Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

無線控制器配置基礎(chǔ)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 2 基本配置任務(wù)及過程·準(zhǔn)備工作1.控制器啟動(dòng)配置和升級控制器軟件版本2.熟悉控制器配置界面3.連接AP到控制器上·配置任務(wù)1.思科CSSC無線客戶端的安裝和簡單配置2.構(gòu)建一個(gè)OPEN和一個(gè)WEP的無線網(wǎng)絡(luò)3.構(gòu)建一個(gè)簡單WEB認(rèn)證的無線網(wǎng)絡(luò)4.構(gòu)建一個(gè)支持本地EAP認(rèn)證的無線網(wǎng)絡(luò)5.構(gòu)建一個(gè)用ACS做AAA認(rèn)證的無線網(wǎng)絡(luò)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

準(zhǔn)備工作

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 4 基本設(shè)備·控制器4400或者2100系列·AP：1130或者1240系列·交換機(jī)：最好是3560POE交換機(jī)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 5 2100系列無線控制器·支持802.11a/b/g/n·支持PCI認(rèn)證·WLC2100硬件8個(gè)FE口，2個(gè)上聯(lián)口，6個(gè)下聯(lián)口其中2個(gè)FE口有以太網(wǎng)供電·未使用端口2個(gè)USB端口和一個(gè)擴(kuò)展槽留作將來擴(kuò)展用*2106和2006不能作為guestaccess的anchorcontroller*不支持LinkAggregation*不能通過軟件升級AP容量

NEW!

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 6 4400系列無線控制器·1RU高度2口或者4口千兆上聯(lián)·支持12,25,50or100AP·支持5000MAC地址轉(zhuǎn)發(fā)表·10/100Base-TX以太網(wǎng)ServicePort·9pin串口Console口·2擴(kuò)展槽和1個(gè)utilityport目前未使用·2熱插拔電源模塊插槽44xxWLANController·型號4402支持12,25,和50AP·型號4404支持100APs*不能通過軟件升級AP容量*4400系列使用SFP光纖模塊*4400系列每port支持50個(gè)AP

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 7 準(zhǔn)備工作·網(wǎng)線和Console線。如果是4400，需要兩頭是DB9接口的線，如果是2106或者ISR，需要DB9+RJ45的線

·如果是4400，需要GLC光纖模塊和光纖

·確認(rèn)控制器版本是否需要升級(用命令showsysinfo查看系統(tǒng)版本)

·是否需要將胖AP升級到瘦AP1200/1100/1300需要upgradetool做升級，1250不需要工具，直接在圖形化界面上升級

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 8 實(shí)驗(yàn)拓?fù)涫纠齌RUNKVLAN1/20/30/40fa0/1 port1

WLC說明：

1、VLAN1用于連接控制器、AP和ACS；2、VLAN20用于WPA/WPA2認(rèn)證，認(rèn)證服務(wù)器用ACS。3、VLAN30用作OPEN/WEP/GUEST客戶接入3、VLAN40用作WPA/WPA2認(rèn)證，認(rèn)證用本地EAPSSID:VLAN20

SSID:VLAN30

PC//AAA服務(wù)器VLAN1所有3層網(wǎng)關(guān)設(shè)置在3層交換機(jī)上，地址254

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 9 啟動(dòng)選項(xiàng)ThecontrollerbootsequencewillalwayshavetheseoptionavailablesincethisissetinPROMtoensurecontrollerrecoveryoptions

按5清空配置

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 10系統(tǒng)啟動(dòng)界面和配置(OS5.1)· Wouldyouliketoterminateautoinstall?[yes]:

· SystemName[Cisco_51:2b:60](31charactersmax):2106-demo· AUTO-INSTALL:processterminated--noconfigurationloaded

· EnterAdministrativeUserName(24charactersmax):cisco· EnterAdministrativePassword(24charactersmax):cisco· Re-enterAdministrativePassword :cisco

· ManagementInterfaceIPAddress:· ManagementInterfaceNetmask:· ManagementInterfaceDefaultRouter:54· ManagementInterfaceVLANIdentifier(0=untagged):· ManagementInterfacePortNum[1to8]:1· ManagementInterfaceDHCPServerIPAddress:54

· APManagerInterfaceIPAddress:· AP-ManagerisonManagementsubnet,usingsamevalues· APManagerInterfaceDHCPServer(54):· VirtualGatewayIPAddress:

· Mobility/RFGroupName:demo

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 11系統(tǒng)啟動(dòng)界面（續(xù)）

· EnableSymmetricMobilityTunneling[yes][NO]:yes

· NetworkName(SSID):open· AllowStaticIPAddresses[YES][no]:

· ConfigureaRADIUSServernow?[YES][no]:no· Warning!ThedefaultWLANsecuritypolicyrequiresaRADIUSserver.· Pleaseseedocumentationformoredetails.

· EnterCountryCodelist(enter'help'foralistofcountries)[US]:CN

· Enable802.11bNetwork[YES][no]:· Enable802.11aNetwork[YES][no]:· Enable802.11gNetwork[YES][no]:· EnableAuto-RF[YES][no]:

· ConfigureaNTPservernow?[YES][no]:no· Configurethesystemtimenow?[YES][no]:· EnterthedateinMM/DD/YYformat:09/28/08· EnterthetimeinHH:MM:SSformat:17:11:00

· Configurationcorrect?Ifyes,systemwillsaveitandreset.[yes][NO]:yes

· Configurationsaved!· Resettingsystemwithnewconfiguration...

非常重要，Controller的wireless的domain要和AP一致。

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 12配置3層交換機(jī)· pdhcpexcluded-address· ipdhcpexcluded-address54· ipdhcpexcluded-address· ! · ipdhcppoolAP· network192.168.10.0· default-router54· ! · interfaceFastEthernet0/1· switchporttrunkencapsulationdot1q· switchportmodetrunk· ……· interfaceVlan1· ipaddress54· ! · interfaceVlan20· ipaddress54· ! · interfaceVlan30· ipaddress54· ! · interfaceVlan40· ipaddress54· ……· linevty04· privilegelevel15· passwordcisco· login

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 13配置WEB訪問1、使用直通網(wǎng)線，連接交換機(jī)的trunk接口到控制器端口1

2、配置PC機(jī)的IP地址00/24或者DHCP，網(wǎng)關(guān)54

3、測試PC能否Ping通Controller的地址：

3、用訪問控制器，如果要開啟http訪問，需要在系統(tǒng)里打開。

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 14使用IE瀏覽器進(jìn)行WEB訪問

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 15如果要升級控制器系統(tǒng)軟件·tftp服務(wù)器推薦tftpd32·tftpd32.·支持64M以上文件傳輸

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 16在CCO上下載新版本

支持室內(nèi)室外mesh版本

支持802.11n和其他新功能的普通版本/kobayashi/sw-center/sw-wireless.shtml

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 17UpgradePathtoControllerSoftware

Release5.0.148

.0orabove

注意：由于配置存儲(chǔ)格式不同，從3.x-4.x升級到5.x后，原來的部分配置可能丟失

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 18UpgradePathtoControllerSoftwareRelease

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 19控制器軟件升級——命令行方式·Step1.pingserver-ip-address測試控制器與TFTPserver的連通性·Step2.transferdownloadmodetftp設(shè)置傳輸使用的協(xié)議：tftp·Step3.transferdownloaddatatypecode設(shè)置傳輸?shù)臄?shù)據(jù)類型·Step4.transferdownloadserveripserver-ip-address指定tftpserver的IP地址·Step5.transferdownloadfilenamefilename制定Image的文件名·Step6.transferdownloadstart開始傳輸文件，確認(rèn)時(shí)如果回答No,則顯示TFTP的參數(shù)設(shè)置·Step7.resetsystemWLC的系統(tǒng)重新啟動(dòng)注：TFTP服務(wù)器軟件推薦tftpd32，可以在網(wǎng)上免費(fèi)下載，支持64M以上大文件傳輸

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 20控制器軟件升級——圖形界面電腦上設(shè)置好Tftp軟件；填入Tftp地址和文件名后，選擇右側(cè)的download按鈕開始。完成后按提示reboot。

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

熟悉無線控制器Controller配置界面

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 22命令行(CLI)基本命令cisco

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 23命令行(CLI)“clear”Commands

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 24命令行(CLI)“config”Commands……andmore

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 25命令行(CLI)“debug”Command

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 26命令行(CLI)“help”Commands

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 27命令行(CLI)“show”Commands

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 28命令行(CLI)“transfer”Commands

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 29使用IE瀏覽器進(jìn)行WEB訪問

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 30控制器上查看和設(shè)置無線網(wǎng)絡(luò)SSID

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 31控制器配置頁面

配置接口

配置控制器做DHCP服務(wù)定義器線組

參看和配置端口

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 32配置接口頁面

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 33設(shè)置控制器做DHCP服務(wù)器

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 34定義移動(dòng)組

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 35設(shè)置端口頁面

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 36多個(gè)控制器時(shí)，設(shè)定主控制器

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 37點(diǎn)擊WIRELESS/ALLAPs

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 38安全頁面

Radius服務(wù)器配置

本地用戶數(shù)據(jù)庫

MAC地址過濾

WEB認(rèn)證相關(guān)配置

本地EAP

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 39管理界面

定義能夠進(jìn)行Controller管理的管理用戶

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 40控制器維護(hù)管理界面

系統(tǒng)和配置文件的上傳、下載配置

控制器軟重啟

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 41AP射頻模塊配置界面

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 42AP發(fā)射功率調(diào)節(jié)(AP1131)·TxPower· NumOfSupportedPowerLevels.............6· TxPowerLevel1..........................14dBm· TxPowerLevel2..........................11dBm· TxPowerLevel3..........................8dBm· TxPowerLevel4..........................5dBm· TxPowerLevel5..........................2dBm· TxPowerLevel6..........................-1dBmAP1242的level1是17dBm

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 435.1版本對HA的增強(qiáng)

Failover等級全局HA配置Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

連接AP到控制器

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 45Controller里的Port還有Vlan以及Interface的對應(yīng)關(guān)系·Controller必需配置的接口帶內(nèi)管理接口—“ManagementInterface”LWAPPTunnel終結(jié)接口—“APManagerInterface”橋接的無線客戶端接口—“DynamicInterfaces”.二三層漫游而設(shè)的虛擬接口—“VirtualInterface”·可選接口:服務(wù)接口—帶外管理接口*2100系列和WLCM沒有serviceport

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 46確認(rèn)控制器國家版本與AP一致目前版本支持同時(shí)支持多國家

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 47確認(rèn)時(shí)間配置無誤

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 48在路由器或者3層交換機(jī)設(shè)置DHCP在AP和控制器不在同一網(wǎng)段的情況下，建立AP能夠獲取IPAddress的地址池，加上Option43

WLC-router(config)#ipdhcppoolLWAPP-APWLC-router(dhcp-config)#network192.168.10.0WLC-router(dhcp-config)#default-router54WLC-router(dhcp-config)#option43ascii"“

//很重要！通過Option43可以讓AP在獲取和控制器不同網(wǎng)段IPAddress的時(shí)候，能夠知道Controller的所在。如果AP和控制器在一個(gè)網(wǎng)段和廣播域，則可以不配置option43

WLC-router(dhcp-config)#exit

WLC-router(config)#ipdhcpexcluded-address54

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 49在IOS設(shè)備配置Option43·對于1000/1500系列，直接寫option43ascii“,0“

·對于1100和1200，需要寫option60和option43·假設(shè)要連接1240，控制器地址為和0ipdhcppoolAPnetwork192.168.10.0/24default-router54dns-server00option60ascii“CiscoAPc1240“option43hexf108c0a80a05c0a80a14

option43的配置詳見/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtmlVCIString1130的是CiscoAPc1130

類型=f1 長度=2x4=08 0

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 50可以在console上打開debug觀察AP加入情況· (CiscoController)>debuglwappeventsenable

· (CiscoController)>*Oct0419:20:19.154:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:60onport'8'· *Oct0419:20:19.154:Receivedapacketwhichisa(type=DISCOVERY_REQUEST)withsessionid0· *Oct0419:20:19.154:JoinPriorityProcessingstatus=0,IncomingAp'sPriority1,MaxLrads=6,joinedAps=0· *Oct0419:20:19.155:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8· *Oct0419:20:19.156:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50toff:ff:ff:ff:ff:ffonport'8'· *Oct0419:20:19.156:Receivedapacketwhichisa(type=DISCOVERY_REQUEST)withsessionid0· *Oct0419:20:19.156:JoinPriorityProcessingstatus=0,IncomingAp'sPriority1,MaxLrads=6,joinedAps=0· *Oct0419:20:19.156:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8· *Oct0419:20:31.162:00:1a:e3:d0:19:50ReceivedLWAPPJOINREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:67onport'8'· *Oct0419:20:31.162:Receivedapacketwhichisa(type=JOIN_REQUEST)withsessionid0· *Oct0419:20:31.177:00:1a:e3:d0:19:50APAP001b.5302.28f8:txNonce00:1E:13:51:2B:60rxNonce00:1A:E3:D0:19:50· *Oct0419:20:31.177:00:1a:e3:d0:19:50LWAPPJoinRequestMTUpathfromAP00:1a:e3:d0:19:50is1500,remotedebugmodeis0· *Oct0419:20:31.177:DTLAddingAP1-0· *Oct0419:20:31.177:00:1a:e3:d0:19:50SuccessfullyaddedNPUEntryforAP00:1a:e3:d0:19:50(index1)· SwitchIP:,SwitchPort:12223,intIfNum8,vlanId0· APIP:0,APPort:8847,nex· *Oct0419:20:31.911:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPJoinReplytoAP00:1a:e3:d0:19:50· *Oct0419:20:31.912:00:1a:e3:d0:19:50spam_lrad.c:1589-OperationState0===>4· *Oct0419:20:31.913:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot0· *Oct0419:20:31.914:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot1· *Oct0419:20:33.192:00:1a:e3:d0:19:50ReceivedLWAPPCONFIGUREREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:67· *Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIPinfoforAP00:1a:e3:d0:19:50--static0,0/,gtw54· *Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIP0===>0forAP00:1a:e3:d0:19:50· *Oct0419:20:33.194:00:1b:53:02:28:f8BuildingConfigResponseMsgfor00:1b:53:02:28:f8

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 51確認(rèn)AP連接到控制器圖形界面命令行Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

CSSC無線客戶端

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 53

802.11無線客戶端概述

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 54無線客戶端建議·由于企業(yè)內(nèi)筆記本電腦牌子比較多，建議客戶端使用CiscoCSSC軟件，使用CSSC軟件的好處如下：· 1.整個(gè)公司筆記本電腦統(tǒng)一的平臺(tái)，方便管理和下發(fā)策略。CSSC帶有部署工具，制訂好策略后容易部署（如果是Windows平臺(tái)的話，還要配置相關(guān)的參數(shù)）

·3.CSSC軟件支持CiscoNAC網(wǎng)絡(luò)準(zhǔn)入控制技術(shù).

·4.建議新購買的筆記本電腦采用統(tǒng)一的品牌（方便管理），舊的筆記本電腦如果沒有無線網(wǎng)卡的話，建議統(tǒng)一使用Cisco的CB21AG（支持AES強(qiáng)加密）,Cisco還提供專門為臺(tái)式機(jī)使用的無線網(wǎng)卡：AIR-PI21AG?！?.Cisco倡導(dǎo)了CCX（各廠家筆記本電腦和CiscoAP兼容性測試）計(jì)劃，可以從下面的鏈接知道哪些筆記本電腦的型號是CCX計(jì)劃里面的成員。

/web/partners/pr46/pr147/partners_pgm_partners_0900aecd800a7907.html

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 55CiscoSSC客戶端軟件的安裝

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 56CSSC連接的簡單設(shè)置

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

構(gòu)建一個(gè)OPEN和一個(gè)WEP的無線網(wǎng)絡(luò)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 58配置一個(gè)無線業(yè)務(wù)的基本步驟·配置無線客戶端的DHCP服務(wù)器·配置一個(gè)無線網(wǎng)絡(luò)接口dynamicinterface·配置一個(gè)無線業(yè)務(wù)WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 59AP的初始化在WLC上可以通過使用ctrl+Shift+6的組合鍵，切換到ISR路由器的界面把AP連接在InterSwitch模塊上WLC-router(config)#intvlan1WLC-router(config-if)#noshutWLC-router(config-if)#ipadd54WLC-router(config-if)#exitWLC-router(config)#intrangefastWLC-router(config)#intrangefastEthernet0/1/0–8WLC-router(config-if-range)#switchportWLC-router(config-if-range)#switchportaccessvlan1WLC-router(config-if-range)#noshut

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 601、為客戶端建立DHCP服務(wù)器

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 612、為無線客戶端建立一個(gè)無線接口

點(diǎn)擊APPLY

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 622、建立Guest無線接口:VLAN20

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 63查看建立的接口

點(diǎn)擊可以進(jìn)行VLAN20接口的參數(shù)修改

如果想建立更多的接口，可以繼續(xù)點(diǎn)擊NEW設(shè)置新接口點(diǎn)擊可以刪除

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 643、建立一個(gè)open的訪客WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 653、建立一個(gè)open的訪客WLAN

很重要！很容易被忘記

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 663、建立一個(gè)open的訪客WLAN選擇None，不對無線網(wǎng)絡(luò)有任何加密和限制

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 67WLAN增強(qiáng)特性配置

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 68無線客戶端連接測試

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 69更改剛才的WLAN為WEP加密

40位WEP要求5位ASCII字符密碼104位WEP要求13位ASCII字符密碼CiscoAironet1100/1200/1300不支持128位WEP

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 70無線連接驗(yàn)證

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

構(gòu)建一個(gè)簡單WEB認(rèn)證的無線接入網(wǎng)絡(luò)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 72構(gòu)建一個(gè)簡單WEB認(rèn)證的無線網(wǎng)絡(luò)1.增加一個(gè)新的地址池2.增加一個(gè)新的接口3.配置web頁面認(rèn)證的本地頁面4.增加web認(rèn)證的WLAN5.建立本地用戶認(rèn)證數(shù)據(jù)庫

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 731、新建一個(gè)用于WEB認(rèn)證用戶的地址池

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 742、控制器添加一個(gè)VLAN30接口

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 753、配置web頁面認(rèn)證的本地頁面

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 764、新建一個(gè)WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 774、新建一個(gè)WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 785、定義內(nèi)部認(rèn)證用戶數(shù)據(jù)庫

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 79驗(yàn)證WEB認(rèn)證跟前面一樣，在CSSC的ManageNetwork中，選擇并激活web-auth

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 80web界面認(rèn)證的驗(yàn)證·在瀏覽器里輸入類似0地址（因?yàn)闆]有DNS，所以不能輸入網(wǎng)址）

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 81web界面認(rèn)證的驗(yàn)證

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

構(gòu)建一個(gè)支持本地EAP認(rèn)證的無線接入網(wǎng)絡(luò)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 83構(gòu)建一個(gè)支持WPA認(rèn)證的網(wǎng)絡(luò)1.增加一個(gè)新的地址池2.增加一個(gè)新的動(dòng)態(tài)接口3.添加本地EAP支持或者AAA服務(wù)器（Radius服務(wù)器）4.建立一個(gè)新的WLANSSID5.配置WPA/WPA2認(rèn)證6.設(shè)置CSSC客戶端軟件

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 841、新建一個(gè)地址池

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 852、控制器添加一個(gè)VLAN40接口

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 863、增加本地EAP支持

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 873、本地EAP的profile配置

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 884、新建一個(gè)WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 894、新建一個(gè)WLAN

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 905、配置WPA/WPA2

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 915、配置本地EAP認(rèn)證支持

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 926、設(shè)置CSSC軟件，添加SSID

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 1

PresentationTitleSize30PTOption2:Live

構(gòu)建一個(gè)用ACS做AAA認(rèn)證的無線接入網(wǎng)絡(luò)

Presentation_ID ?2006CiscoSystems,Inc.Allrightsreserved. CiscoConfidential 94ACS相關(guān)配置名詞解釋·Posture·ACS–AccessControlServer·NAP–NetworkAccessProfile·NAF–NetworkAccessFilter·NAD–NetworkAccessDevice·NDG–NetworkDeviceGroup·PA–PostureAgent·PV–PostureValidation·RAC–RadiusAuthorizationComponent·DACL–DynamicAccessControlList·ADF–AttributeDefinitionFile

Presentation_ID ?2006CiscoSystems