思科瘦AP配置 – Woo的博客

仅提供配置模板参考

1、配置主机名
hostname  TESTAP

show running-config                 ------查看配置
copy running-config startup-config  ------保存配置

2、配置IP地址
interface bvi1
ip address 10.67.145.184 255.255.255.192

show running-config
copy running-config startup-config

3、配置网络映射
dot11 network-map 5

show dot11 network-map
show dot11 adjacent-ap
show dot11 associations all         -----查看已接入AP的终端信息
show dot11 statistics client-traffic
copy running-config startup-config
clear dot11 client {mac-address}
clear dot11 statistics{interface | mac-address}

4、配置以太网
interface fastethernet 0
speed 100
duplex full
no shutdown

show interfaces
show ip interface brief
show running-config

5、配置无线接口
（1）设置SSID
interface dot11radio 0    -----默认的dot11radio号为0
ssid ASWaproutenetwork
authentication open

show interfaces dot11Radio 0
show controllers dot11Radio 0
（2）设置工作模式
interface dot11radio 0
station-role root
（3）设置传输速度
speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
（4）设置无线信道
channel {number | frequency | least-congested}
如：channel 2447   -----设置AP的channel为8，中心频率为2447
（5）启用802.11扩展
interface  dot11radio interface-number
dot11 extension aironet  -----设置AP无线接口信道

6、检查无线设备状态
show interface dot11radio interface-number
show interface dot11radio summary
debug dot11 events
debug dot11 packets
debug dot11 syslog
no debug dot11 events
undebug all

7、其他基本设置

HTTP服务的配置示例：
ip http authentication local
ip http port 8080
access-list 10 permit host 192.168.0.11
ip http access-class 1
ip http help-path file:///c:\wireless\help
end

DNS服务的配置示例：
ap(config)#ip domain-name www.eskystar.com
ap(config)#no ip domain-lookup

Telnet 服务的配置示例：
ap(config)#line vty 0 4
ap(config-line)#login
ap(config-line)#password Cisco_Aironet
ap#end

CDP服务的配置示例：
ap(config)#no cdp run
ap(config)#interface fastethernet 0
ap(config-if)#cdp enable
ap(config-if)#end
ap#show cdp

关于无线AP的检查：

信号强度signal strength : 接收封包的信号强度，数值越高，信号越强,-70dBm> -86dBM （0~100% 或 0~100dBm）

信号品质signal quality 接收封包的信号品质，数值越高，信号越清淅。（0~100%）

信号杂讯Signal to Noise 干扰信号，信号/噪音比数值越大越好。

参考：接收灵敏度 802.11g: ·-94 dBm @ 1 Mbps ·-93 dBm @ 2 Mbps ·-92 dBm @ 5.5 Mbps ·-86 dBm @ 6 Mbps ·-86 dBm @ 9 Mbps ·-90 dBm @ 11 Mbps·-86 dBm @ 12 Mbps ·-86 dBm @ 18 Mbps ·-84 dBm @ 24 Mbps ·-80 dBm @ 36 Mbps ·-75 dBm @ 48 Mbps ·-71 dBm @ 54 Mbps

为了实现对设备的远程管理，我们通常需要对设备配置管理地址，对于AP来说，我们可以通过配置AP的BVI地址来实现。

BVI即网桥虚拟接口，它是由AP自动创建的，当AP连接到有线网络时，AP使用BVI将所有接口都聚合到一个IP地址下，然后通过AP的以太网口和无线端口并使用该BVI的地址对AP进行管理。

参考：

配置命令	解释
ap#debug dot11 events	对所有无线事件进行调试分析
ap#debug dot11 packets	对无线数据包进行调试分析
ap#debug dot11 syslog	调试并分析无线的系统日志
ap#no debug dot11 events	停止对无线事件进行调试
Ap#undebug all	停止所有的调试过程

常用命令：

show dot11 associations	显示无线关联表或者无线关联统计信息
show dot11 statistics client-traffic	显示已接入的手持设备进出数据
show interfaces dot11Radio 0	显示无线接口配置和统计信息
show dot11 associations all-client	显示已接入的所有设备资料
test aaa g radius mac-address mac-address legacy	测试AP里的手持有否加入到ACS的认证上去。
power inline negotiation injector in	手动设定AP 供电模式
sh controllers dot11Radio 0	显示无线端口的详细配置
ap#show interface dot11radio summary	显示无线接口汇总统计信息

检查手持接入状态：

AP879# show dot11 associations802.11 Client Stations on Dot11Radio0: SSID [ASWaproutenetwork] : MAC Address IP address Device Name Parent State 0015.7031.6c15 10.67.13.225 unknown – self MAC-Assoc0015.708e.ab3b 10.67.13.224 unknown – self MAC-Assoc\\ 已经接入

ASWAP879#show dot11 statistics client-traffic Clients:Clients: 8-0015.70a3.11ad pak in 14150 bytes in 1664198 pak out 7852 bytes out 6345638 \\此手持的进出数据 dup 13 decrpyt err 0 mic mismatch 0 mic miss 0 tx retries 461 data retries 455 rts retries 6 signal strength 51 signal quality 40

AP704#show interfaces dot11Radio 0    
Dot11Radio0 is up, line protocol is up
  Hardware is 802.11G Radio, address is 0017.0f8f.72e0 (bia 0017.0f8f.72e0) \\
工作于
802.11g
模式。
  MTU 1500 bytes, BW 54000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:29, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/29/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/30 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
     103498 packets input, 7141897 bytes, 0 no buffer
     Received 697 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     273047 packets output, 33553538 bytes, 0 underruns
     80 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

AP704#show dot11 associations  all-client
Address           : 0015.708e.ab3b     Name             : NONE
IP Address        : 0.0.0.0            Interface        : Dot11Radio 0
Device            : unknown            Software Version : NONE
CCX Version       : NONE
 
State             : MAC-Assoc          Parent           : self               
SSID              : ASWaproutenetwork  VLAN             : 0
Hops to Infra     : 1                  Association Id   : 64
Clients Associated: 0                  Repeaters associated: 0
Tunnel Address    : 0.0.0.0
Key Mgmt type     : NONE               Encryption       : WEP
Current Rate      : 54.0               Capability       : ShortHdr ShortSlot 11h
Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
Voice Rates       : disabled
Signal Strength   : -63  dBm \\
信号强度，负值越小越好 Connected for : 18873 seconds
Signal to Noise   : 32  dBm  \\ 信号杂讯，越大越好  Activity Timeout : 14 seconds
Power-save        : On                 Last Activity    : 106 seconds ago
Apsd DE AC(s)     : NONE
 
Packets Input     : 1202               Packets Output   : 314       
Bytes Input       : 79335              Bytes Output     : 103632    
Duplicates Rcvd   : 0                  Data Retries     : 38        
Decrypt Failed    : 0                  RTS Retries      : 0         
MIC Failed        : 0                  MIC Missing      : 0         
Packets Redirected: 0                  Redirect Filtered: 0         
Session timeout   : 0 seconds
Reauthenticate in : never

AP879(config)#power inline negotiation injector in \\ 手动转换供电模式为RJ45网线PoE供电AP879(config)# May 23 03:55:19.244: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0015.7024.ccf4 Reason: Previous authentication no longer valid

首先检查AP端口，Dot11Radio0一定要UP.

AP879# show ip interface briefInterface IP-Address OK? Method Status

ASWAP879#show ip int b
Interface            IP-Address      OK? Method Status                Protocol
BVI1               10.67.28.120    YES NVRAM  up                     up      
Dot11Radio0         unassigned      YES NVRAM  reset   \\
有问题       down    
Dot11Radio1         unassigned      YES NVRAM  administratively down   down    
FastEthernet0         unassigned      YES NVRAM  up                    up

下面情况会导致手特无法接入，因为Dot11Radio0 RESET DOWN.

AP879#show ip int bInterface IP-Address OK? Method Status ProtocolBVI1 10.67.28.120 YES NVRAM up up Dot11Radio0 unassigned YES NVRAM reset \\有问题 down Dot11Radio1 unassigned YES NVRAM administratively down down FastEthernet0 unassigned YES NVRAM up up

参考下面解决方法, 运行下面命令：

AP879(config)#power inline negotiation injector installed
 A power-injector must be installed on port: 1811(Fas 5)(MAC=0015.6214.6cc9)
ASWAP879#terminal monitor
ASWAP879#show log
May 23 03:52:03.276: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 35 seconds
May 23 03:52:12.304: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
May 23 03:52:13.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
May 23 03:52:16.697: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   0015.7024.ccf4 Associated KEY_MGMT[NONE]
May 23 03:52:23.741: %SYS-5-CONFIG_I: Configured from console by mtlops on vty0 (10.67.206.33)

再次

AP879#sh ip int brief
Interface                 IP-Address      OK? Method Status                Protocol
ASWAP879#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.67.28.120    YES NVRAM  up                    up      
Dot11Radio0                unassigned      YES NVRAM  up  \\resume           up      
Dot11Radio1                unassigned      YES NVRAM  administratively down    down    
FastEthernet0              unassigned      YES NVRAM  up                      up      
AP879#

显示dot11Radio 0端口配置资料

AP879#sh controllers dot11Radio 0
!
interface Dot11Radio0
Radio AIR-AP1242GR, Base Address 0017.0f8f.89d0, BBlock version 0.00, Software version 5.90.8
Serial number: GAM10163X69
Number of supported simultaneous BSSID on Dot11Radio0: 8
Carrier Set: EMEA (EU )
Uniform Spreading Required: No
Current Frequency: 2447 MHz  Channel 8   \\
当前工作在
2.4GHz
下
Allowed Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13)
Listen Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13) 2484(14)
Current CCK Power: 17 dBm   \\在
2.4-GHz
频段下，既可以设置
OFDM
（正交频分多路复用）功率等级也可以使用
CCK
功率等级，
Allowed CCK Power Levels: -1 2 5 8 11 14 17
Current OFDM Power: 17 dBm
Allowed OFDM Power Levels: -1 2 5 8 11 14 17
Allowed Client Power Levels: 2 5 8 11 14 17
ERP settings: short slot time.
Neighbors in non-erp mode:

****AP上的认证调试,****

第只新AP 的第一次安装使用，要加入ACS系统才能正常运作，

增加任何新手持设备也要加入ACS系统才能使用。

测试AP里的手持有否加入到ACS的认证上去。

如某手持MAC : 001570a311be

输入命令：

ASWAP532#test aaa g radius 001570a311be 001570a311be legacy

Attempting authentication test to server-group radius using radius

User was successfully authenticated. \\成功通过ACS验证。

反之：

ASWAP532#test aaa g radius 001570a411be 001570a411be legacy

Attempting authentication test to server-group radius using radius

User authentication request was rejected by server. \\未通过ACS验证，或者未在ACS系统注册。需前往https://10.66.10.30/ccmadmin/showHome.do 注册手持设备

发送评论 编辑评论

发送评论编辑评论