《CISCO无线AP配置手册PPT110页》由会员分享,可在线阅读,更多相关《CISCO无线AP配置手册PPT110页(111页珍藏版)》请在金锄头文库上搜索。
1、2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID1无线控制器配置基础无线控制器配置基础Xiaogang Wu2008.102006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID2基本配置任务及过程基本配置任务及过程准备工作1.控制器启动配置和升级控制器软件版本控制器启动配置和升级控制器软件版本2.熟悉控制器配置界面熟悉控制器配置界面3. 连接连接AP到控制器上到控制器上配置任务1.思科思科CSSC无线客户端的安装和
2、简单配置无线客户端的安装和简单配置2.构建一个构建一个OPEN和一个和一个WEP的无线网络的无线网络3.构建一个简单构建一个简单WEB认证的无线网络认证的无线网络4.构建一个支持本地构建一个支持本地EAP认证的无线网络认证的无线网络5.构建一个用构建一个用ACS做做AAA认证的无线网络认证的无线网络2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID3PresentationTitleSize30PTOption2:Live准备工作2006CiscoSystems,Inc.Allrightsreserve
3、d.CiscoConfidentialPresentation_ID4基本设备基本设备控制器4400或者2100系列AP:1130或者1240系列交换机:最好是3560POE交换机2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID52100系列无线控制器系列无线控制器支持支持802.11a/b/g/n支持支持PCI认证认证WLC2100 硬件硬件8个FE口,2个上联口,6个下联口其中2个FE口有以太网供电未使用端口未使用端口2个USB端口和一个扩展槽留作将来扩展用*2106和2006不能作为guesta
4、ccess的anchorcontroller*不支持LinkAggregation*不能通过软件升级AP容量AIR-WLC2125-K92100 Series WLAN Controller for up to 25 Lightweight APs$18,890AIR-WLC2112-K92100 Series WLAN Controller for up to 12 Lightweight APs$10,070AIR-WLC2106-K92100 Series WLAN Controller for up to 6 Lightweight APs$4,8752006CiscoSystems,
5、Inc.Allrightsreserved.CiscoConfidentialPresentation_ID64400系列无线控制器系列无线控制器1RU高度2口或者4口千兆上联支持12,25,50or100AP支持5000MAC地址转发表10/100Base-TX以太网ServicePort9pin串口Console口2扩展槽和1个utilityport目前未使用2热插拔电源模块插槽44xx WLAN Controller型号4402支持12,25,和50AP型号4404支持100APs*不能通过软件升级AP容量*4400系列使用SFP光纤模块*4400系列每port支持50个AP2006Ci
6、scoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID7准备工作准备工作网线和Console线。如果是4400,需要两头是DB9接口的线,如果是2106或者ISR,需要DB9+RJ45的线如果是4400,需要GLC光纤模块和光纤确认控制器版本是否需要升级(用命令showsysinfo查看系统版本)是否需要将胖AP升级到瘦AP1200/1100/1300需要upgradetool做升级,1250不需要工具,直接在图形化界面上升级2006CiscoSystems,Inc.Allrightsreserved.CiscoCon
7、fidentialPresentation_ID8实验拓扑示例实验拓扑示例TRUNKVLAN1/20/30/40fa0/1port1WLC说明:说明:1、VLAN1用于连接控制器、AP和ACS;2、VLAN20用于WPA/WPA2认证,认证服务器用ACS。3、VLAN30用作OPEN/WEP/GUEST客户接入3、VLAN40用作WPA/WPA2认证,认证用本地EAPSSID:VLAN20SSID:VLAN30PC/AAA服务器服务器VLAN1所有3层网关设置在3层交换机上,地址2542006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentia
8、lPresentation_ID9启动选项启动选项The controller boot sequence will always have these option available since this is set in PROM to ensure controller recovery options按5清空配置2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID10系统启动界面和配置系统启动界面和配置 (OS 5.1)Wouldyouliketoterminateautoinstall?ye
9、s:SystemNameCisco_51:2b:60(31charactersmax):2106-demoAUTO-INSTALL:processterminated-noconfigurationloadedEnterAdministrativeUserName(24charactersmax):ciscoEnterAdministrativePassword(24charactersmax):ciscoRe-enterAdministrativePassword:ciscoManagementInterfaceIPAddress:192.168.10.1ManagementInterfac
10、eNetmask:255.255.255.0ManagementInterfaceDefaultRouter:192.168.10.254ManagementInterfaceVLANIdentifier(0=untagged):ManagementInterfacePortNum1to8:1ManagementInterfaceDHCPServerIPAddress:192.168.10.254APManagerInterfaceIPAddress:192.168.10.2AP-ManagerisonManagementsubnet,usingsamevaluesAPManagerInter
11、faceDHCPServer(192.168.10.254):VirtualGatewayIPAddress:1.1.1.1Mobility/RFGroupName:demo2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID11系统启动界面(续)系统启动界面(续)EnableSymmetricMobilityTunnelingyesNO:yesNetworkName(SSID):openAllowStaticIPAddressesYESno:ConfigureaRADIUSServernow?YESno
12、:noWarning!ThedefaultWLANsecuritypolicyrequiresaRADIUSserver.Pleaseseedocumentationformoredetails.EnterCountryCodelist(enterhelpforalistofcountries)US:CNEnable802.11bNetworkYESno:Enable802.11aNetworkYESno:Enable802.11gNetworkYESno:EnableAuto-RFYESno:ConfigureaNTPservernow?YESno:noConfigurethesystemt
13、imenow?YESno:EnterthedateinMM/DD/YYformat:09/28/08EnterthetimeinHH:MM:SSformat:17:11:00Configurationcorrect?Ifyes,systemwillsaveitandreset.yesNO:yesConfigurationsaved!Resettingsystemwithnewconfiguration.非常重要,非常重要,Controller的的wireless的的domain要和要和AP一致。一致。2006CiscoSystems,Inc.Allrightsreserved.CiscoCon
14、fidentialPresentation_ID12配置配置3层交换机层交换机pdhcpexcluded-address192.168.10.1ipdhcpexcluded-address192.168.10.254ipdhcpexcluded-address192.168.10.2!ipdhcppoolAPnetwork192.168.10.0255.255.255.0default-router192.168.10.254!interfaceFastEthernet0/1switchporttrunkencapsulationdot1qswitchportmodetrunkinterfac
15、eVlan1ipaddress192.168.10.254255.255.255.0!interfaceVlan20ipaddress192.168.20.254255.255.255.0!interfaceVlan30ipaddress192.168.30.254255.255.255.0!interfaceVlan40ipaddress192.168.40.254255.255.255.0linevty04privilegelevel15passwordciscologin2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPre
16、sentation_ID13配置配置WEB访问访问2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID14使用使用IE浏览器进行浏览器进行WEB访问访问2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID15如果要升级控制器系统软件如果要升级控制器系统软件tftp服务器推荐支持64M以上文件传输2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresen
17、tation_ID16在在CCO上下载新版本上下载新版本支持室内室外mesh版本支持802.11n和其他新功能的普通版本2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID17Upgrade Path to Controller Software Release 5.0.148.0 or aboveCurrent Software Release Upgrade Path to 5.0.148.0 Software 3.2.78.0orlater3.2releaseUpgradetoa4.1release
18、beforeupgradingto5.0.148.0.4.0.155.5orlater4.0releaseUpgradetoa4.1or4.2releasebeforeupgradingto5.0.148.04.1.171.0orlater4.1releaseYoucanupgradedirectlyto5.0.148.0.4.2.61.0orlater4.2releaseYoucanupgradedirectlyto5.0.148.0.注意:由于配置存储格式不同,从3.x-4.x升级到5.x后,原来的部分配置可能丢失2006CiscoSystems,Inc.Allrightsreserved
19、.CiscoConfidentialPresentation_ID18Upgrade Path to Controller Software Release 4.1.171.0 Current Software Release Upgrade Path to 4.1.171.0 Software 3.2.78.0Upgradeto4.0.206.0oralater4.0releasebeforeupgradingto4.1.171.0.3.2.116.213.2.150.103.2.171.63.2.193.5IfyourcontrollerisconfiguredwiththenewJ3co
20、untrycode,upgradeto3.2.195.10oralater3.2release.IfyourcontrollerisnotconfiguredforthenewJ3countrycode,youcanupgradeto3.2.195.10oralater3.2releaseorto4.0.206.0oralater4.0release.3.2.195.10orlater3.2releaseYoucanupgradedirectlyto4.1.171.0.4.0.155.5Upgradeto4.0.206.0oralater4.0releasebeforeupgradingto4
21、.1.171.0.4.0.179.114.0.206.0orlater4.0releaseYoucanupgradedirectlyto4.1.171.0.2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID19控制器软件升级控制器软件升级 命令行方式命令行方式Step1.pingserver-ip-address 测试控制器与TFTP server的连通性Step2.transferdownloadmodetftp设置传输使用的协议:tftpStep3.transferdownloaddatatypec
22、ode设置传输的数据类型Step4.transferdownloadserveripserver-ip-address指定tftp server的IP地址Step5.transferdownloadfilenamefilename 制定Image的文件名Step6.transferdownloadstart开始传输文件,确认时如果回答No,则显示TFTP的参数设置Step7.resetsystemWLC的系统重新启动注:TFTP服务器软件推荐tftpd32,可以在网上免费下载,支持64M以上大文件传输2006CiscoSystems,Inc.Allrightsreserved.CiscoCon
23、fidentialPresentation_ID20控制器软件升级控制器软件升级 图形界面图形界面电脑上设置好Tftp软件;填入Tftp地址和文件名后,选择右侧的download按钮开始。完成后按提示reboot。2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID21PresentationTitleSize30PTOption2:Live熟悉无线控制器Controller配置界面2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresen
24、tation_ID22命令行命令行 (CLI)基本命令基本命令cisco2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID23命令行命令行 (CLI) “clear” Commands2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID24命令行命令行 (CLI) “config” Commandsandmore2006CiscoSystems,Inc.Allrightsreserved.CiscoConfiden
25、tialPresentation_ID25命令行命令行 (CLI) “debug” Command2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID26命令行命令行 (CLI) “help” Commands2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID27命令行命令行 (CLI) “show” Commands2006CiscoSystems,Inc.Allrightsreserved.CiscoConfi
26、dentialPresentation_ID28命令行命令行 (CLI) “transfer” Commands2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID29使用使用IE浏览器进行浏览器进行WEB访问访问2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID30控制器上查看和设置无线网络控制器上查看和设置无线网络SSID2006CiscoSystems,Inc.Allrightsreserved.CiscoC
27、onfidentialPresentation_ID31控制器配置页面控制器配置页面配置接口配置接口配置控制器配置控制器做做DHCP服务服务器器定义无线组定义无线组参看和配置参看和配置端口端口2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID32配置接口页面配置接口页面2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID33设置控制器做设置控制器做DHCP服务器服务器2006CiscoSystems,Inc.All
28、rightsreserved.CiscoConfidentialPresentation_ID34定义移动组定义移动组2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID35设置端口页面设置端口页面2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID36多个控制器时,设定主控制器多个控制器时,设定主控制器2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialP
29、resentation_ID37点击点击WIRELESS/ALL APs2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID38安全页面安全页面Radius服务器配置服务器配置本地用户数据库本地用户数据库MAC地址过滤地址过滤WEB认证相关认证相关配置配置本地本地EAP2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID39管理界面管理界面定义能够进行定义能够进行Controller管管理的管理用户理的管理用户200
30、6CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID40控制器维护管理界面控制器维护管理界面系统和配置文系统和配置文件的上传、下件的上传、下载配置载配置控制器软重启控制器软重启2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID41AP射频模块配置界面射频模块配置界面2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID42AP发射功率
31、调节发射功率调节(AP1131)TxPowerNumOfSupportedPowerLevels.6TxPowerLevel1.14dBmTxPowerLevel2.11dBmTxPowerLevel3.8dBmTxPowerLevel4.5dBmTxPowerLevel5.2dBmTxPowerLevel6.-1dBmAP1242的level1是17dBm2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID435.1版本对版本对HA的增强的增强Failover等级全局HA配置2006CiscoSyste
32、ms,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID44PresentationTitleSize30PTOption2:Live连接AP到控制器2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID45Controller里的里的Port还有还有Vlan以及以及Interface的对应关系的对应关系Controller必需配置的接口带内管理接口“Management Interface”LWAPPTunnel终结接口“AP Manager In
33、terface”桥接的无线客户端接口“Dynamic Interfaces”. 二三层漫游而设的虚拟接口“Virtual Interface”可选接口:服务接口带外管理接口带外管理接口*2100系列和WLCM没有serviceport2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID46确认控制器国家版本与确认控制器国家版本与AP一致一致目前版本支持同时支持多国家2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID
34、47确认时间配置无误确认时间配置无误2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID48在路由器或者在路由器或者3层交换机设置层交换机设置DHCP在在AP和控制器不在同一网段的情况下,建立和控制器不在同一网段的情况下,建立AP能够获取能够获取IP Address 的地址池,加上的地址池,加上Option 43WLC-router(config)#ipdhcppoolLWAPP-APWLC-router(dhcp-config)#network192.168.10.0255.255.255.0WLC-r
35、outer(dhcp-config)#default-router192.168.0.254WLC-router(dhcp-config)#option43ascii192.168.10.1“/很重要!通过很重要!通过Option 43 可以让可以让AP在获取和控制器不同网段在获取和控制器不同网段IP Address的时候,能够知道的时候,能够知道Controller的所在。的所在。如果如果AP和控制器在一个网段和广播域,则可以不配置和控制器在一个网段和广播域,则可以不配置option 43WLC-router(dhcp-config)#exitWLC-router(config)#ipdhc
36、pexcluded-address192.168.0.2542006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID49在在IOS设备配置设备配置Option 43对于1000/1500系列,直接写option43ascii“192.168.10.5,129.168.10.20“对于1100和1200,需要写option60和option43假设要连接1240,控制器地址为192.168.10.5和192.168.10.20ipdhcppoolAPnetwork192.168.10.0/24default-r
37、outer192.168.10.254dns-server192.168.10.100option60ascii“CiscoAPc1240“option43hexf108c0a80a05c0a80a14VCIString1130的是CiscoAPc1130类型=f1长度=2x4=08192.168.10.5192.168.10.202006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID50可以在可以在console上打开上打开debug观察观察AP加入情况加入情况(CiscoController)debug
38、lwappeventsenable(CiscoController)*Oct0419:20:19.154:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:60onport8*Oct0419:20:19.154:Receivedapacketwhichisa(type=DISCOVERY_REQUEST)withsessionid0*Oct0419:20:19.154:JoinPriorityProcessingstatus=0,IncomingApsPriority1,M
39、axLrads=6,joinedAps=0*Oct0419:20:19.155:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8*Oct0419:20:19.156:00:1a:e3:d0:19:50ReceivedLWAPPDISCOVERYREQUESTfromAP00:1a:e3:d0:19:50toff:ff:ff:ff:ff:ffonport8*Oct0419:20:19.156:Receivedapacketwhichisa(type=DISCOVE
40、RY_REQUEST)withsessionid0*Oct0419:20:19.156:JoinPriorityProcessingstatus=0,IncomingApsPriority1,MaxLrads=6,joinedAps=0*Oct0419:20:19.156:00:1a:e3:d0:19:50SuccessfultransmissionofLWAPPDiscoveryResponsetoAP00:1a:e3:d0:19:50onport8*Oct0419:20:31.162:00:1a:e3:d0:19:50ReceivedLWAPPJOINREQUESTfromAP00:1a:
41、e3:d0:19:50to00:1e:13:51:2b:67onport8*Oct0419:20:31.162:Receivedapacketwhichisa(type=JOIN_REQUEST)withsessionid0*Oct0419:20:31.177:00:1a:e3:d0:19:50APAP001b.5302.28f8:txNonce00:1E:13:51:2B:60rxNonce00:1A:E3:D0:19:50*Oct0419:20:31.177:00:1a:e3:d0:19:50LWAPPJoinRequestMTUpathfromAP00:1a:e3:d0:19:50is1
42、500,remotedebugmodeis0*Oct0419:20:31.177:DTLAddingAP1-192.168.10.10*Oct0419:20:31.177:00:1a:e3:d0:19:50SuccessfullyaddedNPUEntryforAP00:1a:e3:d0:19:50(index1)SwitchIP:192.168.10.2,SwitchPort:12223,intIfNum8,vlanId0APIP:192.168.10.10,APPort:8847,nex*Oct0419:20:31.911:00:1a:e3:d0:19:50Successfultransm
43、issionofLWAPPJoinReplytoAP00:1a:e3:d0:19:50*Oct0419:20:31.912:00:1a:e3:d0:19:50spam_lrad.c:1589-OperationState0=4*Oct0419:20:31.913:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot0*Oct0419:20:31.914:00:1a:e3:d0:19:50RegisterLWAPPeventforAP00:1a:e3:d0:19:50slot1*Oct0419:20:33.192:00:1a:
44、e3:d0:19:50ReceivedLWAPPCONFIGUREREQUESTfromAP00:1a:e3:d0:19:50to00:1e:13:51:2b:67*Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIPinfoforAP00:1a:e3:d0:19:50-static0,192.168.10.10/255.255.255.0,gtw192.168.10.254*Oct0419:20:33.194:00:1a:e3:d0:19:50UpdatingIP192.168.10.10=192.168.10.10forAP00:1a:e3:d0:19
45、:50*Oct0419:20:33.194:00:1b:53:02:28:f8BuildingConfigResponseMsgfor00:1b:53:02:28:f82006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID51确认确认AP连接到控制器连接到控制器图形界面命令行2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID52PresentationTitleSize30PTOption2:LiveCSSC无线客户
46、端2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID53802.11 无线客户端概述无线客户端概述WLAN特性CSSCMicrosoftCiscoACU/ADU多WLANProfile(不同的SSID,不同的安去策略)支持YesYesYesActiveProbe(hiddenSSIDsupport)YesNoYes部署工具YesNoYesWPA/WPA2YesYesPartialWPA2PMKcachingYesYesPartialEAP-FASTYesNoPartialWPA-PSKYesYesPar
47、tialStaticWEP(40/128bit)YesYesYesNAC/CTA(网络准入支持)YesNoNo2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID54无线客户端建议无线客户端建议2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID55Cisco SSC客户端软件的安装客户端软件的安装2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPres
48、entation_ID56CSSC连接的简单设置连接的简单设置2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID57PresentationTitleSize30PTOption2:Live构建一个构建一个OPEN和一个和一个WEP的无线网的无线网络络2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID58配置一个无线业务的基本步骤配置一个无线业务的基本步骤配置无线客户端的DHCP服务器配置一个无线网络接口dyna
49、micinterface配置一个无线业务WLAN2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID601、为客户端建立、为客户端建立DHCP服务器服务器2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID612、为无线客户端建立一个无线接口、为无线客户端建立一个无线接口点击点击APPLY2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentat
50、ion_ID622、建立、建立Guest无线接口无线接口:VLAN202006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID63查看建立的接口查看建立的接口点击可以进行VLAN20接口的参数修改如果想建立更多的接口,可以继续点击NEW设置新接口点击可以删除2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID643、建立一个、建立一个open的访客的访客 WLAN2006CiscoSystems,Inc.Allright
51、sreserved.CiscoConfidentialPresentation_ID653、建立一个、建立一个open的访客的访客 WLAN很重要!很容易被忘记2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID663、建立一个、建立一个open的访客的访客 WLAN选择None,不对无线网络有任何加密和限制2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID67WLAN增强特性配置增强特性配置2006CiscoSy
52、stems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID68无线客户端连接测试无线客户端连接测试2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID69更改刚才的更改刚才的WLAN为为WEP加密加密40位WEP要求5位ASCII字符密码104位WEP要求13位ASCII字符密码CiscoAironet1100/1200/1300不支持128位WEP2006CiscoSystems,Inc.Allrightsreserved.CiscoConf
53、identialPresentation_ID70无线连接验证无线连接验证2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID71PresentationTitleSize30PTOption2:Live构建一个简单WEB认证的无线接入网络2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID72构建一个简单构建一个简单WEB认证的无线网络认证的无线网络1.增加一个新的地址池增加一个新的地址池2.增加一个新的接口增加一
54、个新的接口3.配置配置web页面认证的本地页面页面认证的本地页面4.增加增加web认证的认证的WLAN5.建立本地用户认证数据库建立本地用户认证数据库2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID731、新建一个用于、新建一个用于WEB 认证用户的地址池认证用户的地址池2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID742、控制器添加一个、控制器添加一个VLAN30接口接口2006CiscoSystems,
55、Inc.Allrightsreserved.CiscoConfidentialPresentation_ID753、配置、配置web页面认证的本地页面页面认证的本地页面2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID764、新建一个、新建一个WLAN2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID774、新建一个、新建一个WLAN2006CiscoSystems,Inc.Allrightsreserved.C
56、iscoConfidentialPresentation_ID785、定义内部认证用户数据库、定义内部认证用户数据库2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID79验证验证WEB认证认证跟前面一样,在跟前面一样,在CSSC的的Manage Network中,选择并激活中,选择并激活web-auth2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID80web界面认证的验证界面认证的验证2006CiscoSys
57、tems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID81web界面认证的验证界面认证的验证2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID82PresentationTitleSize30PTOption2:Live构建一个支持本地EAP认证的无线接入网络2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID83构建一个支持构建一个支持WPA认证的网
58、络认证的网络1.增加一个新的地址池增加一个新的地址池2.增加一个新的动态接口增加一个新的动态接口3.添加本地添加本地EAP支持或者支持或者AAA服务器(服务器(Radius服务器)服务器)4.建立一个新的建立一个新的WLAN SSID5.配置配置WPA/WPA2认证认证6.设置设置CSSC客户端软件客户端软件2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID841、新建一个地址池、新建一个地址池2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentia
59、lPresentation_ID852、控制器添加一个、控制器添加一个VLAN40接口接口2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID863、增加本地、增加本地EAP支持支持2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID873、本地、本地EAP的的profile配置配置2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation
60、_ID884、新建一个、新建一个WLAN2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID894、新建一个、新建一个WLAN2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID905、配置、配置WPA/WPA22006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID915、配置本地、配置本地EAP认证支持认证支持2006Cisco
61、Systems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID926、设置、设置CSSC软件,添加软件,添加SSID2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID93PresentationTitleSize30PTOption2:Live构建一个用ACS做AAA认证的无线接入网络2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID94ACS相关配置
62、名词解释相关配置名词解释PostureACSAccessControlServerNAPNetworkAccessProfileNAFNetworkAccessFilterNADNetworkAccessDeviceNDGNetworkDeviceGroupPAPostureAgentPVPostureValidationRACRadiusAuthorizationComponentDACLDynamicAccessControlListADFAttributeDefinitionFile2006CiscoSystems,Inc.Allrightsreserved.CiscoConfident
63、ialPresentation_ID95ACS各部件逻辑关系各部件逻辑关系NAPAuthenticationAuthorizationPostureValidationAuthenticationDBGlobalAuthSetupInternalDBExternalDBRule1RuleNPolicy1InternalPostureValidationExternalPostureValidationExternalPostureValidationAuditRACDACLNAFNAD+AAANDGSwitchesRoutersVPNGWFWPolicyNororor通过认证后检查状态检查状态
64、后指示设备配置关联组成下载至设备组成引用引用2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID96添加添加Radius服务器服务器Securityaaaradiusauthentication2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID97EAP AuthenticationCisco的自适应WPA或者WPA22006CiscoSystems,Inc.Allrightsreserved.CiscoConfi
65、dentialPresentation_ID98EAP Authentication配置radius2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID99ACS配置配置-增加增加AAA client增加AAAclient2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID100增加AAAserverACS配置配置-增加增加 AAA server2006CiscoSystems,Inc.Allrightsreserv
66、ed.CiscoConfidentialPresentation_ID101ACS配置配置-显示的显示的AAA client和和Server2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID102ACS配置配置-产生证书产生证书2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID103配置AAA需要返回的参数ACS配置配置-AAA能够返回的参数能够返回的参数2006CiscoSystems,Inc.Allright
67、sreserved.CiscoConfidentialPresentation_ID104ACS配置配置-选择各种选择各种EAP2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID105ACS配置配置-EAP Fast配置配置不要选择这个2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID106ACS配置配置-增加一个增加一个group2006CiscoSystems,Inc.Allrightsreserved.Ci
68、scoConfidentialPresentation_ID107ACS配置配置-增加一个增加一个user加入加入group2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID108EAP Authentication-funk software on PCPEAPPC端配置不要选不要选2006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID109配置配置CSSC2006CiscoSystems,Inc.Allright
69、sreserved.CiscoConfidentialPresentation_ID1102006CiscoSystems,Inc.Allrightsreserved.CiscoConfidentialPresentation_ID1119、静夜四无邻,荒居旧业贫。2024/9/92024/9/9Monday,September9,202410、雨中黄叶树,灯下白头人。2024/9/92024/9/92024/9/99/9/20248:07:15AM11、以我独沈久,愧君相见频。2024/9/92024/9/92024/9/9Sep-2409-Sep-2412、故人江海别,几度隔山川。2024
70、/9/92024/9/92024/9/9Monday,September9,202413、乍见翻疑梦,相悲各问年。2024/9/92024/9/92024/9/92024/9/99/9/202414、他乡生白发,旧国见青山。09九月20242024/9/92024/9/92024/9/915、比不了得就不比,得不到的就不要。九月242024/9/92024/9/92024/9/99/9/202416、行动出成果,工作出财富。2024/9/92024/9/909September202417、做前,能够环视四周;做时,你只能或者最好沿着以脚为起点的射线向前。2024/9/92024/9/9202
71、4/9/92024/9/99、没有失败,只有暂时停止成功!。2024/9/92024/9/9Monday,September9,202410、很多事情努力了未必有结果,但是不努力却什么改变也没有。2024/9/92024/9/92024/9/99/9/20248:07:15AM11、成功就是日复一日那一点点小小努力的积累。2024/9/92024/9/92024/9/9Sep-2409-Sep-2412、世间成事,不求其绝对圆满,留一份不足,可得无限完美。2024/9/92024/9/92024/9/9Monday,September9,202413、不知香积寺,数里入云峰。2024/9/92
72、024/9/92024/9/92024/9/99/9/202414、意志坚强的人能把世界放在手中像泥块一样任意揉捏。09九月20242024/9/92024/9/92024/9/915、楚塞三湘接,荆门九派通。九月242024/9/92024/9/92024/9/99/9/202416、少年十五二十时,步行夺得胡马骑。2024/9/92024/9/909September202417、空山新雨后,天气晚来秋。2024/9/92024/9/92024/9/92024/9/99、杨柳散和风,青山澹吾虑。2024/9/92024/9/9Monday,September9,202410、阅读一切好书如
73、同和过去最杰出的人谈话。2024/9/92024/9/92024/9/99/9/20248:07:15AM11、越是没有本领的就越加自命不凡。2024/9/92024/9/92024/9/9Sep-2409-Sep-2412、越是无能的人,越喜欢挑剔别人的错儿。2024/9/92024/9/92024/9/9Monday,September9,202413、知人者智,自知者明。胜人者有力,自胜者强。2024/9/92024/9/92024/9/92024/9/99/9/202414、意志坚强的人能把世界放在手中像泥块一样任意揉捏。09九月20242024/9/92024/9/92024/9/9
74、15、最具挑战性的挑战莫过于提升自我。九月242024/9/92024/9/92024/9/99/9/202416、业余生活要有意义,不要越轨。2024/9/92024/9/909September202417、一个人即使已登上顶峰,也仍要自强不息。2024/9/92024/9/92024/9/92024/9/9MOMODA POWERPOINTLorem ipsum dolor sit, eleifend nulla ac, fringilla purus. Nulla iaculis tempor felis amet, consectetur adipiscing elit. Fusce id urna blanditut cursus. 感感谢谢您您的的下下载载观观看看专家告诉