要求:

1.公司现有5层,每层面积在300平左右。需要wlan全覆盖。

采用旁挂的方式

3.业务流量采用直接转发模式

4.设置2个ssid,一个内部使用,一个访客使用。

5.统一采用DHCP分配地址

网段规划:

1、vlan 10  :AC              192.168.10.0/24

2、vlan 20  :AP              192.168.20.0/24

3、vlan 30  :thinkmo-net     192.168.30.0/24

4、vlan 40  :thinkmo-guest   192.168.40.0/24

5、vlan 50  :DHCP            192.168.50.0/24

6、vlan 60  :S1和GW互联      192.168.60.0/24


某某公司的wlan项目实施_wlan

配置:

ISP

<ISP>dis cur
#
sysname ISP
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 60.30.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 60.30.1.2
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
<ISP>

GW

[gw]dis cur
#
sysname gw
#
acl number 2000
 rule 5 permit
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 60.30.1.2 255.255.255.0
 nat outbound 2000
#
interface GigabitEthernet0/0/1
 ip address 192.168.60.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 60.30.1.1
ip route-static 192.168.0.0 255.255.0.0 192.168.60.254
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
[gw]

DHCP

<DHCP>dis cur
#
sysname DHCP
#
undo info-center enable
#
dhcp enable
#
ip pool ap
 gateway-list 192.168.20.254
 network 192.168.20.0 mask 255.255.255.0
#
ip pool network
 gateway-list 192.168.30.254
 network 192.168.30.0 mask 255.255.255.0
 dns-list 4.4.4.4
#
ip pool guest
 gateway-list 192.168.40.254
 network 192.168.40.0 mask 255.255.255.0
 dns-list 4.4.4.4
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 192.168.50.1 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.50.254
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

S1

<S1>dis cur
#
sysname S1
#
undo info-center enable
#
vlan batch 10 20 30 40 50 60
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
 description to-ac
 ip address 192.168.10.254 255.255.255.0
#
interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.50.1
#
interface Vlanif30
 description to-network
 ip address 192.168.30.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.50.1
#
interface Vlanif40
 description to-guest
 ip address 192.168.40.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.50.1
#
interface Vlanif50
 ip address 192.168.50.254 255.255.255.0
#
interface Vlanif60
 ip address 192.168.60.254 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 description to-dhcp
 port link-type access
 port default vlan 50
#
interface GigabitEthernet0/0/2
 description to-gw
 port link-type access
 port default vlan 60
#
interface GigabitEthernet0/0/3
 description to-AC
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 description to-ap
 port link-type trunk
 port trunk pvid vlan 20
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.60.1
#
user-interface con 0
user-interface vty 0 4
#
return

AC

1、配置物理2层接口:
   g0/0/1:配置成trunk,放行vlan 10 20 30 40
2、配置vlanif10:192.168.10.1 24
3、配置默认路由,吓一跳192.168.10.254
4、配置capwap隧道源ip地址:192.168.10.1
   capwap source ip-address 192.168.10.1
以下所有配置,都在wlan视图下:
5、配置AP认证模式为不认证
   [AC6005-wlan-view]ap auth-mode no-auth
6、配置域管理模板(在中国默认就是这样)
   配置国家代码
   [AC6005-wlan-view]regulatory-domain-profile name default
   [AC6005-wlan-regulate-domain-default]country-code cn
7、安全模板:
   [AC6005-wlan-view]security-profile name security-1
   [AC6005-wlan-sec-prof-security-1]security wpa-wpa2 psk pass-phrase 12345678 aes
8、SSID模板:配置2个
   [AC6005-wlan-view]ssid-profile name thinkmo-net
   [AC6005-wlan-ssid-prof-thinkmo-net]ssid thinkmo-net
   [AC6005-wlan-view]ssid-profile name thinkmo-guest
   [AC6005-wlan-ssid-prof-thinkmo-guest]ssid thinkmo-guest
9、VAP模板:配置2个
   [AC6005-wlan-view]vap-profile name VAP-1
   [AC6005-wlan-vap-prof-VAP-1]forward-mode tunnel      //转发模式为隧道模式
   [AC6005-wlan-vap-prof-VAP-1]service-vlan vlan-id 30  //这个SSID所在的VLAN
   [AC6005-wlan-vap-prof-VAP-1]ssid-profile thinkmo-net  //调用SSID名称
   [AC6005-wlan-vap-prof-VAP-1]security-profile security-1  //调用安全模板

   [AC6005-wlan-view]vap-profile name VAP-2
   [AC6005-wlan-vap-prof-VAP-1]forward-mode tunnel      //转发模式为隧道模式
   [AC6005-wlan-vap-prof-VAP-1]service-vlan vlan-id 30  //这个SSID所在的VLAN
   [AC6005-wlan-vap-prof-VAP-1]ssid-profile thinkmo-guest  //调用SSID名称
   [AC6005-wlan-vap-prof-VAP-1]security-profile security-1  //调用安全模板
10、创建AP组:
   [AC6005-wlan-view]ap-group name thinkmo-1f 
   [AC6005-wlan-ap-group-thinkmo-1f]regulatory-domain-profile default
   [AC6005-wlan-ap-group-thinkmo-1f]vap-profile VAP-1 wlan 1 radio 0
   [AC6005-wlan-ap-group-thinkmo-1f]vap-profile VAP-1 wlan 1 radio 1
   [AC6005-wlan-ap-group-thinkmo-1f]vap-profile VAP-2 wlan 2 radio 0
   [AC6005-wlan-ap-group-thinkmo-1f]vap-profile VAP-2 wlan 2 radio 1
11、AP接入AC
   [AC6005-wlan-view]ap-mac 00e0-fc9a-2260
   [AC6005-wlan-ap-0]ap-group 1f

AP

[Huawei]ap-address static ac-list 192.168.10.1