思科AP配置脚本vlan加wpa认证说明

version 12.4

no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RZTELE ! enable secret 5 $1$WlqT$GgLfJfxBeZ.XgGuZfcajP. ! no aaa new-model ! ! dot11 vlan-name v-huiyishi vlan 271 dot11 vlan-name v-test vlan 270 dot11 vlan-name v-wangluobu vlan 263 dot11 vlan-name v-wangyunbu vlan 15 dot11 vlan-name vlan-1 vlan 1 \\给vlan命名 ! dot11 ssid ChinaNet \\定义ssid vlan 1 authentication open guest-mode mbssid guest-mode \\以上不需要认证的配置 ! dot11 ssid HuiYiShi vlan 271 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 0 1234567890 \\以上是wpa认证的配置 ! dot11 ssid WangLuobu vlan 263 authentication open mbssid guest-mode ! dot11 ssid WangYunBu vlan 15 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 0 wangyunbu.pass ! ! ! username Cisco privilege 15 password 0 123456 ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! encryption vlan 15 mode ciphers tkip ! encryption vlan 270 mode ciphers tkip ! encryption vlan 271 mode ciphers tkip 认证的加密配置 ! ssid ChinaNet ! ssid HuiYiShi ! ssid WangLuobu ! ssid WangYunBu \\将ssid应用到端口上 ! mbssid \\启用多ssid功能

station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 no ip route-cache ! interface Dot11Radio0.15 encapsulation dot1Q 15 native \\配置管理vlan要加上native ip address 172.20.63.30 255.255.255.0 no ip route-cache bridge-group 1 \\选择组别（范围是1-255），要和下面的interface FastEthernet0.15一致 bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.263 encapsulation dot1Q 263 ip address 172.20.62.109 255.255.255.240 no ip route-cache bridge-group 255 bridge-group 255 subscriber-loop-control bridge-group 255 port-protected bridge-group 255 block-unknown-source no bridge-group 255 source-learning no bridge-group 255 unicast-flooding bridge-group 255 spanning-disabled ! interface Dot11Radio0.270 encapsulation dot1Q 270 no ip route-cache bridge-group 254 bridge-group 254 subscriber-loop-control bridge-group 254 port-protected bridge-group 254 block-unknown-source no bridge-group 254 source-learning no bridge-group 254 unicast-flooding bridge-group 254 spanning-disabled ! interface Dot11Radio0.271 encapsulation dot1Q 271 no ip route-cache bridge-group 253 bridge-group 253 subscriber-loop-control bridge-group 253 port-protected bridge-group 253 block-unknown-source no bridge-group 253 source-learning no bridge-group 253 unicast-flooding bridge-group 253 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache speed 100 full-duplex ! interface FastEthernet0.1 encapsulation dot1Q 1 no ip route-cache ! interface FastEthernet0.15 encapsulation dot1Q 15 native ip address dhcp no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.263 encapsulation dot1Q 263 ip address 172.20.62.110 255.255.255.240 no ip route-cache bridge-group 255 no bridge-group 255 source-learning bridge-group 255 spanning-disabled ! interface FastEthernet0.270 encapsulation dot1Q 270 no ip route-cache bridge-group 254 no bridge-group 254 source-learning ! interface FastEthernet0.271 encapsulation dot1Q 271 ip address dhcp no ip route-cache bridge-group 253 no bridge-group 253 source-learning bridge-group 253 spanning-disabled ! interface BVI1 ip address 172.20.63.8 255.255.255.0 \\配置管理vlan的ip地址 no ip route-cache ! ip http server no ip http secure-server ip http help-path no cdp run bridge 1 route ip ! ! ! line con 0 password Cisco line vty 0 4 password Cisco login ! end