1、基本概念
无线局域网WLAN(Wireless Local Area Network)广义上是指以无线电波、激光、红外线等来代替有线局域网中的部分或全部传输介质所构成的网络
WLAN技术是基于802.11标准系列的,即利用高频信号(例如2.4GHz或5GHz)作为传输介质的无线局域网
华为WLAN业务的基本概念:
工作站STA(Station):支持802.11标准的终端设备。例如带无线网卡的电脑、支持WLAN的手机等
无线控制器AC(Access Controller):在集中式网络架构中,AC对无线局域网中的所有AP进行控制和管理。例如,AC可以通过与认证服务器交互信息来为WLAN用户提供认证服务
接入点AP(Access Point):为STA提供基于802.11标准的无线接入服务,起到有线网络和无线网络的桥接作用
瘦接入点FIT AP(FIT Access Point):在集中式网络架构的瘦接入点(FIT AP)架构中提供STA的无线接入服务,区别于传统的FAT AP,只提供可靠、高性能的无线连接功能,其他的增强功能统一在AC上集中配置
中心AP(Central Access Point):在集中式网络架构的敏捷分布Wi-Fi方案架构中,中心AP代理AC分担对RU的集中管理和协同功能,如STA上线、配置下发、RU之间的STA漫游。
远端单元RU(Remote unit):在集中式网络架构的敏捷分布Wi-Fi方案架构中,远端单元作为中心AP的远端射频模块,负责空口802.11报文的收发
无线接入点控制与规范CAPWAP(Control And Provisioning of Wireless Access Points):由RFC5415协议定义的,实现AP和AC之间的互通的一个通用封装和传输机制
射频信号:提供基于802.11标准的WLAN技术的传输介质,是具有远距离传输能力的高频电磁波。本文指的射频信号是2.4G或5G频段的电磁波。
虚拟接入点VAP(Virtual Access Point):是AP设备上虚拟出来的业务功能实体。用户可以在一个AP上创建不同的VAP来为不同的用户群体提供无线接入服务。
服务集标识符SSID(Service Set Identifier):表示无线网络的标识,用来区分不同的无线网络。例如,当我们在笔记本电脑上搜索可接入无线网络时,显示出来的网络名称就是SSID
2、配置直连二层组网隧道转发
(1)拓扑图
(2)配置参数规划
配置项 | 用途 | 数据 |
---|---|---|
AP管理VLAN | AC与AP通信VLAN | VLAN10 |
STA业务VLAN | STA用户上网通信VLAN | VLAN100 |
DHCP服务器 | 分发IP地址 | AC作为DHCP为AP和STA分配IP地址 |
AP地址池 | AP分发的IP地址池 | 10.0.0.2-10.0.0.254/24 |
STA地址池 | STA分发的IP地址池 | 100.0.0.3-100.0.0.254/24 |
CAPWAP地址 |
AP与AC通用的封装和传输机制 | VLANIF10:10.0.0.1/24 |
AP组 | 实现多AP统一管理配置 | ap-group1 引用模板:VAP模板wlan-vap、域管理模板default 射频模板wlan-radio2g/wlan-radio5g |
域管理模板 | 提供对AP的国家码,调优信道集合和调优带宽 | default 国家码:cn |
SSID | 配置无线网络名称SSID名称 |
wlan-ssid SSID名称:test_wifi |
安全模板 | 配置WLAN安全策略,对终端进行身份认证 | wlan-security 安全策略:PWA-WPA2 PSK AES SSID密码:abc123456 |
VAP模板 | 为STA提供无线接入服务 | wlan-vap 转发模式:隧道模式 业务VLAN:VLAN100 引用模板:SSID:wlan-ssid 安全模板:wlan-security |
射频模板 | 用于优化射频参数,提供信道切换业务不中断功能 | wlan-radio2g/wlan-radio5g 引用模板:RRM模板:wlan-rrm |
RRM模板 |
动态添加射频资源来使用无线信号的环境变化,调整无线信号覆盖范围和降低射频信号干扰 |
wlan-rrm 智能漫游信噪比30和速率百分比30 |
(3)操作步骤
R1路由器:配置GE 0/0/1接口为交换接口并添加VLAN100将接口加入VLAN100,VLANIF100地址100.0.0.1/24,此地址为STA终端的网关地址
undo terminal monitor #不显示日志 system-view [Huawei]sysname R1 [R1]user-interface console 0 [R1-ui-console0]idle-timeout 0 0 #不超时 [R1-ui-console0]quit [R1]vlan batch 100 [R1]interface Vlanif 100 [R1-Vlanif100]ip address 100.0.0.1 24 [R1-Vlanif100]undo shutdown [R1-Vlanif100]quit [R1]interface GigabitEthernet 0/0/1 [R1-GigabitEthernet0/0/1]portswitch #转换为交换接口 [R1-GigabitEthernet0/0/1]port link-type trunk #trunk模式 [R1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 #加入vlan [R1-GigabitEthernet0/0/1]quit
switch交换机:配置接口为trunk,配置GE0/0/2和GE0/0/3缺省VLAN为VLAN 10,并将接口加入到VLAN 10
[Switch]vlan batch 10 [Switch]interface GigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1]port link-type trunk [Switch-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 [Switch-GigabitEthernet0/0/1]quit [Switch]port-group 1 #创建端口组 [Switch-port-group-1]group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 #加入端口 [Switch-GigabitEthernet0/0/3]port link-type trunk #配置接口模板trunk [Switch-port-group-1]port trunk pvid vlan 10 #缺省VLAN [Switch-port-group-1]port trunk allow-pass vlan 10 #加入VLAN [Switch-port-group-1]port-isolate enable #开启端口过滤 [Switch-port-group-1]quit
AC配置网络互通:
[AC]vlan batch 10 100 [AC]interface GigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1]port link-type trunk [AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 [AC-GigabitEthernet0/0/1]quit [AC]interface GigabitEthernet 0/0/2 [AC-GigabitEthernet0/0/2]port link-type trunk [AC-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 [AC-GigabitEthernet0/0/2]quit
AC配置DHCP服务器:VLANIF10分发AP的IP地址,VLANIF100分发STA的IP地址
[AC]interface Vlanif 10 [AC-Vlanif10]ip address 10.0.0.1 24 [AC-Vlanif10]dhcp select interface [AC-Vlanif10]quit [AC]interface Vlanif 100 [AC-Vlanif100]ip address 100.0.0.2 24 [AC-Vlanif100]dhcp select interface #接口地址池 [AC-Vlanif100]dhcp server gateway-list 100.0.0.1 #STA业务网关地址 [AC-Vlanif100]dhcp server dns-list 8.8.8.8 [AC-Vlanif100]quit [AC]ip route-static 0.0.0.0 0.0.0.0 100.0.0.1 #默认路由
AC配置AP上线:
配置AC的源接口CAPWAP
[AC]capwap source interface Vlanif 10
创建AP组:
[AC]wlan [AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]quit
创建域管理模板:
[AC-wlan-view]regulatory-domain-profile name default [AC-wlan-regulate-domain-default]country-code cn [AC-wlan-regulate-domain-default]quit [AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]regulatory-domain-profile default #将域管理模板加入到AP组中 Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-group1]quit
创建SSID模板:
[AC-wlan-view]ssid-profile name wlan-ssid [AC-wlan-ssid-prof-vlan-ssid]ssid test_wifi [AC-wlan-ssid-prof-vlan-ssid]quit
创建安全模板:
[AC-wlan-view]security-profile name wlan-security [AC-wlan-sec-prof-wlan-security]security wpa-wpa2 psk pass-phrase abc123456 aes [AC-wlan-sec-prof-wlan-security]quit
创建VAP模板:
[AC-wlan-view]vap-profile name wlan-vap [AC-wlan-vap-prof-wlan-vap]forward-mode tunnel [AC-wlan-vap-prof-wlan-vap]service-vlan vlan-id 100 [AC-wlan-vap-prof-wlan-vap]security-profile wlan-security [AC-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid [AC-wlan-vap-prof-wlan-vap]quit
配置AP组引用VAP模板,并在射频0和1上引用VAP模板
[AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 0 [AC-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 1 [AC-wlan-ap-group-ap-group1]quit
#配置AP上线:
[AC-wlan-view]display unauthorized-ap record #查看未确认上线AP [AC-wlan-view]ap-confirm all #将所有AP上线 [AC-wlan-view]display ap all #显示所有上线AP [AC-wlan-view]ap-id 0 #进入AP视图 [AC-wlan-ap-0]ap-name area_1 [AC-wlan-ap-0]ap-group ap-group1 #将AP加入到组 [AC-wlan-ap-0]quit [AC-wlan-view]ap-id 1 [AC-wlan-ap-1]ap-name area_2 [AC-wlan-ap-1]ap-group ap-group1 [AC-wlan-ap-1]quit
创建RRM模板:
[AC-wlan-view]rrm-profile name wlan-rrm [AC-wlan-rrm-prof-wlan-rrm]smart-roam enable [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold check-snr check-rate [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold snr 30 [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold rate 30 [AC-wlan-rrm-prof-wlan-rrm]quit
创建2G射频模板:并引用RRM模板
[AC-wlan-view]radio-2g-profile name wlan-radio2g [AC-wlan-radio-2g-prof-wlan-radio2g]rrm-profile wlan-rrm [AC-wlan-radio-2g-prof-wlan-radio2g]quit
创建5G射频模板:并引用RRM模板
[AC-wlan-view]radio-5g-profile name wlan-radio5g [AC-wlan-radio-5g-prof-wlan-radio5g]rrm-profile wlan-rrm [AC-wlan-radio-5g-prof-wlan-radio5g]quit
在AP组中引用2G和5G模板
[AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio 0 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group1]radio-5g-profile wlan-radio5g radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group1]quit
验证结果:
查看VAP射频模板应用
display vap all Info: This operation may take a few seconds, please wait. WID : WLAN ID ------------------------------------------------------------------------------ AP ID AP name RfID WID BSSID Status Auth type STA SSID ------------------------------------------------------------------------------ 0 area_1 0 1 00E0-FC51-74B0 ON WPA/WPA2-PSK 0 test_wifi 0 area_1 1 1 00E0-FC51-74C0 ON WPA/WPA2-PSK 0 test_wifi 1 area_2 0 1 00E0-FC1D-1390 ON WPA/WPA2-PSK 0 test_wifi 1 area_2 1 1 00E0-FC1D-13A0 ON WPA/WPA2-PSK 0 test_wifi ------------------------------------------------------------------------------ Total: 4
查看已连接的STA客户端
[AC]display station ssid test_wifi Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) -------------------------------------------------------------------------------- --------- STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP a ddress -------------------------------------------------------------------------------- --------- 5489-9875-54a4 1 area_2 0/1 2.4G - -/- - 100 100. 0.0.21 5489-988d-6dc9 0 area_1 1/1 5G 11a 0/0 - 100 100. 0.0.90 -------------------------------------------------------------------------------- --------- Total: 2 2.4G: 1 5G: 1
查看智能漫游配置
[AC]display rrm-profile name wlan-rrm ------------------------------------------------------------ ...... Smart-roam : enable Smart-roam check SNR : enable Smart-roam standing SNR threshold(dB) : 30 Smart-roam SNR quick-kickoff-threshold(dB) : 15 Smart-roam check rate : enable AMC policy : auto-balance Smart-roam rate threshold(%) : 30 Smart-roam rate quick-kickoff-threshold(%) : 20 Smart-roam high level SNR margin(dB) : 15 Smart-roam low level SNR margin(dB) : 6 Smart-roam SNR check interval(s) : 3 Smart-roam unable roam client expire time(m) : 120 Zero-roam roam check high threshold : 40 Zero-roam roam check low threshold : 35 Zero-roam roam check interval(ms) : 700 Zero-roam report interval(ms) : 400 ------------------------------------------------------------
结果截图: