华为---企业WLAN组网基本配置示例---AC+AP组网
AC+AP组网所需的物理条件
1、无线AP---收发无线信号;
2、无线控制器(AC)---用来控制管理多个AP;
3、PoE交换机---能给AP实现网络连接和供电的交换机;
4、授权:默认AC管理的AP数量有限,买授权才能管控更多AP。
WLAN创建步骤
一、AP上线
二、WLAN业务配置下发
三、无线网络终端接入WLAN
四、WLAN业务数据转发
WLAN网络中的数据包括控制报文(管理报文)和数据报文。控制报文是通过CAPWAP的控制隧道转发的,用户的数据报文分为隧道转发方式、直接转发方式。
隧道转发方式:用户数据报文-->AP(CAPWAP数据隧道封装后)-->AC-->转发到上层网络。
直接转发方式:用户数据报文-->AP(不经过AC)-->直接转发到上层网络。
网络拓扑图
代码段
system-view sysname R
interface GigabitEthernet 0/0/0 ip address 192.168.11.253 24system-view sysname SWdhcp enablevlan batch 10 11
interface GigabitEthernet 0/0/1port link-type accessport default vlan 11quit
interface GigabitEthernet 0/0/2port link-type trunkport trunk allow-pass vlan 10 11quit
interface GigabitEthernet 0/0/3port link-type trunkport trunk allow-pass vlan 10quit
interface Vlan 11ip address 192.168.11.254 24dhcp select interfacequitsystem-view
sysname SW1vlan batch 10 11
interface GigabitEthernet 0/0/1 port link-type trunkport trunk allow-pass vlan 10 11quit
interface Ethernet 0/0/1port link-type trunkport trunk pvid vlan 10port trunk allow-pass vlan 10 11quit
interface Ethernet 0/0/2port link-type trunkport trunk pvid vlan 10port trunk allow-pass vlan 10 11quitsystem-view sysname ACdhcp enablevlan 10quit
interface GigabitEthernet 0/0/1 port link-type trunkport trunk pvid vlan 10port trunk allow-pass vlan 10quit
interface Vlan 10ip address 192.168.10.254 24dhcp select interfacequit
wlanregulatory-domain-profile name test-dcountry-code CNquitap-group name test-gregulatory-domain-profile test-dyquitap auth-mode mac-authap-id 1 ap-mac 00e0-fcee-6470ap-name test-ap1ap-group test-gyap-id 2 ap-mac 00e0-fc90-2b60ap-name test-ap2ap-group test-gyquitsecurity-profile name test-ssecurity wpa-wpa2 psk pass-phrase test@123 aesquitssid-profile name test-wssid test-wifiquitvap-profile name test-vapforward-mode direct-forward service-vlan vlan-id 11security-profile test-sssid-profile test-wquitap-group name test-gvap-profile test-vap wlan 1 radio allquit
capwap source interface Vlanif 10
quit
配置步骤及代码---代码解析
配基础有线网络配置
<Huawei>system-view
[Huawei] sysname R
[R-GigabitEthernet0/0/0] ip address 192.168.11.253 24
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei] sysname SW
[SW] dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW] vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW]interface GigabitEthernet 0/0/1
[SW-GigabitEthernet0/0/1] port link-type access
[SW-GigabitEthernet0/0/1] port default vlan 11
[SW-GigabitEthernet0/0/1] quit
[SW]interface GigabitEthernet 0/0/2
[SW-GigabitEthernet0/0/2] port link-type trunk
[SW-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 11
[SW-GigabitEthernet0/0/2] quit
[SW]interface GigabitEthernet 0/0/3
[SW-GigabitEthernet0/0/3] port link-type trunk
[SW-GigabitEthernet0/0/3] port trunk allow-pass vlan 10
[SW-GigabitEthernet0/0/3] quit
[SW]interface Vlan 11
[SW-Vlanif11] ip address 192.168.11.254 24
[SW-Vlanif11] dhcp select interface
[SW-Vlanif11] quit
<SW1>system-view
Enter system view, return user view with Ctrl+Z.
[SW1]sysname SW1
[SW1] vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/1] quit
[SW1]interface Ethernet 0/0/1
[SW1-Ethernet0/0/1] port link-type trunk
[SW1-Ethernet0/0/1] port trunk pvid vlan 10
[SW1-Ethernet0/0/1] port trunk allow-pass vlan 10 11
[SW1-Ethernet0/0/1] quit
[SW1]interface Ethernet 0/0/2
[SW1-Ethernet0/0/2] port link-type trunk
[SW1-Ethernet0/0/2] port trunk pvid vlan 10
[SW1-Ethernet0/0/2] port trunk allow-pass vlan 10 11
[SW1-Ethernet0/0/2] quit
<AC6605>system-view
Enter system view, return user view with Ctrl+Z.
[AC6605] sysname AC
[AC] dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC] vlan 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC-vlan10] quit
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk pvid vlan 10
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[AC-GigabitEthernet0/0/1] quit
[AC]interface Vlan 10
[AC-Vlanif10] ip address 192.168.10.254 24
[AC-Vlanif10] dhcp select interface
[AC-Vlanif10] quit
AP上线和业务配置
[AC]wlan
[AC-wlan-view] regulatory-domain-profile name test-d //创建域管理模板test-d
[AC-wlan-regulate-domain-test-d] country-code CN //国家代码选择中国
Info: The current country code is same with the input country code.
[AC-wlan-regulate-domain-test-d] quit
[AC-wlan-view] ap-group name test-g //创建AP组test-g
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-test-g] regulatory-domain-profile test-d //AP组的域管理模板是test-d
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-test-g]quit
[AC-wlan-view] ap auth-mode mac-auth //AP的认证模式为MAC认证
AP离线加入
[AC-wlan-view] ap-id 1 ap-mac 00e0-fcee-6470 //AP的编号和MAC地址
[AC-wlan-ap-1] ap-name test-ap1 //AP的名字为test-ap1
[AC-wlan-ap-1] ap-group test-g //AP属于AP组test-g
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-1]ap-id 2 ap-mac 00e0-fc90-2b60
[AC-wlan-ap-2] ap-name test-ap2
[AC-wlan-ap-2] ap-group test-g
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-2]quit
[AC-wlan-view] security-profile name test-s //安全模板的名字为test-s
[AC-wlan-sec-prof-test-s] security wpa-wpa2 psk pass-phrase test@123 aes //无线网密码是test@123,用AES加密。
[AC-wlan-sec-prof-test-s] quit
[AC-wlan-view] ssid-profile name test-w //ssid的模板名字为test-w
[AC-wlan-ssid-prof-test-w] ssid test-wifi //ssid的名称为test-wifi
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-test-w] quit
[AC-wlan-view] vap-profile name test-vap //vap模板的名字叫test-vap
[AC-wlan-vap-prof-test-vap] forward-mode direct-forward //转发模式为直接转发
[AC-wlan-vap-prof-test-vap] service-vlan vlan-id 11 //服务VLAN的ID为11
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] security-profile test-s //调用安全模板test-s
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] ssid-profile test-w //调用SSID模板test-w
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] quit
[AC-wlan-view] ap-group name test-g
[AC-wlan-ap-group-test-g] vap-profile test-vap wlan 1 radio all //调用VAP模板test-vap,wlan所有频道
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-test-g] quit
[AC-wlan-view]capwap source interface Vlanif 10 //AC的capwap隧道源接口为vlan 10
[AC]quit
STA接入
测试验证
管理vlan和业务vlan通信正常。