1.基本IP地址和網絡連通性配置

[LSW1]vlan batch 12 15
[LSW1-Vlanif12]ip address 10.1.12.1 24
[LSW1-Vlanif15]ip address 10.1.15.1 24
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 15
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 12
[LSW2]vlan batch 12 24
[LSW2-Vlanif12]ip address 10.1.12.2 24
[LSW2-Vlanif24]ip add 10.1.24.2 24
[LSW2-GigabitEthernet0/0/1]port link-type access
[LSW2-GigabitEthernet0/0/1]port default vlan 12
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 24
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 24
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 24
[LSW1]ospf 1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[LSW2]ospf 1
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.2
[LSW2-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
2.配置AC1
（1）基本IP地址和連通性配置
[AC1]vlan batch 24
[AC1-Vlanif24]ip add 10.1.24.254 24
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 24
[AC1]ospf 1
[AC1-ospf-1]area 0
[AC1-ospf-1-area-0.0.0.0]network 10.1.24.0 0.0.0.255
（2）配置DHCP功能，為接入用戶分配IP地址
[AC1]dhcp enable
[AC1]int Vlanif 24
[AC1-Vlanif24]dhcp select interface

3.配置AP上線
（1）配置域管理模板
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
（2）創建AP組，綁定域管理模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
（3）配置AC源接口
[AC1]capwap source interface Vlanif 24
4.配置AP認證
在AC上離線導入AP，采用默認MAC認證，并加入AP組
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fc71-6c10
[AC1-wlan-ap-0]ap-group ap-group1
[AC1-wlan-ap-0]ap-name ap0

5.配置wlan業務
（1）配置安全模板
[AC1-wlan-view]security-profile name mac_access
（2）配置ssid模板
[AC1-wlan-view]ssid-profile name mac_access
[AC1-wlan-ssid-prof-mac_access]ssid mac_access
（3）配置vap模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]forward-mode tunnel
[AC1-wlan-vap-prof-mac_access]service-vlan vlan-id 24
[AC1-wlan-vap-prof-mac_access]security-profile mac_access
[AC1-wlan-vap-prof-mac_access]ssid-profile mac_access
（4）配置AP組引用VAP模板，設置VAP ID為2，射頻0和1都使用該模板
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile mac_access wlan 2 radio all
（5）檢查配置

6.配置MAC準入控制
（1）配置radius服務器模板
[AC1]radius-server template radius
[AC1-radius-radius]radius-server authentication 10.1.15.5 1812
[AC1-radius-radius]radius-server accounting 10.1.15.5 1813
[AC1-radius-radius]radius-server shared-key cipher ABCabc@123
[AC1-radius-radius]radius-server user-name original
[AC1]radius-server authorization 10.1.15.5 shared-key cipher ABCabc@123
（2）配置AAA認證
[AC1]aaa
[AC1-aaa]authentication-scheme radius
[AC1-aaa-authen-radius]authentication-mode radius
[AC1-aaa]accounting-scheme radius
[AC1-aaa-accounting-radius]accounting-mode radius
（3）創建MAC接入模板
[AC1]mac-access-profile name mac_access_profile
（4）創建認證模板，應用各個模板
[AC1]authentication-profile name mac_authen_profile
[AC1-authentication-profile-mac_authen_profile]mac-access-profile mac_access_profile
[AC1-authentication-profile-mac_authen_profile]authentication-scheme radius
[AC1-authentication-profile-mac_authen_profile]accounting-scheme radius
[AC1-authentication-profile-mac_authen_profile]radius-server radius
（5）應用認證模板
[AC1-wlan-view]vap-profile name mac_access
[AC1-wlan-vap-prof-mac_access]authentication-profile mac_authen_profile
7.Agile Controller配置略

總結

以上是生活随笔為你收集整理的华为设备无线环境中的MAC认证的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。