一栋大楼内部组建公共无线网络，考虑到客户端数量可能众多，而客户端频繁及接入层交无线ap移动可能性不大，规划将无线客户端划分到不同的vlan内，vlan内。

网络连接示意图如下：换机划在一个无线控制器配置文件：#version 5.20, Release 2308P10#sysname wx5004#domain default enable system#port-security enable#wlan auto-ap enable#vlan 1#vlan 96description ap-client#vlan 97description ap-client#vlan 98description ap-client#vlan 99description ap-client#vlan 100description ap-client#vlan 101description ap-client#vlan 102description ap-client#vlan 103description managerdevice#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#public-key peer 192.168.103.254public-key-code begin30819F300D06092A864886F70D3818D00308C2171D5A373DAB7E0E2B1B202AA91185612713CB3BC6CAD3557BB740D5F9CF3CA1935F20EB05B823B1CAC A18E0CC401FE26B61DDE098EE75610ACF51084980E2FCD305EE3CF30F6D5E8885F0D3BA5AD E913BCD672E038FEACBD4B3CDB9809B2E1D57B660CDCF7F50282DF5EF8D973B264191552DE 82E5C3EC3B7C9F11D54357D020*******public-key-code endpeer-public-key end#dhcp server ip-pool managernetwork 192.168.103.0 mask 255.255.255.0gateway-list 192.168.103.254expired day 7#dhcp server ip-pool pub-wireless-usenetwork 192.168.96.0 mask 255.255.248.0dns-list 211.95.193.97 211.94.33.193 8.8.8.8#．dhcp server ip-pool vlan100network 192.168.100.0 mask 255.255.255.0gateway-list 192.168.100.254#dhcp server ip-pool vlan101network 192.168.101.0 mask 255.255.255.0gateway-list 192.168.101.254#dhcp server ip-pool vlan102network 192.168.102.0 mask 255.255.255.0gateway-list 192.168.102.254#dhcp server ip-pool vlan96network 192.168.96.0 mask 255.255.255.0gateway-list 192.168.96.254#dhcp server ip-pool vlan97network 192.168.97.0 mask 255.255.255.0gateway-list 192.168.97.254#dhcp server ip-pool vlan98network 192.168.98.0 mask 255.255.255.0gateway-list 192.168.98.254#dhcp server ip-pool vlan99network 192.168.99.0 mask 255.255.255.0gateway-list 192.168.99.254#user-group systemgroup-attribute allow-guest#local-user adminpassword simple xxxxxauthorization-attribute level 3service-type ssh telnet#wlan rrmdot11a mandatory-rate 6 12 24dot11a supported-rate 9 18 36 48 54dot11b mandatory-rate 1 2dot11b supported-rate 5.5 11dot11g mandatory-rate 1 2 5.5 11dot11g supported-rate 6 9 12 18 24 36 48 54 #．wlan radio-policy 101#wlan radio-policy 103#wlan service-template 103 clearssid pubwirelessbind WLAN-ESS 103service-template enable#interface NULL0#interface Vlan-interface1#interface Vlan-interface96ip address 192.168.96.253 255.255.255.0 #interface Vlan-interface97ip address 192.168.97.253 255.255.255.0 #interface Vlan-interface98ip address 192.168.98.253 255.255.255.0 #interface Vlan-interface99ip address 192.168.99.253 255.255.255.0 #interface Vlan-interface100ip address 192.168.100.253 255.255.255.0 #interface Vlan-interface101ip address 192.168.101.253 255.255.255.0 #interface Vlan-interface102ip address 192.168.102.253 255.255.255.0 #interface Vlan-interface103ip address 192.168.103.253 255.255.255.0 #interface GigabitEthernet1/0/1port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 96 to 103#interface GigabitEthernet1/0/2port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 96 to 103#interface GigabitEthernet1/0/3port access vlan 101#interface GigabitEthernet1/0/4port access vlan 101#interface M-Ethernet1/0/0#interface Ten-GigabitEthernet1/0/5#interface WLAN-ESS1#interface WLAN-ESS101port access vlan 101#interface WLAN-ESS103port access vlan 103#wlan ap 3c01 model WA2100 id 2serial-id 210235A22WB095002382radio 1radio-policy 103service-template 103 vlan-id 96radio enable#wlan ap autoap model WA2100 id 1serial-id autoradio 1#wlan ap autoap_0001 model WA2100 id 3 serial-id 210235A22WB095001936radio 1radio-policy 103service-template 103 vlan-id 96radio enable#wlan ap autoap_0002 model WA2100 id 4 serial-id 210235A22WB095002528radio 1radio-policy 103service-template 103 vlan-id 96． radio enable#wlan ap autoap_0003 model WA2100 id 5 serial-id 210235A22WB095000642radio 1radio-policy 103service-template 103 vlan-id 96radio enable#wlan ap autoap_0004 model WA2100 id 6 serial-id 210235A22WB095001850radio 1radio-policy 103service-template 103 vlan-id 97radio enable#wlan ap autoap_0005 model WA2100 id 7 serial-id 210235A22WB095000518radio 1radio-policy 103service-template 103 vlan-id 97radio enable#wlan ap autoap_0006 model WA2100 id 8 serial-id 210235A22WB095001905radio 1radio-policy 103service-template 103 vlan-id 97radio enable#wlan ap autoap_0007 model WA2100 id 9 serial-id 210235A22WB095000643radio 1radio-policy 103service-template 103 vlan-id 97radio enable#wlan ap autoap_0008 model WA2100 id 10 serial-id 210235A22WB095001943radio 1radio-policy 103service-template 103 vlan-id 97radio enable#．wlan ap autoap_0009 model WA2100 id 11 serial-id 210235A22WB095000543radio 1radio-policy 103service-template 103 vlan-id 98radio enable#wlan ap autoap_0010 model WA2100 id 12 serial-id 210235A22WB095001939radio 1radio-policy 103service-template 103 vlan-id 98radio enable#wlan ap autoap_0011 model WA2100 id 13 serial-id 210235A22WB095002305radio 1radio-policy 103service-template 103 vlan-id 98radio enable#wlan ap autoap_0012 model WA2100 id 14 serial-id 210235A22WB095002496radio 1radio-policy 103service-template 103 vlan-id 98radio enable#wlan ap autoap_0013 model WA2100 id 15 serial-id 210235A22WB095002598radio 1radio-policy 103service-template 103 vlan-id 99radio enable#wlan ap autoap_0014 model WA2100 id 16 serial-id 210235A22WB095002499radio 1radio-policy 103service-template 103 vlan-id 99radio enable#wlan ap autoap_0018 model WA2100 id 17 serial-id 210235A22WB095000641．radio 1radio-policy 103service-template 103 vlan-id 99radio enable#wlan ap autoap_0019 model WA2100 id 18 serial-id 210235A22WB095001945radio 1radio-policy 103service-template 103 vlan-id 99radio enable#wlan ap autoap_0020 model WA2100 id 19serial-id 210235A22WB095001932radio 1radio-policy 103service-template 103 vlan-id 99radio enable#undo info-center log#dhcp server forbidden-ip 192.168.101.1 192.168.101.20dhcp server forbidden-ip 192.168.101.240 192.168.101.254dhcp server forbidden-ip 192.168.96.1 192.168.96.20dhcp server forbidden-ip 192.168.96.240 192.168.96.254dhcp server forbidden-ip 192.168.97.1 192.168.97.20dhcp server forbidden-ip 192.168.97.240 192.168.97.254dhcp server forbidden-ip 192.168.98.1 192.168.98.20dhcp server forbidden-ip 192.168.98.240 192.168.98.254dhcp server forbidden-ip 192.168.99.1 192.168.99.20dhcp server forbidden-ip 192.168.99.240 192.168.99.254dhcp server forbidden-ip 192.168.100.1 192.168.100.20dhcp server forbidden-ip 192.168.100.240 192.168.100.254dhcp server forbidden-ip 192.168.102.1 192.168.102.20dhcp server forbidden-ip 192.168.102.240 192.168.102.254dhcp server forbidden-ip 192.168.103.1 192.168.103.20dhcp server forbidden-ip 192.168.103.240 192.168.103.254#dhcp enable#ssh server enablessh client authentication server 192.168.103.254 assign publickey 192.168.103.254#．load xml-configuration#user-interface con 0user-interface vty 0 4 authentication-mode scheme user privilege level 3#return核心交换机配置文件：#version 5.20, Release 2202#sysname wirelessandvideoswitch#irf mac-address persistent timerirf auto-update enableundo irf link-delay#domain default enable system#undo ip ttl-expires#vlan 1#vlan 96description ap-client#vlan 97description ap-client#vlan 98description ap-client#vlan 99description ap-client#vlan 100description ap-client#．vlan 101 description ap-client#vlan 102 description ap-client#vlan 103 description managerdevice#vlan 104 description connection FW# radius scheme system server-type extended primary authentication 127.0.0.1 1645primary accounting 127.0.0.1 1646user-name-format without-domain#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable##user-group system#local-user adminpassword simple xxxxxxxxxxauthorization-attribute level 3service-type ssh telnet#interface NULL0#interface Vlan-interface96ip address 192.168.96.254 255.255.255.0#interface Vlan-interface97ip address 192.168.97.254 255.255.255.0#interface Vlan-interface98ip address 192.168.98.254 255.255.255.0 #．interface Vlan-interface99ip address 192.168.99.254 255.255.255.0#interface Vlan-interface100ip address 192.168.100.254 255.255.255.0 #interface Vlan-interface101ip address 192.168.101.254 255.255.255.0 #interface Vlan-interface102ip address 192.168.102.254 255.255.255.0 #interface Vlan-interface103ip address 192.168.103.254 255.255.255.0 #interface Vlan-interface104description connectionFWip address 192.168.255.221 255.255.255.252 #interface GigabitEthernet1/0/1#interface GigabitEthernet1/0/2#interface GigabitEthernet1/0/3#interface GigabitEthernet1/0/4#interface GigabitEthernet1/0/5#interface GigabitEthernet1/0/6#interface GigabitEthernet1/0/7#interface GigabitEthernet1/0/8#interface GigabitEthernet1/0/9#interface GigabitEthernet1/0/10#interface GigabitEthernet1/0/11#interface GigabitEthernet1/0/12#interface GigabitEthernet1/0/13． port access vlan 103#interface GigabitEthernet1/0/14port access vlan 103#interface GigabitEthernet1/0/15port access vlan 103#interface GigabitEthernet1/0/16port access vlan 103#interface GigabitEthernet1/0/17port access vlan 103#interface GigabitEthernet1/0/18port access vlan 103#interface GigabitEthernet1/0/19shutdown#interface GigabitEthernet1/0/20shutdown#interface GigabitEthernet1/0/21#interface GigabitEthernet1/0/22shutdown#interface GigabitEthernet1/0/23shutdown#interface GigabitEthernet1/0/24shutdown#interface GigabitEthernet1/0/25port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 96 to 103shutdown#interface GigabitEthernet1/0/26port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 96 to 103．shutdown#interface GigabitEthernet1/0/27 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 96 to 103# interface GigabitEthernet1/0/28port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 96 to 103#interface GigabitEthernet1/0/29shutdown#interface GigabitEthernet1/0/30port access vlan 103#interface GigabitEthernet1/0/31#interface GigabitEthernet1/0/32port access vlan 104#ssh server enablessh client authentication server assign publickey 192.168.103.253 192.168.103.253192.168.103.254 publickey ssh client authentication server assign192.168.103.254#user-interface aux 0 8user-interface vty 0 4 authentication-mode schemeuser privilege level 3#return配置要点：无线控制器中：创建服务模板wlan service-template 103 clear ssid pubwireless bind WLAN-ESS 103 service-template enable号vlanvlan号要与无线ap上联的交换机端口的创建无线虚接口，注意此处的一致interface WLAN-ESS103 port access vlan 103fit ap配置wlan ap autoap_0006 model WA2100 id 8 serial-id210235A22WB095001905 radio 1 radio-policy 103 service-template 103 vlan-id 97 radio enable，而采用trunkAP上联端口不用因无线客户端的数据包已经经过封装的，所以模式。