在AP本地配置静态IP上线示例
配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中。[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit
# 配置AC的源接口。 V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK(AC和AP的DTLS加密使用的预共享密钥)、AC间DTLS加密的PSK(AC间隧道DTLS加密使用的预共享密钥)、登录AP的用户名和密码、全局的离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。
[AC] capwap source interface vlanif 100
Set the DTLS PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******
Set the DTLS inter-controller PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******
Set the user name for FIT APs(contains 4-31 plain-text characters, which can only include letters, digits and underlines. And the first character must be a letter):admin
Set the password for FIT APs(plain-text password of 8-128 characters or cipher-text password of 48-188 characters that must be a combination of at least three of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********
Set the global temporary-management psk(contains 8-63 plain-text characters, or 48-108 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********
# 在AC上离线导入AP,并将AP加入AP组“ap-group1”中。假设AP的MAC地址为00e0-fc76-e360,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为00e0-fc76-e360的AP部署在1号区域,命名此AP为area_1。 ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。
AP认证模式为不认证时(ap auth-mode no-auth),只要AP接入网络和AC互通,即可自动上线,无需手动添加AP,或者手动对未认证通过的AP信息进行确认,可简化配置过程。但该方式存在安全风险,需确保网络环境安全,网络内无规划外的AP存在,否则建议用户使用更安全的MAC认证或SN认证。
举例中使用的AP,射频0为2.4GHz射频,射频1为5GHz射频。
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc76-e360
[AC-wlan-ap-0] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit