配置LSW和AC，使AP與AC之間能夠傳輸CAPWAP報文
[LSW1]vlan batch 100
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[LSW1-GigabitEthernet0/0/2]port-isolate enable
[AC1]vlan batch 100
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

配置AC與上層網(wǎng)絡(luò)設(shè)備互通
[AC1]vlan batch 101 102 103
[AC1-Vlanif101]ip add 10.1.101.1 24
[AC1-Vlanif102]ip add 10.1.102.1 24
[AC1-Vlanif103]ip add 10.1.103.1 24
[AC1-GigabitEthernet0/0/2]port link-type access
[AC1-GigabitEthernet0/0/2]port default vlan 102
[AC1-GigabitEthernet0/0/3]port link-type trunk
[AC1-GigabitEthernet0/0/3]port trunk allow-pass vlan 103
[AC1-GigabitEthernet0/0/3]port trunk pvid vlan 103
[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.102.2

配置AC給AP分配IP地址，AR給STA分配IP地址
[AC1]dhcp enable
[AC1-Vlanif100]ip add 10.1.100.1 24
[AC1-Vlanif100]dhcp select interface
[AC1-Vlanif101]dhcp select relay
[AC1-Vlanif101]dhcp relay server-ip 10.1.102.2
[AR1]dhcp enable
[AR1-ip-pool-sta]gateway-list 10.1.101.1
[AR1-ip-pool-sta]dns-list 8.8.8.8
[AR1-ip-pool-sta]network 10.1.101.0 mask 24
[AR1-GigabitEthernet0/0/0]ip add 10.1.102.2 24
[AR1-GigabitEthernet0/0/0]dhcp select global
[AR1]ip route-static 10.1.101.0 24 10.23.102.1

配置AP上線
創(chuàng)建AP組
[AC1]wlan
[AC1-wlan-view]ap-group name ap-group1
創(chuàng)建域管理模板，在域管理模板下配置AC的國家碼并在AP組下引用域管理模板
[AC1-wlan-view]regulatory-domain-profile name domain1
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
[AC1]capwap source interface Vlanif 100
在AC上離線導(dǎo)入AP，并將AP加入AP組
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc19-7cf0
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group ap-group1

配置WLAN業(yè)務(wù)參數(shù)
創(chuàng)建安全模板，并配置安全策略
[AC1]wlan
[AC1-wlan-view]security-profile name wlan-security
[AC1-wlan-sec-prof-wlan-security]security wapi certificate
[AC1-wlan-sec-prof-wlan-security]wapi asu ip 10.1.103.2
[AC1-wlan-sec-prof-wlan-security]wapi import certificate ac format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import certificate asu format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import certificate issuer format pem file-name flash:/as.cer
[AC1-wlan-sec-prof-wlan-security]wapi import private-key format pem file-name flash:/ae.cer
創(chuàng)建SSID模板，并配置SSID名稱
[AC1-wlan-view]ssid-profile name wlan-ssid
[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net
創(chuàng)建VAP模板，配置業(yè)務(wù)數(shù)據(jù)轉(zhuǎn)發(fā)模式、業(yè)務(wù)VLAN，并且引用安全模板、認證模板和SSID模板
[AC1-wlan-view]vap-profile name wlan-vap
[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel
[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 101
[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security
[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid
配置AP組引用VAP模板，AP上射頻0和射頻1都使用VAP模板的配置
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 0
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 1

配置AP射頻的信道和功率
關(guān)閉射頻的信道和功率自動調(diào)優(yōu)功能
[AC1-wlan-view]rrm-profile name default
[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable
[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable
配置AP射頻的信道和功率
[AC1-wlan-view]ap-id 0
[AC1-wlan-ap-0]radio 0
[AC1-wlan-radio-0/0]channel 20mhz 6
[AC1-wlan-radio-0/0]eirp 127
[AC1-wlan-ap-0]radio 1
[AC1-wlan-radio-0/1]channel 20mhz 149
[AC1-wlan-radio-0/1]eirp 127