AC-captive-portal+本地认证

AC(config)#vlan 10;20;101
AC(config)#
AC(config)#interface vlan 10
AC(config-if-vlan10)#
AC(config-if-vlan10)#ip address 10.80.0.254 255.255.255.0
AC(config-if-vlan10)#    
AC(config-if-vlan20)#Interface Vlan20
AC(config-if-vlan20)#ip address 10.80.1.62 255.255.255.192 
AC(config-if-vlan20)#
AC(config-if-vlan20)#interface vlan 101                   
AC(config-if-vlan101)#
AC(config-if-vlan101)#ip address 10.80.1.66 255.255.255.252
AC(config-if-vlan101)#
AC(config-if-vlan101)#exi
AC(config)#

AC(config)#service dhcp
AC(config)#ip dhcp pool vlan10     
AC(dhcp-vlan10-config)#network-address 10.80.0.0 255.255.255.0
AC(dhcp-vlan10-config)#default-router 10.80.0.254 
AC(dhcp-vlan10-config)#exi
AC(config)#ip dhcp pool vlan20                    
AC(dhcp-vlan20-config)#network-address 10.80.1.0 255.255.255.192
AC(dhcp-vlan20-config)#default-router 10.80.1.62                
AC(dhcp-vlan20-config)#exi
AC(config)#ip dhcp pool vlan101                         
AC(dhcp-vlan101-config)#network-address 10.80.1.64 255.255.255.252
AC(dhcp-vlan101-config)#default-router 10.80.1.66 
AC(dhcp-vlan101-config)#exit 

AC(config)#interface ethernet 1/0/21
AC(config-if-ethernet1/0/21)#switchport mode trunk 
AC(config-if-ethernet1/0/21)#switchport trunk native vlan 101
AC(config-if-ethernet1/0/21)#exi

#等待1分钟
AC(config)#sh ip dhcp binding
Total dhcp binding items: 1, the matched: 1
IP address          Hardware address         Lease expiration         Type
10.80.1.65          00-03-0F-99-7E-E0        Mon Jan 02 00:17:00 2006 Dynamic

AC#ping 10.80.1.65
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 10.80.1.65, timeout is 2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
AC#

AC#sh wireless ap status

    MAC Address                                                            Configuration                
 (*) Peer Managed  IP Address                              Profile Status     Status           Age      
------------------ --------------------------------------- ------- ------- ------------- --------------
 00-03-0f-99-7e-e0 10.80.1.65                              1       Auth    Not Config    0d:00:00:01

Total Access Points............................ 1

AC#
AC#sh wireless ap status

    MAC Address                                                            Configuration                
 (*) Peer Managed  IP Address                              Profile Status     Status           Age      
------------------ --------------------------------------- ------- ------- ------------- --------------
 00-03-0f-99-7e-e0 10.80.1.65                              1       Managed Success       0d:00:00:01

Total Access Points............................ 1

AC(config)#sh wireless ap status 

    MAC Address                                                            Configuration                
 (*) Peer Managed  IP Address                              Profile Status     Status           Age      
------------------ --------------------------------------- ------- ------- ------------- --------------
 00-03-0f-99-7e-e0 10.80.1.65                              1       Managed Success       0d:00:00:03

Total Access Points............................ 1
AC(config)#
AC(config)#
AC(config)#
AC(config)#sh wireless ap 00-03-0f-99-7e-e0  status

MAC address.................................... 00-03-0f-99-7e-e0
Location....................................... 
IP Address..................................... 10.80.1.65
IP Subnet Mask................................. 255.255.255.252
IPv6 Address................................... -----
IPv6 Prefix.................................... -----
Managing Switch................................ Local Switch
Switch MAC Address............................. 00-03-0f-bd-01-ec
Switch IP Address.............................. 10.80.1.66
Status......................................... Managed
Last Disconnect Time and reason................ 0d:00:00:00  None
Configuration Status........................... Success
Last Failing Configuration Element............. None
Configuration Failure Error.................... 
Debug Mode..................................... Disable
Code Download Status........................... Not Started
Reset Status................................... Not Started
Profile........................................ 1 - Default
Vendor ID...................................... Digital China (Shanghai) Networks Ltd.
Protocol Version............................... 2
Software Version............................... 3.3.2.31
Hardware Version............................... 2.0.1
Uboot Version.................................. 1.0.6
Hardware Type.................................. 59 - WL8200-I2(R2), Indoor Dual Radio a/n/ac, b/g/n
Serial Number.................................. WL020420I824000455
Discovery Reason............................... Switch IP Configured
Authenticated Clients.......................... 0
System Up Time................................. 0d:00:10:16
Online Time.................................... 0d:00:07:20
Age............................................ 0d:00:00:00
CPU Type....................................... AR9563-775
CPU Usage(5s).................................. 13%
CPU Usage(30s)................................. 14%
CPU Usage(5min)................................ 14%
Memory Size Total(KB).......................... 126124
Memory Size Used(KB)........................... 82820
Static primary DNS Server...................... Not Configured
Static backup DNS Server....................... Not Configured
Management Vlan................................ 1
Management Vlan Priority....................... 0
Native Vlan.................................... 1

AC(config)#

！！！必须配置！！！

wireless
 enable
 no auto-ip-assign
 ap authentication none
 discovery vlan-list 101
 mac-authentication-mode black-list
 static-ip  10.80.1.66


AC(config)#wireless
AC(config-wireless)#network 1
AC(config-network)#ssid 2022skills-2.4G
AC(config-network)#vlan 10
AC(config-network)#security mode wpa-personal
AC(config-network)#wpa key skills01
AC(config-network)#exit
AC(config-wireless)#network 20
AC(config-network)#ssid 2022skills-5G
AC(config-network)#vlan 20
AC(config-network)#hide-ssid
AC(config-network)#security mode none


================

AC(config-wireless)#ap profile 1
AC(config-ap-profile)#
AC(config-ap-profile)#radio 1
AC(config-ap-profile-radio)#vap 0
AC(config-ap-profile-vap)#network 1
AC(config-ap-profile-vap)#enable 
AC(config-ap-profile-vap)#exi
AC(config-ap-profile-radio)#
AC(config-ap-profile-radio)#vap 1
AC(config-ap-profile-vap)#network 2     这里还没创建先打上去        
AC(config-ap-profile-vap)#enable 
AC(config-ap-profile-vap)#exi
AC(config-ap-profile-radio)#exi
AC(config-ap-profile)#radio 2
AC(config-ap-profile-radio)#vap 15                
AC(config-ap-profile-vap)#network 20
AC(config-ap-profile-vap)#enable 
AC(config-ap-profile-vap)#exi
AC(config-ap-profile-radio)#exi
AC(config-ap-profile)#


AC#wireless ap profile apply 1   下发配置

AC(config)#vlan 21   
AC(config-vlan21)#
AC(config-vlan21)#interface vlan 21
AC(config-if-vlan21)#ipv6 address 2001:10:81::1/112
AC(config-if-vlan21)#exi
AC(config)#ipv6 enable


AC(config)#service dhcpv6 
AC(config)#

AC(config)#ipv6  dhcp pool vlan21
AC(dhcpv6-vlan21-config)#network-address 2001:10:81::1 112
AC(dhcpv6-vlan21-config)#excluded-address 200:10:81::1
AC(dhcpv6-vlan21-config)#option 52 ipv6 2001:10:81::1
AC(dhcpv6-vlan21-config)#exi

AC(config)#interface vlan 21
AC(config-if-vlan21)#ipv6 dhcp server vlan21      
AC(config-if-vlan21)#ipv6 nd managed-config-flag 
AC(config-if-vlan21)#ipv6 nd other-config-flag 
AC(config-if-vlan21)#
AC(config-if-vlan21)#exi


AC(config-wireless)#network 2
AC(config-network)#ssid 2022skills_IPv6
AC(config-network)# security mode wpa-personal 
AC(config-network)#wpa key skills01
AC(config-network)#vlan 21

AC(config)#captive-portal 
AC(config-cp)#enable
AC(config-cp)#authentication-type internal 
AC(config-cp)#user GUEST
AC(config-cp-local-user)#password 123456
AC(config-cp-local-user)#group test1
AC(config-cp-local-user)#exi
    
AC(config-cp)#configuration 1
AC(config-cp-instance)#enable 
AC(config-cp-instance)#verification local 
AC(config-cp-instance)#group test1
AC(config-cp-instance)#protocol http 
AC(config-cp-instance)#interface ws-network 1
AC(config-cp-instance)#exi

AC(config)#  
AC#wireless ap profile apply 1
All configurations will be send to the aps associated to this profile and associated clients on these aps will be disconnected. Are you sure you want to apply the profile configuration? [Y/N] y
AP Profile apply is in progress.
AC#

AC(config)#wireless 
AC(config-wireless)#sh wireless ap status 

    MAC Address                                                            Configuration                
 (*) Peer Managed  IP Address                              Profile Status     Status           Age      
------------------ --------------------------------------- ------- ------- ------------- --------------
 00-03-0f-99-7e-e0 10.80.1.65                              1       Managed Success       0d:00:00:05

Total Access Points............................ 1
AC(config-wireless)#ap database 00-03-0f-99-7e-e0
AC(config-ap)#radio 1 power 90
AC(config-ap)#radio 2 power 90

mac-authentication-mode black-list
known-client 80-45-DD-77-CC-48 action global-action

 network 1
  mac authentication local

AC#wireless ap profile apply 1

在老版本设备中就直接生效了，
然后连上2.4Gwifi去10.80.0.254去认证就行了

认证通过后就可以正常通信了~~~