CISCO无线控制器配置基础合集

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

无线控制器配置基础

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 2 基本配置任务及过程·准备工作1.控制器启动配置和升级控制器软件版本2.熟悉控制器配置界面3.连接AP到控制器上·配置任务1.思科CSSC无线客户端的安装和简单配置2.构建一个OPEN和一个WEP的无线网络3.构建一个简单WEB认证的无线网络4.构建一个支持本地EAP认证的无线网络5.构建一个用ACS做AAA认证的无线网络

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

准备工作

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 4 基本设备·控制器4400或者2100系列·AP：1130或者1240系列·交换机：最好是3560POE交换机

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 5 2100系列无线控制器·支持802.11a/b/g/n·支持PCI认证·WLC2100硬件8个FE口，2个上联口，6个下联口其中2个FE口有以太网供电·未使用端口2个USB端口和一个扩展槽留作将来扩展用*2106和2006不能作为guestaccess的anchorcontroller*不支持LinkAggregation*不能通过软件升级AP容量

NEW!

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 6 4400系列无线控制器·1RU高度2口或者4口千兆上联·支持12,25,50or100AP·支持5000MAC地址转发表·10/100Base-TX以太网ServicePort·9pin串口Console口·2扩展槽和1个utilityport目前未使用·2热插拔电源模块插槽44xxWLANController·型号4402支持12,25,和50AP·型号4404支持100APs*不能通过软件升级AP容量*4400系列使用SFP光纤模块*4400系列每port支持50个AP

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 7 准备工作·网线和Console线。如果是4400，需要两头是DB9接口的线，如果是2106或者ISR，需要DB9+RJ45的线

·如果是4400，需要GLC光纤模块和光纤

·确认控制器版本是否需要升级(用命令showsysinfo查看系统版本)

·是否需要将胖AP升级到瘦AP1200/1100/1300需要upgradetool做升级，1250不需要工具，直接在图形化界面上升级

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 8 实验拓扑示例TRUNKVLAN1/20/30/40fa0/1 port1

WLC说明：

1、VLAN1用于连接控制器、AP和ACS；2、VLAN20用于WPA/WPA2认证，认证服务器用ACS。3、VLAN30用作OPEN/WEP/GUEST客户接入3、VLAN40用作WPA/WPA2认证，认证用本地EAPSSID:VLAN20

SSID:VLAN30

PC//AAA服务器VLAN1所有3层网关设置在3层交换机上，地址254

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 9 启动选项ThecontrollerbootsequencewillalwayshavetheseoptionavailablesincethisissetinPROMtoensurecontrollerrecoveryoptions

按5清空配置

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 10系统启动界面和配置(OS5.1)· Wouldyouliketoterminateautoinstall?[yes]:

· SystemName[Cisco_51:2b:60](31charactersmax):2106-demo· AUTO-INSTALL:processterminated--noconfigurationloaded

· EnterAdministrativeUserName(24charactersmax):cisco· EnterAdministrativePassword(24charactersmax):cisco· Re-enterAdministrativePassword :cisco

· ManagementInterfaceIPAddress:· ManagementInterfaceNetmask:· ManagementInterfaceDefaultRouter:54· ManagementInterfaceVLANIdentifier(0=untagged):· ManagementInterfacePortNum[1to8]:1· ManagementInterfaceDHCPServerIPAddress:54

· APManagerInterfaceIPAddress:· AP-ManagerisonManagementsubnet,usingsamevalues· APManagerInterfaceDHCPServer(54):· VirtualGatewayIPAddress:

· Mobility/RFGroupName:demo

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 11系统启动界面（续）

· EnableSymmetricMobilityTunneling[yes][NO]:yes

· NetworkName(SSID):open· AllowStaticIPAddresses[YES][no]:

· ConfigureaRADIUSServernow?[YES][no]:no· Warning!ThedefaultWLANsecuritypolicyrequiresaRADIUSserver.· Pleaseseedocumentationformoredetails.

· EnterCountryCodelist(enter'help'foralistofcountries)[US]:CN

· Enable802.11bNetwork[YES][no]:· Enable802.11aNetwork[YES][no]:· Enable802.11gNetwork[YES][no]:· EnableAuto-RF[YES][no]:

· ConfigureaNTPservernow?[YES][no]:no· Configurethesystemtimenow?[YES][no]:· EnterthedateinMM/DD/YYformat:09/28/08· EnterthetimeinHH:MM:SSformat:17:11:00

· Configurationcorrect?Ifyes,systemwillsaveitandreset.[yes][NO]:yes

· Configurationsaved!· Resettingsystemwithnewconfiguration...

非常重要，Controller的wireless的domain要和AP一致。

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 12配置3层交换机· pdhcpexcluded-address· ipdhcpexcluded-address54· ipdhcpexcluded-address· ! · ipdhcppoolAP· network192.168.10.0· default-router54· ! · interfaceFastEthernet0/1· switchporttrunkencapsulationdot1q· switchportmodetrunk· ……· interfaceVlan1· ipaddress54· ! · interfaceVlan20· ipaddress54· ! · interfaceVlan30· ipaddress54· ! · interfaceVlan40· ipaddress54· ……· linevty04· privilegelevel15· passwordcisco· login

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 13配置WEB访问1、使用直通网线，连接交换机的trunk接口到控制器端口1

2、配置PC机的IP地址00/24或者DHCP，网关54

3、测试PC能否Ping通Controller的地址：

3、用访问控制器，如果要开启http访问，需要在系统里打开。

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 14使用IE浏览器进行WEB访问

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 15如果要升级控制器系统软件·tftp服务器推荐tftpd32·tftpd32.·支持64M以上文件传输

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 16在CCO上下载新版本

支持室内室外mesh版本

支持802.11n和其他新功能的普通版本/kobayashi/sw-center/sw-wireless.shtml

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 17UpgradePathtoControllerSoftware

Release5.0.148

.0orabove

注意：由于配置存储格式不同，从3.x-4.x升级到5.x后，原来的部分配置可能丢失

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 18UpgradePathtoControllerSoftwareRelease

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 19控制器软件升级——命令行方式·Step1.pingserver-ip-address测试控制器与TFTPserver的连通性·Step2.transferdownloadmodetftp设置传输使用的协议：tftp·Step3.transferdownloaddatatypecode设置传输的数据类型·Step4.transferdownloadserveripserver-ip-address指定tftpserver的IP地址·Step5.transferdownloadfilenamefilename制定Image的文件名·Step6.transferdownloadstart开始传输文件，确认时如果回答No,则显示TFTP的参数设置·Step7.resetsystemWLC的系统重新启动注：TFTP服务器软件推荐tftpd32，可以在网上免费下载，支持64M以上大文件传输

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 20控制器软件升级——图形界面电脑上设置好Tftp软件；填入Tftp地址和文件名后，选择右侧的download按钮开始。完成后按提示reboot。

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

熟悉无线控制器Controller配置界面

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 22命令行(CLI)基本命令cisco

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 23命令行(CLI)“clear”Commands

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 24命令行(CLI)“config”Commands……andmore

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 25命令行(CLI)“debug”Command

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 26命令行(CLI)“help”Commands

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 27命令行(CLI)“show”Commands

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 28命令行(CLI)“transfer”Commands

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 29使用IE浏览器进行WEB访问

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 30控制器上查看和设置无线网络SSID

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 31控制器配置页面

配置接口

配置控制器做DHCP服务定义器线组

参看和配置端口

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 32配置接口页面

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 33设置控制器做DHCP服务器

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 34定义移动组

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 35设置端口页面

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 36多个控制器时，设定主控制器

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 37点击WIRELESS/ALLAPs

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 38安全页面

Radius服务器配置

本地用户数据库

MAC地址过滤

WEB认证相关配置

本地EAP

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 39管理界面

定义能够进行Controller管理的管理用户

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 40控制器维护管理界面

系统和配置文件的上传、下载配置

控制器软重启

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 41AP射频模块配置界面

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 42AP发射功率调节(AP1131)·TxPower· NumOfSupportedPowerLevels.............6· TxPowerLevel1..........................14dBm· TxPowerLevel2..........................11dBm· TxPowerLevel3..........................8dBm· TxPowerLevel4..........................5dBm· TxPowerLevel5..........................2dBm· TxPowerLevel6..........................-1dBmAP1242的level1是17dBm

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 435.1版本对HA的增强

Failover等级全局HA配置Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

连接AP到控制器

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 45Controller里的Port还有Vlan以及Interface的对应关系·Controller必需配置的接口带内管理接口—“ManagementInterface”LWAPPTunnel终结接口—“APManagerInterface”桥接的无线客户端接口—“DynamicInterfaces”.二三层漫游而设的虚拟接口—“VirtualInterface”·可选接口:服务接口—带外管理接口*2100系列和WLCM没有serviceport

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 46确认控制器国家版本与AP一致目前版本支持同时支持多国家

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 47确认时间配置无误

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 48在路由器或者3层交换机设置DHCP在AP和控制器不在同一网段的情况下，建立AP能够获取IPAddress的地址池，加上Option43

WLC-router(config)#ipdhcppoolLWAPP-APWLC-router(dhcp-config)#network192.168.10.0WLC-router(dhcp-config)#default-router54WLC-router(dhcp-config)#option43ascii"“

//很重要！通过Option43可以让AP在获取和控制器不同网段IPAddress的时候，能够知道Controller的所在。如果AP和控制器在一个网段和广播域，则可以不配置option43

WLC-router(dhcp-config)#exit

WLC-router(config)#ipdhcpexcluded-address54

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 49在IOS设备配置Option43·对于1000/1500系列，直接写option43ascii“,0“

·对于1100和1200，需要写option60和option43·假设要连接1240，控制器地址为和0ipdhcppoolAPnetwork192.168.10.0/24default-router54dns-server00option60ascii“CiscoAPc1240“option43hexf108c0a80a05c0a80a14

option43的配置详见/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtmlVCIString1130的是CiscoAPc1130

类型=f1 长度=2x4=08 0

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 50可以在console上打开debug观察AP加入情况· (CiscoController)>debuglwappeventsenable

· (CiscoController)>*Oct0419:20:19.154:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:60onport'8'· *Oct0419:20:19.154:Receivedapacketwhichisa(type=DISCOVERY_REQUEST)withsessionid0· *Oct0419:20:19.154:JoinPriorityProcessingstatus=0,IncomingAp'sPriority1,MaxLrads=6,joinedAps=0· *Oct0419:20:19.155:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8· *Oct0419:20:19.156:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50toff:ff:ff:ff:ff:ffonport'8'· *Oct0419:20:19.156:Receivedapacketwhichisa(type=DISCOVERY_REQUEST)withsessionid0· *Oct0419:20:19.156:JoinPriorityProcessingstatus=0,IncomingAp'sPriority1,MaxLrads=6,joinedAps=0· *Oct0419:20:19.156:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8· *Oct0419:20:31.162:00:1a:e3:d0:19:50ReceivedLWAPPJOINREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:67onport'8'· *Oct0419:20:31.162:Receivedapacketwhichisa(type=JOIN_REQUEST)withsessionid0· *Oct0419:20:31.177:00:1a:e3:d0:19:50APAP001b.5302.28f8:txNonce00:1E:13:51:2B:60rxNonce00:1A:E3:D0:19:50· *Oct0419:20:31.177:00:1a:e3:d0:19:50LWAPPJoinRequestMTUpathfromAP00:1a:e3:d0:19:50is1500,remotedebugmodeis0· *Oct0419:20:31.177:DTLAddingAP1-0· *Oct0419:20:31.177:00:1a:e3:d0:19:50SuccessfullyaddedNPUEntryforAP00:1a:e3:d0:19:50(index1)· SwitchIP:,SwitchPort:12223,intIfNum8,vlanId0· APIP:0,APPort:8847,nex· *Oct0419:20:31.911:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPJoinReplytoAP00:1a:e3:d0:19:50· *Oct0419:20:31.912:00:1a:e3:d0:19:50spam_lrad.c:1589-OperationState0===>4· *Oct0419:20:31.913:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot0· *Oct0419:20:31.914:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot1· *Oct0419:20:33.192:00:1a:e3:d0:19:50ReceivedLWAPPCONFIGUREREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:67· *Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIPinfoforAP00:1a:e3:d0:19:50--static0,0/,gtw54· *Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIP0===>0forAP00:1a:e3:d0:19:50· *Oct0419:20:33.194:00:1b:53:02:28:f8BuildingConfigResponseMsgfor00:1b:53:02:28:f8

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 51确认AP连接到控制器图形界面命令行Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

CSSC无线客户端

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 53

802.11无线客户端概述

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 54无线客户端建议·由于企业内笔记本电脑牌子比较多，建议客户端使用CiscoCSSC软件，使用CSSC软件的好处如下：· 1.整个公司笔记本电脑统一的平台，方便管理和下发策略。CSSC带有部署工具，制订好策略后容易部署（如果是Windows平台的话，还要配置相关的参数）

·3.CSSC软件支持CiscoNAC网络准入控制技术.

·4.建议新购买的笔记本电脑采用统一的品牌（方便管理），旧的笔记本电脑如果没有无线网卡的话，建议统一使用Cisco的CB21AG（支持AES强加密）,Cisco还提供专门为台式机使用的无线网卡：AIR-PI21AG。·5.Cisco倡导了CCX（各厂家笔记本电脑和CiscoAP兼容性测试）计划，可以从下面的链接知道哪些笔记本电脑的型号是CCX计划里面的成员。

/web/partners/pr46/pr147/partners_pgm_partners_0900aecd800a7907.html

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 55CiscoSSC客户端软件的安装

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 56CSSC连接的简单设置

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

构建一个OPEN和一个WEP的无线网络

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 58配置一个无线业务的基本步骤·配置无线客户端的DHCP服务器·配置一个无线网络接口dynamicinterface·配置一个无线业务WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 59AP的初始化在WLC上可以通过使用ctrl+Shift+6的组合键，切换到ISR路由器的界面把AP连接在InterSwitch模块上WLC-router(config)#intvlan1WLC-router(config-if)#noshutWLC-router(config-if)#ipadd54WLC-router(config-if)#exitWLC-router(config)#intrangefastWLC-router(config)#intrangefastEthernet0/1/0–8WLC-router(config-if-range)#switchportWLC-router(config-if-range)#switchportaccessvlan1WLC-router(config-if-range)#noshut

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 601、为客户端建立DHCP服务器

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 612、为无线客户端建立一个无线接口

点击APPLY

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 622、建立Guest无线接口:VLAN20

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 63查看建立的接口

点击可以进行VLAN20接口的参数修改

如果想建立更多的接口，可以继续点击NEW设置新接口点击可以删除

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 643、建立一个open的访客WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 653、建立一个open的访客WLAN

很重要！很容易被忘记

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 663、建立一个open的访客WLAN选择None，不对无线网络有任何加密和限制

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 67WLAN增强特性配置

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 68无线客户端连接测试

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 69更改刚才的WLAN为WEP加密

40位WEP要求5位ASCII字符密码104位WEP要求13位ASCII字符密码CiscoAironet1100/1200/1300不支持128位WEP

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 70无线连接验证

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

构建一个简单WEB认证的无线接入网络

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 72构建一个简单WEB认证的无线网络1.增加一个新的地址池2.增加一个新的接口3.配置web页面认证的本地页面4.增加web认证的WLAN5.建立本地用户认证数据库

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 731、新建一个用于WEB认证用户的地址池

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 742、控制器添加一个VLAN30接口

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 753、配置web页面认证的本地页面

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 764、新建一个WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 774、新建一个WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 785、定义内部认证用户数据库

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 79验证WEB认证跟前面一样，在CSSC的ManageNetwork中，选择并激活web-auth

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 80web界面认证的验证·在浏览器里输入类似0地址（因为没有DNS，所以不能输入网址）

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 81web界面认证的验证

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

构建一个支持本地EAP认证的无线接入网络

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 83构建一个支持WPA认证的网络1.增加一个新的地址池2.增加一个新的动态接口3.添加本地EAP支持或者AAA服务器（Radius服务器）4.建立一个新的WLANSSID5.配置WPA/WPA2认证6.设置CSSC客户端软件

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 841、新建一个地址池

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 852、控制器添加一个VLAN40接口

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 863、增加本地EAP支持

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 873、本地EAP的profile配置

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 884、新建一个WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 894、新建一个WLAN

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 905、配置WPA/WPA2

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 915、配置本地EAP认证支持

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 926、设置CSSC软件，添加SSID

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

构建一个用ACS做AAA认证的无线接入网络

Presentation_ID ©2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 94ACS相关配置名词解释·Posture·ACS–AccessControlServer·NAP–NetworkAccessProfile·NAF–NetworkAccessFilter·NAD–NetworkAccessDevice·NDG–NetworkDeviceGroup·PA–PostureAgent·PV–PostureValidation·RAC–RadiusAuthorizationComponent·DACL–DynamicAccessControlList·ADF–AttributeDefinitionFile

Presentation_ID ©2006CiscoSystems