实验topo
配置思路
1. 配置有线网络侧互联互通
2. 配置AP上线。
(1)创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
(2)配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
(3)配置AP上线的认证方式并离线导入AP,实现AP正常上线。
3. 配置WLAN业务参数并下发给AP,实现STA访问WLAN网络功能。
AC1
[AC6605]sys AC1 //修改名称
[AC1]undo in e //关闭提示
Info: Information center is disabled.
S1
[Huawei]sys S1
[S1]undo in e
Info: Information center is disabled.
S2
[Huawei]sys S2
[S2]undo in e
Info: Information center is disabled.
S3
[Huawei]sys S3
[S3]undo in e
Info: Information center is disabled.
2.1VLAN配置
S1
[S1]vlan batch 100 101 //创建两个VLAN100和VLAN101
[S1]int g0/0/1 //进入g0/0/1接口
[S1-GigabitEthernet0/0/1]port link-type trunk //设置接口类型
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101 //设置接口允许的VLAN100 101通过
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2] port link-type trunk
[S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 101
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3] port link-type trunk
[S1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 101
AC1
[AC1]vlan batch 100 101
[AC1]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
S2
[S2]vlan batch 100 101
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S2-GigabitEthernet0/0/1]port trunk pvid vlan 100 //打上VLAN100的标签
S3
[S3]vlan batch 100 101
[S3]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[S3-GigabitEthernet0/0/2]int g0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S3-GigabitEthernet0/0/1]port trunk pvid vlan 100
2.2配置接口地址
S1
[S1]int vlan101 //进入到VLAN101接口
[S1-Vlanif101]ip add 192.168.101.254 24 //配置IP地址为STA的网关
AC1
[AC1]int vlan 100
[AC1-Vlanif100]ip add 192.168.100.254 24
2.3DHCP配置
S1
[S1]dhcp enable //开启DHCP功能
Info: The operation may take a few seconds. Please wait for a moment.done.
[S1]ip pool sta //创建STA接入时所使用的IP地址池
Info:It's successful to create an IP address pool.
[S1-ip-pool-sta]network 192.168.101.0 mask 24 //dhcp所分配的网段
[S1-ip-pool-sta]gateway-list 192.168.101.254 //dhcp所分配的网关
[S1-ip-pool-sta]int vlan 101 //进入到接口VLAN101
[S1-Vlanif101]dhcp select global //配置dhcp下发模式为全局模式
AC1
[AC1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC1]ip pool ap
Info: It is successful to create an IP address pool.
[AC1-ip-pool-ap]network 192.168.100.0 mask 24
[AC1-ip-pool-ap]gateway-list 192.168.100.254
[AC1-ip-pool-ap]int vlan 100
[AC1-Vlanif100]dhcp select global
3.1创建名为ap-group1的AP组
AC1
[AC1]wlan //进入WLAN视图
[AC1-wlan-view]ap-group name ap-group1 //配置组名
3.2创建域管理模板,在域管理模板下配置AC的国家码
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name default //创建的域管理模板名字为default
[AC1-wlan-regulate-domain-default]country-code cn //配置AC的国家码,cn为China的缩写
Info: The current country code is same with the input country code.
3.3在AP组下引用域管理模板
[AC1]wlan
[AC1-wlan-view]ap-group name ap-group1 //进入到AP组ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile default //引用域管理模板default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
3.4配置AC建立CAPWAP隧道的源接口
[AC1]capwap source interface Vlanif 100 //配置AC建立CAPWAP隧道使用的接口,作为AC的源接口,用于AC和AP间建立CAPWAP隧道通信。
3.5 在AC上离线导入AP,并将AP加入配置好的AP组“ap-group1”中。
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth //设置AP的认证模式为MAC认证
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fcb1-66b0 //绑定ap的mac地址
[AC1-wlan-ap-1]ap-name ap1 //配置AP的名字
[AC1-wlan-ap-1]ap-group ap-group1 //将AP加入到 ap-group1 组中
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fcab-2720
[AC1-wlan-ap-0]ap-name ap2
[AC1-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
3.5查看当前的AP信息
[AC1-wlan-view]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
---------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
---------------------------------------------------------------------------------------------------------
0 00e0-fcab-2720 ap2 ap-group1 192.168.100.222 AP2050DN nor 0 1S
1 00e0-fcb1-66b0 ap1 ap-group1 192.168.100.8 AP2050DN nor 0 11M:22S
---------------------------------------------------------------------------------------------------------
Total: 2
4.1创建名为“huawei-wlan”的安全模板,并配置安全策略
[AC1-wlan-view]security-profile name huawei-wlan //安全模板名为huawei-wlan
[AC1-wlan-sec-prof-huawei-wlan]security wpa-wpa2 psk pass-phrase huawei123 aes //当前使用WPA和WPA2混合方式,用户终端使用WPA或WPA2都可以进行认证。预共享秘钥(PSK)为huawei123。通过AES加密算法加密用户数据
4.2创建名为“huawei-wlan”的SSID模板,并配置SSID名称为“huawei-wlan”。
[AC1-wlan-view]ssid-profile name huawei-wlan //创建名为“huawei-wlan”的SSID模板
[AC1-wlan-ssid-prof-huawei-wlan]ssid huawei-wlan //配置SSID名称为“huawei-wlan”
Info: This operation may take a few seconds, please wait.done.
4.3创建名为“huawei-wlan”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC1-wlan-view]vap-profile name huawei-wlan //创建名为“huawei-wlan”的VAP模板
[AC1-wlan-vap-prof-huawei-wlan]forward-mode direct-forward //配置业务数据转发模式为直接转发
[AC1-wlan-vap-prof-huawei-wlan]service-vlan vlan-id 101 //配置业务VLAN为VLAN101
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-huawei-wlan]security-profile huawei-wlan
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-huawei-wlan]ssid-profile huawei-wlan
Info: This operation may take a few seconds, please wait.done.
4.4配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“huawei-wlan”的配置。
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile huawei-wlan wlan 1 radio all //配置AP上射频0和射频1都使用VAP模板“huawei-wlan”的配置
Info: This operation may take a few seconds, please wait...done.