【華爲WLAN】WLAN網絡，AC旁掛直接轉發基本配置。

實驗拓撲

拓撲說明

AP1的業務VLAN爲101

AP2的業務VLAN爲102

AP的管理VLAN爲100

業務地址池和管理地址池統一在AC上配置

業務地址網關在路由器上

AP1屬於域1，AP2屬於域2

轉發模式採用直接轉發

VLAN101的地址爲：192.168.10.0/24，gateway：192.168.10.1

VLAN102的地址爲：192.168.20.0/24，gateway：192.168.20.1

VLAN100的地址爲：192.168.1.1/24

AP1的SSID爲：huawei-1，密碼：Admin@123

AP2的SSID爲：huawei-2，密碼：Admin@123

 

SW1配置

[SW1]vlanbatch 100 to 102

[SW1]interface g0/0/1

[SW1-GigabitEthernet0/0/1]port link-type trunk

[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

//配置TRUNK容許VLAN100和VLAN101，用戶VLAN爲101由AC下發，管理VLAN爲100

[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100

//將連AP的接口PVID改成100

[SW1-GigabitEthernet0/0/1]int g0/0/2

[SW1-GigabitEthernet0/0/2]port link-type trunk

[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 102

[SW1-GigabitEthernet0/0/2]port trunk pvid vlan 100

[SW1-GigabitEthernet0/0/2]intg0/0/4

[SW1-GigabitEthernet0/0/4]port link-type trunk

[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 101 102

//上行口作中繼透傳VLAN

[SW1-GigabitEthernet0/0/4]int g0/0/3

[SW1-GigabitEthernet0/0/3]port link-type trunk

[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 to 102

//透傳全部用戶VLAN和管理VLAN

 

 

R1配置

[R1]int g0/0/0.10

[R1-GigabitEthernet0/0/0.10]dot

[R1-GigabitEthernet0/0/0.10]dot1q termination vid 101

[R1-GigabitEthernet0/0/0.10]a b e

[R1-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24

[R1-GigabitEthernet0/0/0.10]int g0/0/0.20

[R1-GigabitEthernet0/0/0.20]dot1q termination vid 102

[R1-GigabitEthernet0/0/0.20]a b e

[R1-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24

 

 

AC配置

[AC6605]vlan batch 100 to 102     //建立VLAN

[AC6605]dhcp enable                   //開啓DHCP功能

[AC6605]ip pool 101                //建立一個名稱爲101的地址池

[AC6605-ip-pool-101]network 192.168.10.0 mask 24   //網絡號

[AC6605-ip-pool-101]gateway-list 192.168.10.1     //網關

[AC6605-ip-pool-101]dns-list 8.8.8.8                //dns

[AC6605-ip-pool-101]quit

[AC6605]ip pool 102

[AC6605-ip-pool-102]network 192.168.20.0 mask 24

[AC6605-ip-pool-102]gateway-list 192.168.20.1

[AC6605-ip-pool-102]dns-list 8.8.8.8

[AC6605-ip-pool-102]quit

[AC6605]int g0/0/1

[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 102

[AC6605-GigabitEthernet0/0/1]quit

//物理接口作中繼透傳用戶VLAN和管理VLAN

[AC6605]int vlan 100

[AC6605-Vlanif100]ip add 192.168.1.1 24

[AC6605-Vlanif100]dhcp select interface     //配置IP地址和基於接口的DHCP功能

[AC6605-Vlanif100]int vlan 101

[AC6605-Vlanif101]ip add192.168.10.2 24

[AC6605-Vlanif101]dhcp select global   //配置IP地址和基於全局地址池的DHCP功能

[AC6605-Vlanif101]int vlan 102

[AC6605-Vlanif102]ip add 192.168.20.2 24

[AC6605-Vlanif102]dhcp select global

[AC6605-Vlanif102]quit

[AC6605]wlan ac-global ac id 1 carrier idother

//配置AC的ID和運營商的標識符

[AC6605]wlan ac-global country-code CN      //配置國家編碼

[AC6605]wlan                //進入WLAN視圖

[AC6605-wlan-view]wlan ac source interface Vlanif 100

//配置WAPCAP的隧道源接口，也就是管理VLAN

[AC6605-wlan-view]ap-region id 1      //建立一個域ID爲1

[AC6605-wlan-ap-region-1]quit

[AC6605-wlan-view]ap-region id 2      

[AC6605-wlan-ap-region-2]quit

[AC6605-wlan-view]ap-profile id 1 name 1     //建立一個AP模板

[AC6605-wlan-ap-prof-1]quit

[AC6605-wlan-view]ap-profile id2 name 2

[AC6605-wlan-ap-prof-2]quit

[AC6605-wlan-view]ap id 1 type-id 19 mac00e0-fc20-71e0

[AC6605-wlan-ap-1]ap id 2 type-id 19 mac00e0-fc6f-60f0

//註冊AP，ID分別爲1和2，基於MAC地址註冊，type-id 能夠經過display ap-type all來查詢

[AC6605-wlan-ap-2]ap id 1       //進入ID爲1的AP視圖

[AC6605-wlan-ap-1]region-id 1    //關聯到域1

[AC6605-wlan-ap-1]ap id 2           

[AC6605-wlan-ap-2]region-id 2

[AC6605-wlan-ap-2]quit

[AC6605-wlan-view]ap-auth-mode mac-auth          //配置AP註冊到AC的驗證方式爲MAC地址認證

[AC6605-wlan-view]ap-whitelist mac 00e0-fc20-71e0

[AC6605-wlan-view]ap-whitelist mac00e0-fc6f-60f0

//配置白名單

[AC6605-wlan-view]security-profile id 1 name security-1

[AC6605-wlan-sec-prof-security-1]security-policy wpa 2

[AC6605-wlan-sec-prof-security-1]wpa2 authentication-method psk pass-phrase cipher Admin@123 encryption-method ccmp

//建立一個安全策略模板，並配置加密方式爲wpa2和 SSID接入密碼

[AC6605-wlan-sec-prof-security-1]quit

[AC6605-wlan-view]wmm-profileid 1 name wmm-1    //配置WMM模板，用來配置QOS

[AC6605-wlan-wmm-prof-wmm-1]quit

[AC6605-wlan-view]wmm-profileid 2 name wmm-2

[AC6605-wlan-wmm-prof-wmm-2]quit

[AC6605-wlan-view]radio-profileid 1 name radio-1   //建立一個射頻模板

[AC6605-wlan-radio-prof-radio-1]wmm-profileid 1        //關聯WMM模板

[AC6605-wlan-radio-prof-radio-1]quit

[AC6605-wlan-view]radio-profileid 2 name radio-2

[AC6605-wlan-radio-prof-radio-2]wmm-profileid 2

[AC6605-wlan-radio-prof-radio-2]quit

[AC6605-wlan-view]traffic-profileid 1 name traffic-1    //建立一個流模板，用於QOS

[AC6605-wlan-traffic-prof-traffic-1]quit

[AC6605-wlan-view]traffic-profileid 2 name traffic-2

[AC6605-wlan-traffic-prof-traffic-2]quit

[AC6605-wlan-view]quit

[AC6605]interface Wlan-Ess 1               //建立一個wlan虛擬接口

[AC6605-Wlan-Ess1]port hybridpvid vlan 101

[AC6605-Wlan-Ess1]port hybriduntagged vlan 101    //將此接口以hybrid方式加入到vlan 101中

[AC6605-Wlan-Ess1]quit

[AC6605]interface Wlan-Ess 2

[AC6605-Wlan-Ess2]port hybrid pvid vlan 102

[AC6605-Wlan-Ess2]port hybrid untagged vlan 102

[AC6605-Wlan-Ess2]quit

[AC6605]wlan

[AC6605-wlan-view]service-setid 1 name huawei-1     //建立一個服務集

[AC6605-wlan-service-set-huawei-1]ssidhuawei-1     //配置SSID

[AC6605-wlan-service-set-huawei-1]service-vlan 101     //配置服務VLAN

[AC6605-wlan-service-set-huawei-1]traffic-profileid 1    //關聯流模板

[AC6605-wlan-service-set-huawei-1]security-profileid 1    //關聯安全模板

[AC6605-wlan-service-set-huawei-1]forward-mode direct-forward  //配置轉發方式爲直接轉發

[AC6605-wlan-service-set-huawei-1]wlan-ess 1      //綁定到wlan接口 

[AC6605-wlan-service-set-huawei-1]quit

[AC6605-wlan-view]service-setid 2 name huawei-2

[AC6605-wlan-service-set-huawei-2]ssid huawei-2

[AC6605-wlan-service-set-huawei-2]service-vlan 102

[AC6605-wlan-service-set-huawei-2]wlan-ess 2

[AC6605-wlan-service-set-huawei-2]forward-mode direct-forward

[AC6605-wlan-service-set-huawei-2]security-profileid 1

[AC6605-wlan-service-set-huawei-2]traffic-profileid 2

[AC6605-wlan-service-set-huawei-2]quit

[AC6605-wlan-view]ap 1 radio 0         //進入AP 1的射頻視圖，0表示2.4G，若是是1表示5G

[AC6605-wlan-radio-1/0]radio-profile id 1      //關聯射頻模板

[AC6605-wlan-radio-1/0]service-set id 1       //關聯服務集

[AC6605-wlan-radio-1/0]quit

[AC6605-wlan-view]ap 2 radio 0

[AC6605-wlan-radio-2/0]radio-profile id 2

[AC6605-wlan-radio-2/0]service-set id 2

[AC6605-wlan-radio-2/0]quit

[AC6605-wlan-view]commit ap 1               //將配置提交給AP

[AC6605-wlan-view]commit all                 //將配置提交給全部AP

查看STA1的SSID信息並鏈接密碼爲以前設置的Admin@123

查看STA1的IP地址獲取狀況

測試STA1連通性

查看STA2的SSID信息並鏈接密碼爲以前設置的Admin@123

查看STA  2的IP地址獲取狀況

測試STA2的連通性

能夠使用display ap all命令在AC上查看AP註冊狀態