AP做出口上网设备
注意事项:
不是所有AP都有NAT的功能,需要确认是否支持NAT 组网描述:
外网——(拨号)AP——无线终端(192.168.10.0/24)配置步骤:
1.登录设备
地址:192.168.0.50
用户名:admin
密码:h3capadmin
2.新建无线网段vlan2 网络——vlan,新建
3.新建interface vlan 2,地址192.168.10.1
设备——端口管理,新建
4.创建dhcp服务器,为无线终端分配地址
网络——DHCP,运营商给了DNS地址就填写运营商给的DNS,没给就填写网关
5.配置上网,以拨号为例(静态ip直接修改interface vlan 1地址即可)网络——PPPoE
6.创建acl QoS——ACL IPv4
7.配置NAT,以拨号为例(静态ip接口选择vlan-interface1,其他不变)
8.配置默认路由,以拨号为例(静态ip下一跳输入外网网关即可)
9.创建无线服务,其所属vlan修改为2
无线服务——接入服务
10.配置完成后不要忘记保存
配置完成后,无线终端通过ssid 123连接并获得192.168.10.0网段地址上网
命令行信息:
<WAP722E>dis cu
#
version 5.20, Release 1508
#
sysname WAP722E
#
domain default enable system #
telnet server enable
#
port-security enable
#
password-recovery enable
#
undo attack-defense tcp fragment enable #
acl number 2000
rule 0 permit
#
vlan 1
#
vlan 2
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan2
network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1
dns-list 192.168.10.1
expired day 0 hour 2
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$jvHusdA/+2jovz+k0/tBMlWA+oeoRoUCoxGYKJo= authorization-attribute level 3
service-type telnet
service-type web
#
wlanrrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 clear
ssid H3C
service-template enable
wlan service-template 2 crypto
ssid 123
cipher-suiteccmp
security-iersn
service-template enable
#
cwmp
undocwmp enable
#
interface Dialer10
nat outbound 2000
link-protocolppp
ppp chap user 123
ppp chap password cipher $c$3$gj+V0+H4CkHE6N7cXOi3Il67a1CL5Q==
ppp pap local-user 123 password cipher $c$3$4OwWg8nN4s0B8kG11cbg30MOnycEwA==
pppipcpdns request
ip address ppp-negotiate
dialer user pppoeclient
dialer-group 10
dialer bundle 10
#
interface NULL0
#
interface Vlan-interface1
pppoe-client dial-bundle-number 10 ip address 192.168.0.50 255.255.255.0 #
interface Vlan-interface2
ip address 192.168.10.1 255.255.255.0 #
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface WLAN-BSS32
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-BSS33
port link-type hybrid
port hybrid vlan 1 untagged
#
interface WLAN-BSS34
port link-type hybrid
port hybrid vlan 1 to 2 untagged
port hybrid pvidvlan 2
port-security port-mode psk
port-securitytx-key-type 11key
port-securitypreshared-key pass-phrase cipher $c$3$XoS+0NX77ZaNCdol742GHh9Euwt
RdxRqgxdt
#
interface WLAN-BSS35
port link-type hybrid
port hybrid vlan 1 to 2 untagged
port hybrid pvidvlan 2
port-security port-mode psk
port-securitytx-key-type 11key
port-securitypreshared-key pass-phrase cipher $c$3$XoS+0NX77ZaNCdol742GHh9Euwt
RdxRqgxdt
#
interface WLAN-Radio1/0/1
service-template 2 interface wlan-bss 34 #
interface WLAN-Radio1/0/2
service-template 1 interface wlan-bss 33 service-template 2 interface wlan-bss 35 #
ip route-static 0.0.0.0 0.0.0.0 Dialer10
#
dhcp enable
#
dialer-rule 10 ip permit
#
arp-snooping enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interfacevty 0 4
authentication-mode scheme
#
return。