华为wa系列ap使用psk加密的命令行配置心得
新楼装修,客户需要增加6台无线AP。要求三层楼每层2个ap,确保无线可以实现全面的覆盖,dhcp获取地址。核心交换机上,为ap单独划分vlan16,并配置vlan16 的IP地址:172.16.16.254/24 ,DHCP服务器在服务器上,核心交换机做一条中继即可!这里注意服务器接到核心交换机要用access接口!
核心交换机:
vlan 16
description To_wuxian
dhcp server enable
dhcp> interface Vlan-interface16
description to_wuxian
ip address 172.16.16.254 255.255.255.0
dhcp select>
dhcp> 这里,DHCP服务器基本上建立起来了。
开始AP配置:
AP 使用 wpa2 加密
首先做个telnet,这里就不详细描述了。
port-security enable (开启安全)
wlan service-template 2 crypto (新建一个服务模版1 ,数字后有几个选项,选clear 则表示不设密码,选择crypto 则表示要加密)
ssid h3c-wireless (设置无线名称)
cipher-suite ccmp 选择ccmp ,也就是所谓的aes加密类型
security-ie rsn rsn 是wpa2
service-template enable 一定要打这条命令
interface WLAN-BSS2 定义射频
port-security port-mode psk 设置psk 模式
port-security tx-key-type 11key
port-security preshared-key pass-phrase BiUXIl7MkOfTFsVHk/z/YA== 设置密码,红色字体就是要设置的密码,采用加密技术,显示的乱码
interface WLAN-Radio1/0/1
#
interface WLAN-Radio1/0/2 进入模版2.我咨询了华为的工程师,他们给予的解答是radio1/0/1会不稳定,建议选择radio1/0/2
channel 1 设置信道
max-power 20 功率
service-template 2 interface wlan-bss 2绑定射频和模版
无线详细配置:
#
version 5.20, Ess 1302P01
#
sysname 3lou-ap-1
#
domain default enable system
#
telnet server enable
#
port-security enable
#
vlan 1
#
vlan 16
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password simple admin
authorization-attribute level 3
service-type telnet
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 2 crypto
ssid h3c-wireless
cipher-suite ccmp
security-ie rsn
service-template enable
#
cwmp
undo cwmp enable
#
interface NULL0
#
interface Vlan-interface1
ip address 172.16.16.250 255.255.255.0
#
interface Vlan-interface16
#
interface GigabitEthernet1/0/1
#
interface WLAN-BSS2
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher BiUXIl7MkOfTFsVHk/z/YA==
#
interface WLAN-Radio1/0/1
#
interface WLAN-Radio1/0/2
channel 1
max-power 20
service-template 2 interface wlan-bss 2
#
undo info-center enable
#
arp-snooping enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
user privilege level 3
set authentication password simple l74s*
#
return
页:
[1]