 //选择加密方式(wpa2)
mbssid guest-mode //来宾模式
wpa-psk ascii 70605062F424B1D485744465E5A//设置密码
!
dot11 ssid guest
vlan 20
authentication open
authentication key-management wpa version 2
vlan 20
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 151A1E0D0A2D3C2121
power inline negotiation prestandard source
!
!
username root secret 5 $1$b9X9$KPWjv8hjKogY1335G/7QM1
!
bridge irb
!
!
interface Dot11Radio0 //广播0接口(一般0接口为54M,1接口为11M)
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip //wpa认证的加密配置(需要先定义)
!
wpa-psk ascii 7 151A1E0D0A2D3C2121
power inline negotiation prestandard source
!
!
username root secret 5 $1$b9X9$KPWjv8hjKogY1335G/7QM1
!
bridge irb
!
!
interface Dot11Radio0 //广播0接口(一般0接口为54M,1接口为11M)
no ip address
no ip route-cache
!
encryption vlan 10 mode ciphers aes-ccm tkip //wpa认证的加密配置(需要先定义)
!
encryption vlan 20 mode ciphers aes-ccm tkip
!
ssid internal //将SSID应用到接口
ssid internal //将SSID应用到接口
!
ssid guest
!
mbssid // 启用多ssid功能 (这个功能很重要,开启多SSID 模式)
channel 2462
station-role root access-point
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 40bit 7 123456789012 transmit-key
encryption mode wep mandatory
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface BVI1
ip address 10.16.4.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.4.1
channel 2462
station-role root access-point
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 40bit 7 123456789012 transmit-key
encryption mode wep mandatory
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface BVI1
ip address 10.16.4.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.16.4.1
ip http server
ip http authentication local
no ip http secure-server
ip http help-pathhttp://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
ip http authentication local
no ip http secure-server
ip http help-pathhttp://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
要配置IP地址的接口是BVI,BVI(Bridge-Group Virtual Interface)网桥虚拟接口,AP连接到有线网络时,使用BVI将所有接口都聚合到一个IP地址下,然后通过AP的以太网口或无线端口访问BVI地址对AP进行管理。
