本帖最后由 huangpeng0903 于 2015-3-20 11:44 编辑 由于是远程预配置的,今天客户现场验证失败。2602的胖AP,要求放出4个SSID在不同的VLAN,SSID和Radio接口都配置好了,验证也都做好了,BVI1口是手动配置的MGMT VLAN的一个地址。在客户现场与AP相连的是juniper的交换机,按照要求把相连的口开了Trunk,DHCP都是在交换机上做的,可是连接上后发现APping不同网络中的任何一个地址也就是无法与AP通信。客户端连接上也获取不到地址。。AP上没有做DHCP,其中一个SSID是通过VPN做远程RADIUS认证的,网络都是不通的可是却获取到了一个10.136.150网段的地址。。现在想明白的是BVI口的地址应该是属于哪个VLAN的需要做什么标记吗? AP中的Native VLAN是什么意思是否要和交换机指定的一样配置(看过很多配置没有写Native)。 目前情况也就是有5个VLAN(4个SSID的,一个MGMT的),Radio 0和1以及G0都开了相应的子接口并做了封装(MGMT的没做因为只是BVI口的地址)。希望大神给个建议和解答~另这种情况下我应该怎么部署实现最好?谢谢!
下面是部分配置给大家参考:
dot11 syslog
dot11 vlan-name BDS_02_GUEST01 vlan 210
dot11 vlan-name BDS_02_WIRELESS01 vlan 150
dot11 vlan-name BDS_02_WIRELESS02 vlan 152
dot11 vlan-name BDS_02_WIRELESS03 vlan 154
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 152 mode ciphers aes-ccm tkip
!
encryption vlan 154 mode ciphers aes-ccm tkip
!
ssid BonfiglioliEmployee
!
ssid BonfiglioliGuest
!
ssid BonfiglioliMobile
!
ssid BonfiglioliWH
!
antenna gain 0
stbc
mbssid
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.150
encapsulation dot1Q 150
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 spanning-disabled
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
!
interface Dot11Radio0.152
encapsulation dot1Q 152
bridge-group 152
bridge-group 152 subscriber-loop-control
bridge-group 152 spanning-disabled
bridge-group 152 block-unknown-source
no bridge-group 152 source-learning
no bridge-group 152 unicast-flooding
!
interface Dot11Radio0.154
encapsulation dot1Q 154
bridge-group 154
bridge-group 154 subscriber-loop-control
bridge-group 154 spanning-disabled
bridge-group 154 block-unknown-source
no bridge-group 154 source-learning
no bridge-group 154 unicast-flooding
!
interface Dot11Radio0.210
encapsulation dot1Q 210
bridge-group 210
bridge-group 210 subscriber-loop-control
bridge-group 210 spanning-disabled
bridge-group 210 block-unknown-source
no bridge-group 210 source-learning
no bridge-group 210 unicast-flooding
ip admission webauth
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
no bridge-group 150 source-learning
!
interface GigabitEthernet0.152
encapsulation dot1Q 152
no ip route-cache
bridge-group 152
bridge-group 152 spanning-disabled
no bridge-group 152 source-learning
!
interface GigabitEthernet0.154
encapsulation dot1Q 154
no ip route-cache
bridge-group 154
bridge-group 154 spanning-disabled
no bridge-group 154 source-learning
!
interface GigabitEthernet0.210
encapsulation dot1Q 210
no ip route-cache
bridge-group 210
bridge-group 210 spanning-disabled
no bridge-group 210 source-learning
!
interface BVI1
mac-address f8c2.8838.a236
ip address 10.137.16.3 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eagip radius source-interface BVI1
!
!
!
radius-server attribute 32 include-in-access-req format %h
!
radius server AD2BDS
address ipv4 10.136.4.7 auth-port 1645 acct-port 1646
key 7 072D2E42483A315747435A4F
!
bridge 1 route ip
!
