现在的位置: 首页 > 综合 > 正文

Cisco 1231AP多ssid绑定VLAN

2012年03月20日 综合 ⁄ 共 3309字 ⁄ 字号 评论 1 条

下面是配置的过程

一、交换机上的配置

1、交换机上新建一个vlan 80,接ADSL的端口加入这个vlan。

2、接Cisco 1231AP的端口设置为trunk端口。

配置内容如下:

pgisuzs10#sh run
Building configuration...

Current configuration : 1471 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname pgisuzs10
!
enable secret 5 $1$5w9D$OpZe8y8TqhWYLYCz7ZeXn.
!
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 80
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
........

!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
interface Vlan80
no ip route-cache
!
ip http server
!
line con 0
password 7 1210091B100E0E052920
logging synchronous
login
line vty 0 4
password 7 1210091B100E0E052920
login
line vty 5 15
login
!
!
end

二、无线AP上的设置。

1、创建两个ssid,一个为internal,默认加入vlan1,用于公司内网,另一个为external,加入vlan 80,用于公司外网。

2、设置加密方式,启用多ssid (mbssid)。

3、Dot11radio0上启用internal和external,启用多ssid功能,创建子接口,封装vlan标签,并且分别加入两个group,分别为group1和group80。

4、Fastethernet0上创建子接口,同样封装vlan标签,再分别加入group1和group80。

5、BVI1上设置管理IP,最好与内网相同。

AP的配置如下:

pgisuzwap20#sh run
Building configuration...

Current configuration : 2636 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname pgisuzwap20
!
enable secret 5 $1$MCBf$PKRbOOHFKn5bRsCo3Cz1o1
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid external
vlan 80
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 12485744465E5A53727274
!
dot11 ssid internal
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 040A59555B741A19514055
!
!
!
username Cisco password 7 032752180500
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 80 mode ciphers tkip
!
ssid external
!
ssid internal
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
bridge-group 80 subscriber-loop-control
bridge-group 80 port-protected
bridge-group 80 block-unknown-source
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.80
encapsulation dot1Q 80
no ip route-cache
bridge-group 80
no bridge-group 80 source-learning
no bridge-group 80 unicast-flooding
bridge-group 80 spanning-disabled
!
interface BVI1
ip address 192.168.1.10 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
password 7 000D1F0A065E09070C2A
logging synchronous
login
transport preferred all
transport output all
line vty 0 4
password 7 104705150712100A0F0F
login
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
!
end

最后测试成功,分别连上internet和external,获取不同的ip网络,并且互不影响。

目前有 1 条留言    访客:1 条, 博主:0 条

  1. Sherika Mistretta 2012年10月03日 下午 11:24  @回复  Δ1楼 回复

    帮助很大

给我留言

留言无头像?