中级 wlan
1.实验拓扑:
使用ENSP模拟器(版本V100R002C00 1.2.00.350)
2.实验需求:
1: AP1和AP2 通过AC1 DCHP获得地址
2: AP1和AP2发出wlan
3.实验配置:
R1配置:
<Huawei>sy
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip add 192.168.1.1 30
[Huawei-GigabitEthernet0/0/2]int l0
[Huawei-LoopBack0]ip add 1.1.1.1 32
[Huawei-LoopBack0]q
[Huawei]ip route-static 192.168.101.0 255.255.255.0 192.168.1.2 给两条业务vlan 配静态
[Huawei]ip route-static 192.168.102.0 255.255.255.0 192.168.1.2
ac配置:
<AC6605>sy
[AC6605]sysname ac01
[ac01]vlan 200
[ac01-vlan200]int vlan 200
[ac01-Vlanif200]ip add 192.168.1.2 30
[ac01-Vlanif200]int g0/0/2
[ac01-GigabitEthernet0/0/2]port hybrid pvid vlan 200
[ac01-GigabitEthernet0/0/2]port hybrid untagged vlan 200
[ac01-GigabitEthernet0/0/2]p 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=1350 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=390 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=400 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=380 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=380 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 380/580/1350 ms
[ac01-GigabitEthernet0/0/2]q
[ac01]ip route-static 0.0.0.0 0 192.168.1.1 给R1指默认
[ac01]vlan b 100 101 102
[ac01]dhcp enable
[ac01]int vlan 100
[ac01-Vlanif100]ip add 192.168.100.1 24
[ac01-Vlanif100]dhcp select int
[ac01-Vlanif100]int vlan 101
[ac01-Vlanif101]ip add 192.168.101.1 24
[ac01-Vlanif101]dhcp select int
[ac01-Vlanif101]dhc server dns-list 8.8.8.8
[ac01-Vlanif101]int vlan 102
[ac01-Vlanif102]ip add 192.168.102.1 24
[ac01-Vlanif102]dhcp select int
[ac01-Vlanif102]dhc server dns-list 9.9.9.9
[ac01-Vlanif102]q
[ac01]int g0/0/1
[ac01-GigabitEthernet0/0/1]port link-type trunk
[ac01-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 102
[ac01-GigabitEthernet0/0/1]
[ac01-GigabitEthernet0/0/1]q
[ac01]wlan ac-global carrier id cmcc ac id 1
[ac01]wlan
[ac01-wlan-view]wlan ac source int vlan 100
[ac01-wlan-view]ap-auth-mode mac-auth
[ac01-wlan-view]ap id 1 type-id 19 mac 00e0-fc09-77d0
[ac01-wlan-ap-1]q
[ac01-wlan-view]wmm-profile id 1 name wmm
[ac01-wlan-wmm-prof-wmm]q
[ac01-wlan-view]radio-profile id 1 name r01
[ac01-wlan-radio-prof-r01]wmm-profile id 1
[ac01-wlan-radio-prof-r01]q
[ac01-wlan-view]traffic-profile id 1 name t01
[ac01-wlan-traffic-prof-t01]q
[ac01-wlan-view]security-profile id 1 name s01
[ac01-wlan-sec-prof-s01]q
[ac01-wlan-view]security-profile id 1 name s01
[ac01-wlan-sec-prof-s01]security-policy wpa2
[ac01-wlan-sec-prof-s01]wpa2 authentication-method psk pass-phrase cipher abc12345 encryption-method ccmp
[ac01-wlan-sec-prof-s01]q
[ac01-wlan-view]q
[ac01]int wlan-ess 1
[ac01-Wlan-Ess1]port hybrid pvid vlan 101
[ac01-Wlan-Ess1]port hybrid untagged vlan 101
[ac01-Wlan-Ess1]q
[ac01]wlan
[ac01-wlan-view]service-set id 1 name s01
[ac01-wlan-service-set-s01]wlan-ess 1
[ac01-wlan-service-set-s01]service-vlan 101
[ac01-wlan-service-set-s01]traffic-profile id 1
[ac01-wlan-service-set-s01]security-profile id 1
[ac01-wlan-service-set-s01]dis this 配好之后要查看5原素齐不齐
#
wlan-ess 1
traffic-profile id 1
security-profile id 1
service-vlan 101
#
return
[ac01-wlan-service-set-s01]ssid hw01
[ac01-wlan-service-set-s01]q
[ac01-wlan-view]ap 1 radio 0
[ac01-wlan-radio-1/0]radio-profile id 1
Warning: Modify the Radio type may cause some parameters of Radio resume default
value, are you sure to continue?[Y/N]:y
[ac01-wlan-radio-1/0]service-set id 1
[ac01-wlan-radio-1/0]q
[ac01-wlan-view]commit all
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
[ac01-wlan-view]q
[ac01]q
<ac01>dis cu conf wlan 查看wlan配置命令
wlan
wlan ac source interface vlanif100
ap id 1 type-id 19 mac 00e0-fc09-77d0 sn 2102354483100867E35C
wmm-profile name wmm id 1
traffic-profile name t01 id 1
security-profile name s01 id 1
security-policy wpa2
wpa2 authentication-method psk pass-phrase cipher %@%@eODWA}a`UEy4:Q;$V9''UTdY%
@%@ encryption-method ccmp
service-set name s01 id 1
wlan-ess 1
ssid hw01
traffic-profile id 1
security-profile id 1
service-vlan 101
radio-profile name r01 id 1
wmm-profile id 1
ap 1 radio 0
radio-profile id 1
service-set id 1 wlan 1
#
return
<ac01>sy
[ac01]wlan
[ac01-wlan-view]service-set id 1
[ac01-wlan-service-set-s01]user-isolate 配置 用户隔离
[ac01-wlan-service-set-s01]q
[ac01-wlan-view]commit ap 1
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
配置第二台AP
[ac01-wlan-view]ap-auth-mode mac-auth
[ac01-wlan-view]ap id 2 type-id 19 mac 00e0-fced-7f00
[ac01-wlan-ap-2]q
[ac01-wlan-view]q
[ac01]int Wlan-Ess 2
[ac01-Wlan-Ess2]port hybrid pvid vlan 102
[ac01-Wlan-Ess2]port hybrid untagged vlan 102
[ac01-Wlan-Ess2]q
[ac01]wlan
[ac01-wlan-view]service-set id 2 name s02
[ac01-wlan-service-set-s02]wlan-ess 2
[ac01-wlan-service-set-s02]ssid hw02
[ac01-wlan-service-set-s02]service-vlan 102
[ac01-wlan-service-set-s02]traffic-profile id 1
[ac01-wlan-service-set-s02]security-profile id 1
[ac01-wlan-service-set-s02]dis this
[ac01-wlan-service-set-s02]q
[ac01-wlan-view]ap 2 radio 0
[ac01-wlan-radio-2/0]radio-profile id 1
value, are you sure to continue?[Y/N]:y
[ac01-wlan-radio-2/0]service-set id 2
[ac01-wlan-radio-2/0]q
[ac01-wlan-view]commit all
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
做隧道 华为有BUG所以 要关了AP配好了再开
[ac01]wlan
[ac01-wlan-view]service-set id 1 name s01
[ac01-wlan-service-set-s01]dis this
#
wlan-ess 1
ssid hw01
user-isolate
traffic-profile id 1
security-profile id 1
service-vlan 101
#
return
[ac01-wlan-service-set-s01]forward-mode tunnel 做隧道
[ac01-wlan-radio-1/0]q
[ac01-wlan-view]commit all
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
sw1配置:
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan b 100 to 102 200 同时添加 用户vlan和管理vlan
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1] port link-type trunk
[Huawei-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 102 200
[Huawei-GigabitEthernet0/0/1]q
[Huawei]interface Ethernet0/0/1
[Huawei-Ethernet0/0/1] port link-type trunk
[Huawei-Ethernet0/0/1] port trunk pvid vlan 100
[Huawei-Ethernet0/0/1] port trunk allow-pass vlan 100 to 101
[Huawei-Ethernet0/0/1]q
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2] port trunk pvid vlan 100
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan 100 102