AP+AC配置,实现无线通信
本实验将实现AC的配置,AP上线,达到STA可以获得信号和IP地址,并实现通信。
AC:
AC作为无线控制器,负责AP的集中管理及WLAN用户的无线接入和安全控制。配置AC基本功能完成后,AP才可以与AC互通,从而进行后续的WLAN业务部署。
实验拓扑:
实验用到:两台交换机,一台PC,一台STA,以及AC(AC6005)+AP(AP6050)
实验配置:
1、先配置交换机接口和接口划分vlan
SW2:
[SW2]vlan batch 10 20 100
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]p
[SW2-Ethernet0/0/1]port l
[SW2-Ethernet0/0/1]port link-t
[SW2-Ethernet0/0/1]port link-type a
[SW2-Ethernet0/0/1]port link-type access
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]p
[SW2-GigabitEthernet0/0/2]port l
[SW2-GigabitEthernet0/0/2]port link-t
[SW2-GigabitEthernet0/0/2]port link-type t
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]p
[SW2-GigabitEthernet0/0/2]port t
[SW2-GigabitEthernet0/0/2]port trunk al
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 10 20
[SW2-GigabitEthernet0/0/2]port trunk pvid vlan 100
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port l
[SW2-GigabitEthernet0/0/1]port link-t
[SW2-GigabitEthernet0/0/1]port link-type t
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]p
[SW2-GigabitEthernet0/0/1]port t
[SW2-GigabitEthernet0/0/1]port trunk al
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 10 20SW2作为DHCP Sever :配置ip pool
dhcp enable
[Huawei]ip pool vlan10
Info:It's successful to create an IP address pool.
[Huawei-ip-pool-vlan10]
[Huawei-ip-pool-vlan10]
[Huawei-ip-pool-vlan10]ne
[Huawei-ip-pool-vlan10]net
[Huawei-ip-pool-vlan10]network 192.168.10.0 ma
[Huawei-ip-pool-vlan10]network 192.168.10.0 mask 255.255.255.0
[Huawei-ip-pool-vlan10]g
[Huawei-ip-pool-vlan10]gateway-list 192.168.10.254
[Huawei-ip-pool-vlan10]
[Huawei-ip-pool-vlan10]dn
[Huawei-ip-pool-vlan10]dns-list 8.8.8.8
[Huawei]ip pool vlan20
Info:It's successful to create an IP address pool.
[Huawei-ip-pool-vlan20]
[Huawei-ip-pool-vlan20]
[Huawei-ip-pool-vlan20]ne
[Huawei-ip-pool-vlan20]net
[Huawei-ip-pool-vlan20]network 192.168.20.0 ma
[Huawei-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[Huawei-ip-pool-vlan20]
[Huawei-ip-pool-vlan20]
[Huawei-ip-pool-vlan20]g
[Huawei-ip-pool-vlan20]gateway-list 192.168.20.254
[Huawei-ip-pool-vlan20]dn
[Huawei-ip-pool-vlan20]dns-list 8.8.8.8
[Huawei]ip pool vlan100
Info:It's successful to create an IP address pool.
[Huawei-ip-pool-vlan100]
[Huawei-ip-pool-vlan100]
[Huawei-ip-pool-vlan100]net
[Huawei-ip-pool-vlan100]network 192.168.100.0
[Huawei-ip-pool-vlan100]g
[Huawei-ip-pool-vlan100]gateway-list 192.168.100.254
[Huawei-ip-pool-vlan100]dn1
[Huawei-ip-pool-vlan100]dn
[Huawei-ip-pool-vlan100]dns-list 8.8.8.8
SW2上配置VLANIF地址作为网关地址:
并开启dhcp select global
[Huawei-Vlanif10]ip address 192.168.10.254 24
[Huawei-Vlanif10]dhcp select global
[Huawei-Vlanif20]ip address 192.168.20.254 24
[Huawei-Vlanif20]dhcp select global
[Huawei-Vlanif100]ip address 192.168.100.254 24
[Huawei-Vlanif100]dhcp select global检查PC和AP是否获得地址:
PC机开启DHCP
AP获得192.168.100.0 的地址:
配置AC
[AC6005]vlan 100
[AC6005-Vlanif100]ip address 192.168.100.1 24
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk al
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[AC6005]wlan
[AC6005-wlan-view]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]country-code cn
Info: The current country code is same with the input country code.
[AC6005-wlan-regulate-domain-default]q
[AC6005-wlan-view]ap-g
[AC6005-wlan-view]ap-group name ap-group1
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6005-wlan-ap-group-ap-group1]re
[AC6005-wlan-ap-group-ap-group1]regulatory-domain-profile name de
[AC6005-wlan-ap-group-ap-group1]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]q
[AC6005]capwap source interface vlanif 100
[AC6005]wlan
[AC6005-wlan-view]ap-id 0 ap-m
[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fc2d-0b40
[AC6005-wlan-ap-0]ap-n
[AC6005-wlan-ap-0]ap-name IT
[AC6005-wlan-ap-0]ap
[AC6005-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-ap-0]q
[AC6005-wlan-view]sec
[AC6005-wlan-view]security-profile name wlan
[AC6005-wlan-sec-prof-wlan]sec
[AC6005-wlan-sec-prof-wlan]security wp
[AC6005-wlan-sec-prof-wlan]security wpa-wp
[AC6005-wlan-sec-prof-wlan]security wpa-wpa2 psk
[AC6005-wlan-sec-prof-wlan]security wpa-wpa2 psk p
[AC6005-wlan-sec-prof-wlan]security wpa-wpa2 psk pass-phrase 88888888 aes
Warning: The current password is too simple. For the sake of security, you are advised to set a password containing at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters. Continue? [Y/N]:
[AC6005-wlan-sec-prof-wlan]q
[AC6005-wlan-view]ssidp
[AC6005-wlan-view]ssid
[AC6005-wlan-view]ssid-profile name IT
[AC6005-wlan-ssid-prof-IT]ssid IT
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-IT]q
[AC6005-wlan-view]
[AC6005-wlan-view]vap
[AC6005-wlan-view]vap-profile name IT
[AC6005-wlan-vap-prof-IT]forward-mode direct-forward
[AC6005-wlan-vap-prof-IT]service-vlan vlan
[AC6005-wlan-vap-prof-IT]service-vlan vlan-id 20
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]security-profile wlan
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]ssid-profile IT
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]q
[AC6005-wlan-view]
[AC6005-wlan-view]ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1]vap-
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1r
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1 r
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1 radio 1
接着开启STA
点击连接:输入密码:88888888
查看STA的IP获取情况:
并可以ping通PC地址:实现通信
至此,实验完成!
AC配置笔记:
1、创建域管理模板和国家码
wlan下:
Regulatory-domain-profile name default
Country-code cn
2、创建AP组
ap-group name ap-apgroup1
Regulatory-domain-profile name default
Capwap source interface vlanif 100
3、导入AP
wlan:
ap-id 0 ap-mac 地址
ap-name room1
Ap-group ap-group1
ap-id 1 ap-mac 地址
ap-name room2
Ap-group ap-group1
4、配置安全模板
wlan:
security-profile name wlan-sec
Security wpa-wpa2 psk pass-phrase 88888888 aes
5、配置SSID模板
wlan:
ssid-profile name HR
ssid HR
Ssid-profile name IT
Ssid IT
6、创建VAP模板
wlan:
vap-profile name HR
forward-mode direct-forward
service-vlan vlan-id 30
security-prodile wlan-sec
ssid-profile HR
vap-profile name IT
forward-mode direct-forward
service-vlan vlan-id 40
security-prodile wlan-sec
ssid-profile IT
7.配置AP组引用vap模板射频0和1都使用VAP模板
wlan:
ap-group name ap-group1
Vap-profile HR wlan 1 radio 0
Vap-profile HR wlan 1 radio 1
Vap-profile I T wlan 2 radio 0
Vap-profile I T wlan 2 radio 1