WLAN的配置

实验topo

WLAN的配置_第1张图片

配置思路

1. 配置有线网络侧互联互通

2. 配置AP上线。

(1)创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。

(2)配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。

(3)配置AP上线的认证方式并离线导入AP,实现AP正常上线。

3. 配置WLAN业务参数并下发给AP,实现STA访问WLAN网络功能。

1.设备命名

AC1

[AC6605]sys AC1  //修改名称

[AC1]undo in e //关闭提示

Info: Information center is disabled.

S1

[Huawei]sys S1 

[S1]undo in e

Info: Information center is disabled.

S2

[Huawei]sys S2

[S2]undo in e

Info: Information center is disabled.

S3

[Huawei]sys S3

[S3]undo in e

Info: Information center is disabled.

2.有线侧网络配置

2.1VLAN配置

S1

[S1]vlan batch 100 101  //创建两个VLAN100和VLAN101

[S1]int g0/0/1  //进入g0/0/1接口

[S1-GigabitEthernet0/0/1]port link-type trunk  //设置接口类型

[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101  //设置接口允许的VLAN100 101通过

[S1-GigabitEthernet0/0/1]int g0/0/2

[S1-GigabitEthernet0/0/2] port link-type trunk

[S1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 101

[S1-GigabitEthernet0/0/2]int g0/0/3

[S1-GigabitEthernet0/0/3] port link-type trunk

[S1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 101

AC1

[AC1]vlan batch 100 101

[AC1]int g0/0/1

[AC1-GigabitEthernet0/0/1]port link-type trunk

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

S2

[S2]vlan batch 100 101

[S2]int g0/0/2

[S2-GigabitEthernet0/0/2]port link-type  trunk 

[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[S2-GigabitEthernet0/0/1]port link-type trunk 

[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

[S2-GigabitEthernet0/0/1]port trunk pvid vlan 100 //打上VLAN100的标签

S3

[S3]vlan batch 100 101

[S3]int g0/0/2

[S3-GigabitEthernet0/0/2]port link-type trunk 

[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101

[S3-GigabitEthernet0/0/2]int g0/0/1 

[S3-GigabitEthernet0/0/1]port link-type trunk

[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

[S3-GigabitEthernet0/0/1]port trunk  pvid vlan 100

2.2配置接口地址

S1

[S1]int vlan101 //进入到VLAN101接口

[S1-Vlanif101]ip add 192.168.101.254 24  //配置IP地址为STA的网关

AC1

[AC1]int vlan 100 

[AC1-Vlanif100]ip add 192.168.100.254 24

2.3DHCP配置

 S1

[S1]dhcp enable  //开启DHCP功能
Info: The operation may take a few seconds. Please wait for a moment.done.

[S1]ip pool sta //创建STA接入时所使用的IP地址池
Info:It's successful to create an IP address pool.

[S1-ip-pool-sta]network 192.168.101.0 mask 24  //dhcp所分配的网段

[S1-ip-pool-sta]gateway-list 192.168.101.254   //dhcp所分配的网关

[S1-ip-pool-sta]int vlan 101 //进入到接口VLAN101

[S1-Vlanif101]dhcp select global //配置dhcp下发模式为全局模式

AC1

[AC1]dhcp enable  
Info: The operation may take a few seconds. Please wait for a moment.done.

[AC1]ip pool ap
Info: It is successful to create an IP address pool.

[AC1-ip-pool-ap]network 192.168.100.0 mask 24

[AC1-ip-pool-ap]gateway-list 192.168.100.254 

[AC1-ip-pool-ap]int vlan 100

[AC1-Vlanif100]dhcp select global 

3.配置AP上线

3.1创建名为ap-group1的AP组

AC1

[AC1]wlan  //进入WLAN视图

[AC1-wlan-view]ap-group name ap-group1  //配置组名

3.2创建域管理模板,在域管理模板下配置AC的国家码

[AC1]wlan 

[AC1-wlan-view]regulatory-domain-profile name  default  //创建的域管理模板名字为default

[AC1-wlan-regulate-domain-default]country-code cn  //配置AC的国家码,cn为China的缩写
Info: The current country code is same with the input country code.

3.3在AP组下引用域管理模板 

[AC1]wlan 

[AC1-wlan-view]ap-group name ap-group1 //进入到AP组ap-group1

[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile default  //引用域管理模板default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y

3.4配置AC建立CAPWAP隧道的源接口

[AC1]capwap source interface Vlanif 100  //配置AC建立CAPWAP隧道使用的接口,作为AC的源接口,用于AC和AP间建立CAPWAP隧道通信。

3.5 在AC上离线导入AP,并将AP加入配置好的AP组“ap-group1”中。

[AC1]wlan 

[AC1-wlan-view]ap auth-mode mac-auth  //设置AP的认证模式为MAC认证

[AC1-wlan-view]ap-id 1 ap-mac 00e0-fcb1-66b0 //绑定ap的mac地址

[AC1-wlan-ap-1]ap-name ap1 //配置AP的名字

[AC1-wlan-ap-1]ap-group ap-group1  //将AP加入到 ap-group1 组中
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC1-wlan-view]ap-id 0 ap-mac 00e0-fcab-2720

[AC1-wlan-ap-0]ap-name ap2

[AC1-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.

3.5查看当前的AP信息

[AC1-wlan-view]dis ap all  
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
---------------------------------------------------------------------------------------------------------
ID   MAC            Name           Group     IP              Type            State STA Uptime
---------------------------------------------------------------------------------------------------------
0    00e0-fcab-2720 ap2            ap-group1 192.168.100.222 AP2050DN        nor   0   1S
1    00e0-fcb1-66b0 ap1            ap-group1 192.168.100.8   AP2050DN        nor   0   11M:22S
---------------------------------------------------------------------------------------------------------
Total: 2

4.配置WLAN业务参数

4.1创建名为“huawei-wlan”的安全模板,并配置安全策略

[AC1-wlan-view]security-profile name huawei-wlan  //安全模板名为huawei-wlan

[AC1-wlan-sec-prof-huawei-wlan]security wpa-wpa2 psk pass-phrase huawei123 aes  //当前使用WPA和WPA2混合方式,用户终端使用WPA或WPA2都可以进行认证。预共享秘钥(PSK)为huawei123。通过AES加密算法加密用户数据

4.2创建名为“huawei-wlan”的SSID模板,并配置SSID名称为“huawei-wlan”。

[AC1-wlan-view]ssid-profile name huawei-wlan //创建名为“huawei-wlan”的SSID模板

[AC1-wlan-ssid-prof-huawei-wlan]ssid huawei-wlan  //配置SSID名称为“huawei-wlan”
Info: This operation may take a few seconds, please wait.done. 

4.3创建名为“huawei-wlan”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。

[AC1-wlan-view]vap-profile name huawei-wlan //创建名为“huawei-wlan”的VAP模板

[AC1-wlan-vap-prof-huawei-wlan]forward-mode direct-forward //配置业务数据转发模式为直接转发

[AC1-wlan-vap-prof-huawei-wlan]service-vlan vlan-id 101  //配置业务VLAN为VLAN101
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-huawei-wlan]security-profile huawei-wlan
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-vap-prof-huawei-wlan]ssid-profile huawei-wlan
Info: This operation may take a few seconds, please wait.done.

4.4配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“huawei-wlan”的配置。

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]vap-profile huawei-wlan wlan 1 radio all  //配置AP上射频0和射频1都使用VAP模板“huawei-wlan”的配置
Info: This operation may take a few seconds, please wait...done.

5.结果验证

WLAN的配置_第2张图片

 WLAN的配置_第3张图片

WLAN的配置_第4张图片

你可能感兴趣的:(网络)