1.配置各IP地址和路由可达
[LSW1]vlan batch 12 13 15
[LSW1-Vlanif12]ip add 10.1.12.1 24
[LSW1-Vlanif13]ip add 10.1.13.1 24
[LSW1-Vlanif15]ip add 10.1.15.1 24
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 12
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 13
[LSW1-GigabitEthernet0/0/3]port link-type access
[LSW1-GigabitEthernet0/0/3]port default vlan 15
[LSW2]vlan batch 12 14 16
[LSW2-Vlanif12]ip add 10.1.12.2 24
[LSW2-Vlanif14]ip add 10.1.14.2 24
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 12
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 14
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 14
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 14 16
[LSW2]ospf 1
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255
[LSW2-ospf-1-area-0.0.0.0]network 10.1.16.0 0.0.0.255
[LSW1]ospf 1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[AC1]vlan batch 14 16
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 14 16
[AC1-Vlanif14]ip add 10.1.14.254 24
[AC1-Vlanif16]ip add 10.1.16.254 24
[AC1]ospf 1
[AC1-ospf-1]area 0
[AC1-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255
[AC1-ospf-1-area-0.0.0.0]network 10.1.16.0 0.0.0.255
2.在AC上配置DHCP功能,为接入用户分配地址
[AC1]dhcp enable
[AC1-Vlanif14]dhcp select interface
[AC1-Vlanif16]dhcp select interface
3.配置AP上线
(1)配置域管理模板
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code CN
(2)创建AP组
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
(3)配置AC源接口
[AC1]capwap source interface Vlanif 14
4.配置AP认证
(1)在AC上导入AP,采用默认的mac认证,将AP加入AP组
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fcae-2560 ap-id 0
[AC1-wlan-ap-0]ap-group ap-group1
[AC1-wlan-ap-0]ap-name ap0
(2)检查配置:AP状态从fault到normal
5.配置WLAN业务
(1)配置安全模板
[AC1-wlan-view]security-profile name employee1
[AC1-wlan-sec-prof-employee1]security wpa2 dot1x aes
(2)配置SSID模板
[AC1-wlan-view]ssid-profile name employee1
[AC1-wlan-ssid-prof-employee1]ssid employee1
(3)配置vap模板
[AC1-wlan-view]vap-profile name employee1
[AC1-wlan-vap-prof-employee1]forward-mode tunnel //业务转发模式为隧道模式
[AC1-wlan-vap-prof-employee1]security-profile employee1 //引用安全模板
[AC1-wlan-vap-prof-employee1]service-vlan vlan-id 16 //配置业务vlan
[AC1-wlan-vap-prof-employee1]ssid-profile employee1 //引用ssid模板
(4)配置AP组引用vap模板,ap射频0和1都使用vap模板的配置
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile employee1 wlan 1 radio all
6.配置802.1X准入控制
(1)配置radius认证模板
[AC1]radius-server template radius
[AC1-radius-radius]radius-server shared-key cipher ABCabc@123
[AC1-radius-radius]radius-server authentication 10.1.16.6 1812
[AC1-radius-radius]radius-server accounting 10.1.16.6 1813
[AC1]radius-server authorization 10.1.16.6 shared-key cipher ABCabc@123
[AC1-radius-radius]radius-server user-name original
(2)在AAA模式下调用radius模板
[AC1]aaa
[AC1-aaa]authentication-scheme radius
[AC1-aaa-authen-radius]authentication-mode radius
[AC1-aaa-accounting-radius]accounting-mode radius
(3)创建dot1x模板
[AC1]dot1x-access-profile name dot1x_access_profile
7.创建认证模版,并应用dotx、认证、计费方案、radius服务器模板
[AC1]authentication-profile name dot1x_authen_profile
[AC1-authentication-profile-dot1x_authen_profile]dot1x-access-profile dot1x_access_profile
[AC1-authentication-profile-dot1x_authen_profile]authentication-scheme radius
[AC1-authentication-profile-dot1x_authen_profile]accounting-scheme radius
[AC1-authentication-profile-dot1x_authen_profile]radius-server radius
8.在VAP模板下应用认证模板
[AC1]wlan
[AC1-wlan-view]vap-profile name employee1
[AC1-wlan-vap-prof-employee1]authentication-profile dotx_authen_profile
9.配置Agile Controller略