华为无线AC配置实例-华为3层ac旁挂+直接转发

二话不说,直接上图,三层旁挂,用lo2.2.2.2,作为capwap隧道接口

华为无线AC配置实例-华为3层ac旁挂+直接转发_第1张图片

核心交换机创建vlan和vlanif接口

system-view

[Huawei]sysname sw1

[sw1]interface Vlanif 10

[sw1-Vlanif10]ip address 192.168.1.1 24  #与ar互联地址

[sw1-Vlanif10]q

[sw1]int vlanif 172

[sw1-Vlanif172]ip add 172.16.100.1 22   # 业务vlan

[sw1-Vlanif172]q

[sw1]interface Vlanif 101

[sw1-Vlanif101]ip ad 10.1.12.1 24       #与AC相连地址

[sw1]interface Vlanif 100

[sw1-Vlanif100]ip address 10.1.10.1 22  #给AP分配地址

配置接口VLAN

[sw1]interface GigabitEthernet 0/0/1

[sw1-GigabitEthernet0/0/1]port link-type access

[sw1-GigabitEthernet0/0/1]port default vlan 10  #与路由器互联

[sw1-GigabitEthernet0/0/1]int g0/0/2

[sw1-GigabitEthernet0/0/2]port link-type trunk

[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 101 172 

#与AC互联

[sw1]interface GigabitEthernet 0/0/3

[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 172 

#与接入交换机互联

[sw1-GigabitEthernet0/0/3]q

接入交换配置

system-view

[sw2]vlan batch 100 172

Info: This operation may take a few seconds. Please wait for a moment...done.

[sw2]interface Eth0/0/3

[sw2-Ethernet0/0/3]port link-type trunk      

[sw2-Ethernet0/0/3]port trunk allow-pass vlan 100 172  #放行所有

[sw2-Ethernet0/0/3]int e 0/0/1

[sw2-Ethernet0/0/1]port link-type trunk

[sw2-Ethernet0/0/1]port trunk allow-pass vlan 100 172   #放行ap和业务vlan

[sw2-Ethernet0/0/1]port trunk pvid vlan 100   #分配默认接口

[sw2]interface Eth0/0/2

[sw2-Ethernet0/0/2]port link-type trunk

[sw2-Ethernet0/0/2]port trunk allow-pass vlan 100 172

[sw2-Ethernet0/0/2]port trunk pvid vlan 100     #同上

AC基础配置;

sy

system-view

Enter system view, return user view with Ctrl+Z.

[AC6005]vlan batch 101 172

[AC6005]interface Vlanif 101

[AC6005-Vlanif101]ip address 10.1.12.2 24

[AC6005]interface LoopBack 0

[AC6005-LoopBack0]ip address 2.2.2.2 32     #创建环回口作为CAPWAP隧道源接口

[AC6005]interface GigabitEthernet 0/0/2

[AC6005-GigabitEthernet0/0/2]port link-type trunk

[AC6005-GigabitEthernet0/0/2]port trunk allow-pass vlan 101 172

#放通AC与核心互通的vlan   是否可以用ACCESS 未作实验 读者可以试试。

[AC6005-GigabitEthernet0/0/2]q

[AC6005]ping 10.1.12.1

  PING 10.1.12.1: 56  data bytes, press CTRL_C to break

    Reply from 10.1.12.1: bytes=56 Sequence=1 ttl=255 time=130 ms

#测试直连接口互通,验证配置

路由器配置

sy

system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]sysname ar1

[ar1]interface GigabitEthernet 0/0/1

[ar1-GigabitEthernet0/0/1]ip address 192.168.1.3 24

[ar1-GigabitEthernet0/0/1]q

[ar1]interface LoopBack 0

[ar1-LoopBack0]ip address 1.1.1.1 32    #假设运营商外网

[ar1-LoopBack0]q

[ar1]ping 192.168.1.1             #测试直连是否互通

  PING 192.168.1.1: 56  data bytes, press CTRL_C to break

    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=100 ms

写回传路由,因172.16.100是业务地址

[ar1]ip route-static 172.16.100.0 255.255.252.0 192.168.1.1 

#外网回传路由

核心交换机静态路由配置

[sw1]ip route-static 2.2.2.2 32 10.1.12.2     #通往AC的静态路由

[sw1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.3  #外网出口路由

[sw1]ping -a 172.16.100.1 1.1.1.1                #测试网关是否能通外网

  PING 1.1.1.1: 56  data bytes, press CTRL_C to break

    Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms

AC路由配置

[AC6005]ip route-static 0.0.0.0 0.0.0.0 10.1.12.1  

#AC出口路由和AC与ap的路由

[AC6005]ping -a 2.2.2.2 172.16.100.1

  PING 172.16.100.1: 56  data bytes, press CTRL_C to break

    Reply from 172.16.100.1: bytes=56 Sequence=1 ttl=255 time=30 ms

    Reply from 172.16.100.1: bytes=56 Sequence=2 ttl=255 time=10 ms

[AC6005]ping -a 2.2.2.2 10.1.10.1

  PING 10.1.10.1: 56  data bytes, press CTRL_C to break

    Reply from 10.1.10.1: bytes=56 Sequence=1 ttl=255 time=10 ms

[AC6005]ping -a 2.2.2.2 1.1.1.1   

  PING 1.1.1.1: 56  data bytes, press CTRL_C to break

    Request time out

  --- 1.1.1.1 ping statistics ---

    1 packet(s) transmitted

    0 packet(s) received

    100.00% packet loss

#这里没通是因为只有出去没回程路由,需要在AR1上写条

Ip-route-static 2.2.2.2 255.255.255.255 192.168.1.1  即可互通

创建地址池

[sw1]ip pool vlan172     #创建业务地址池

Info:It's successful to create an IP address pool.

[sw1-ip-pool-vlan172]gateway-list 172.16.100.1

[sw1-ip-pool-vlan172]network 172.16.100.0 mask  22

[sw1-ip-pool-vlan172]excluded-ip-address 172.16.100.2 172.16.100.200

[sw1-ip-pool-vlan172]lease day 0 hour 4

[sw1-ip-pool-vlan172]dns-list 114.114.114.114

[sw1-ip-pool-vlan172]q

[sw1]ip pool vlan100      #创建ap地址池

Info:It's successful to create an IP address pool.

[sw1-ip-pool-vlan100]gateway-list 10.1.10.1

[sw1-ip-pool-vlan100]network 10.1.10.0 mask 22

[sw1-ip-pool-vlan100]option 43 sub-option 3 ascii 2.2.2.2  

#三层地址,需要指定option 43 并指定源接口 2.2.2.2

使能DHCP功能

[sw1]dhcp enable

[sw1]interface Vlanif 172

[sw1-Vlanif172]dhcp select global       #使能全局模式

[sw1]interface Vlanif 100

[sw1-Vlanif100]dhcp select global        #使能全局模式

[sw1]ping -a 10.1.10.1 2.2.2.2

  PING 2.2.2.2: 56  data bytes, press CTRL_C to break

    Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms

    Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms

开始AP上线配置

#指定capwap隧道接口为lo0

[AC6005]capwap source interface LoopBack 0

创建AP组

[AC6005-wlan-view]ap-group name zhuzige

Info: This operation may take a few seconds. Please wait for a moment.done.

[AC6005-wlan-view]ap auth-mode mac-auth   #3中AP认证方式,不认证,mac认证,SN号认证

[AC6005-wlan-view]ap-mac 00E0-FCAA-19E0 #这条命令可以用ap ap-id x ap-mac   xxxx-xxxx-xxxx   用于指定ap的编号,方便于CAD布点图纸对应

[AC6005-wlan-ap-0]ap-name fool-1    #编写AP的名字

[AC6005-wlan-ap-0]display this

#

  ap-name fool-1

[AC6005-wlan-ap-0]ap-group zhuzige   #加入AP组方便对组进行调用,如手动设置配置VIP区域

Warning: This operation may cause AP reset. If the country code changes, it will

 clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6005-wlan-ap-0]q

[AC6005-wlan-view]ap-mac 00E0-FC0A-2590

[AC6005-wlan-ap-1]ap-name fool-2

[AC6005-wlan-ap-1]ap-group zhuzige

Warning: This operation may cause AP reset. If the country code changes, it will

 clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6005]dis ap all  #查看AP组是否在线

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

idle : idle            [1]

nor  : normal          [1]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige -           -               idle  0   -

1    00e0-fc0a-2590 fool-2 zhuzige -           -               idle   0  -

--------------------------------------------------------------------------------

----------

Total: 2

该处实验半天没出结果,怀疑是没得到免费的ARP原因排查了很久,刚开始怀疑DHCP没有使能成功,但用模拟器PC发现能获取到地址,排除了DHCP问题。

[sw1]display ip pool name vlan100

  Pool-name      : vlan100

  Pool-No        : 1

  Lease          : 1 Days 0 Hours 0 Minutes

  Domain-name    : -

  Option-code    : 43

  Option-subcode : 3

  Option-type    : ascii

  Option-value   : 2.2.2.2

  DNS-server0    : -               

  NBNS-server0   : -               

  Netbios-type   : -               

  Position       : Local           Status           : Unlocked

  Gateway-0      : 10.1.10.1       

  Mask           : 255.255.252.0

  VPN instance   : --

 -----------------------------------------------------------------------------

         Start           End     Total  Used  Idle(Expired)  Conflict  Disable

 -----------------------------------------------------------------------------

        10.1.8.1     10.1.11.254  1021     3       1018(0)         0        0

最后用ping命令试试了DHCP分配出去后的地址,结果又通了,不知道是否ENSP的原因?

[AC6005]ping -a 2.2.2.2 10.1.11.253

  PING 10.1.11.253: 56  data bytes, press CTRL_C to break

    Request time out

    Request time out

    Request time out

    Reply from 10.1.11.253: bytes=56 Sequence=4 ttl=254 time=60 ms

  --- 10.1.11.253 ping statistics ---

    4 packet(s) transmitted

    1 packet(s) received

    75.00% packet loss

    round-trip min/avg/max = 60/60/60 ms

[AC6005]ping -a 2.2.2.2 10.1.11.252

  PING 10.1.11.252: 56  data bytes, press CTRL_C to break

    Reply from 10.1.11.252: bytes=56 Sequence=1 ttl=127 time=60 ms

    Reply from 10.1.11.252: bytes=56 Sequence=2 ttl=127 time=60 ms

    Reply from 10.1.11.252: bytes=56 Sequence=3 ttl=127 time=60 ms

  --- 10.1.11.252 ping statistics ---

    3 packet(s) transmitted

    3 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 60/60/60 ms

  --- 10.1.11.251 ping statistics ---

    5 packet(s) transmitted

    0 packet(s) received

    100.00% packet loss

[AC6005]ping -a 2.2.2.2 10.1.11.254

  PING 10.1.11.254: 56  data bytes, press CTRL_C to break

    Request time out

    Reply from 10.1.11.254: bytes=56 Sequence=2 ttl=254 time=60 ms

    Reply from 10.1.11.254: bytes=56 Sequence=3 ttl=254 time=60 ms

    Reply from 10.1.11.254: bytes=56 Sequence=4 ttl=254 time=70 ms

  --- 10.1.11.254 ping statistics ---

    4 packet(s) transmitted

    3 packet(s) received

    25.00% packet loss

    round-trip min/avg/max = 60/63/70 ms

如情况 AP上线了 ,NOR状态

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

idle : idle            [1]

nor  : normal          [1]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige -           -               idle  0   -

1    00e0-fc0a-2590 fool-2 zhuzige 10.1.11.253 AP4030TN        nor   0   11S

--------------------------------------------------------------------------------

----------

Total: 2

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

nor  : normal          [2]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige 10.1.11.254 AP4030TN        nor   0   4S

1    00e0-fc0a-2590 fool-2 zhuzige 10.1.11.253 AP4030TN        nor   0   20S

--------------------------------------------------------------------------------

----------

Total: 2

[AC6005]

 -----------------------------------------------------------------------------

开始管理模板

先创建VAP模板

[AC6005-wlan-view]vap-profile name zhuzige

创建安全模板

[AC6005-wlan-view]security-profile name zhuzige

[AC6005-wlan-sec-prof-zhuzige]security wpa-wpa2 psk pass-phrase zhuzige123 aes

#采用预配密码的方式进行加密aes传输

#创建SSid模板

[AC6005-wlan-view]ssid-profile name zhuzige

[AC6005-wlan-ssid-prof-zhuzige]ssid zhuzige

在vap模板下引入 安全模板和ssid模板

[AC6005-wlan-view]vap-profile name zhuzige

[AC6005-wlan-vap-prof-zhuzige]security-profile zhuzige

[AC6005-wlan-vap-prof-zhuzige]ssid-profile zhuzige

[AC6005-wlan-vap-prof-zhuzige]display this

#

  ssid-profile zhuzige

  security-profile zhuzige

华为无线AC配置实例-华为3层ac旁挂+直接转发_第2张图片

在VAP模板下设置转发方式和转发VLAN

[AC6005-wlan-view]vap-profile name zhuzige

[AC6005-wlan-vap-prof-zhuzige]service-vlan vlan-id 172

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-zhuzige]forward-mode direct-forward

[AC6005-wlan-vap-prof-zhuzige]display this

#

  service-vlan vlan-id 172

  ssid-profile zhuzige

  security-profile zhuzige

#

Return

创建域管理模板,设置国家射频信号。

[AC6005-wlan-view]regulatory-domain-profile name zhuzige

[AC6005-wlan-regulate-domain-zhuzige]country-code CN

Info: The current country code is same with the input country code.

进入AP组

[AC6005-wlan-view]ap-group name zhuzige

[AC6005-wlan-ap-group-zhuzige]regulatory-domain-profile zhuzige  #引入域管理模板

Warning: Modifying the country code will clear channel, power and antenna gain c

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC6005-wlan-ap-group-zhuzige]vap-profile zhuzige wlan 1 radio all  #引入vap模板 并开启双频信号

[AC6005-wlan-ap-group-zhuzige]Info: This operation may take a few seconds, please wait...done.

[AC6005-wlan-view]display vap ssid zhuzige   #查看ap是否发出信号。

 华为无线AC配置实例-华为3层ac旁挂+直接转发_第3张图片

检验STA 网络是否正常华为无线AC配置实例-华为3层ac旁挂+直接转发_第4张图片 

检查AP信号是否密码正确

华为无线AC配置实例-华为3层ac旁挂+直接转发_第5张图片

你可能感兴趣的:(华为,网络)