密碼認證方式(認證加密方式)
簡介
對于安全認證來說,也是無線比較重要的一塊,在SOHO級別以及小型環境中,比較傾向于預共享的方式進行認證,也就是配置一個大家知道的密碼,輸入后就能連接到無線網絡,常用的有WEP、WPA、WPA2,WEP已經漸漸的淘汰了,非常容易被破解,推薦的是WPA2的AES,對應小型環境或者SOHO級別的來說還是比較容易部署的。當然認證還有很多,比如基于MAC地址認證、dot1x方式 或者portal網頁認證等,這些方式會在后續陸續演示。
掌握目標
1、AC的基本業務配置
2、認證方式的配置
拓撲寫了對應的IP網段,以及各自的VLAN信息,可以對應配置看
路由的配置
interface GigabitEthernet0/0/0
ip address 10.1.200.1 255.255.255.0
#
interface LoopBack100
ip address 100.100.100.100 255.255.255.255
#
ospf 1 router-id 1.1.1.1
default-route-advertise always
area 0.0.0.0
network 10.1.200.1 0.0.0.0
AC的配置
#
interface Vlanif100
ip address 10.1.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 10.1.101.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Vlanif102
ip address 10.1.102.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Vlanif103
ip address 192.168.103.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Vlanif200
ip address 10.1.200.2 255.255.255.0
說明:該VLAN接口地址一個是用于與AR路由器相連,其余的是作為無線客戶端的網關
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 102
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 200
說明:這里由于AP是雙頻的,也可以每個AP發送多個SSID,所以要允許對應的VLAN流量。
interface Wlan-Ess0
port hybrid untagged vlan 101
#
interface Wlan-Ess1
port hybrid untagged vlan 102
#
interface Wlan-Ess2
port hybrid untagged vlan 103
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.1.200.2 0.0.0.0
area 0.0.0.1
network 10.1.100.1 0.0.0.0
network 10.1.101.1 0.0.0.0
network 10.1.102.1 0.0.0.0
network 192.168.103.1 0.0.0.0
wlan
wlan ac source interface vlanif100
ap id 0 type-id 19 mac 00e0-fc03-7820 sn 210235448310F3277942
ap id 1 type-id 19 mac 00e0-fc03-9730 sn 2102354483100A13F850
wmm-profile name wmm1 id 0
traffic-profile name tra1 id 0
security-profile name open id 0
security-profile name wep40 id 1
wep authentication-method share-key
wep key wep-40 pass-phrase 0 simple 12345
security-profile name wpapsk id 2
security-policy wpa
wpa authentication-method psk pass-phrase simple huaweipsk encryption-method ccmp
定義了3種不同的認證方式,分別為open、WEP與WPA
service-set name vlan101 id 0
wlan-ess 0
ssid vlan101
traffic-profile id 0
security-profile id 1
service-vlan 101
service-set name vlan102 id 1
wlan-ess 1
ssid vlan102
traffic-profile id 0
security-profile id 2
service-vlan 102
service-set name guest103 id 2
wlan-ess 2
ssid guest103
user-isolate
traffic-profile id 0
security-profile id 0
service-vlan 103
radio-profile name 2g id 0
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
service-set id 1 wlan 2
service-set id 2 wlan 3
ap 1 radio 0
radio-profile id 0
channel 20MHz 6
service-set id 0 wlan 1
service-set id 1 wlan 2
service-set id 2 wlan 3 #
最后記得comm下發業務給AP即可。
上一篇回顧
下一篇學習
由淺入深玩轉華為WLAN-9 基于無線的MAC地址認證
