华为设备配置大型网络WLAN基本业务_无线

1. 配置网络互通

[LSW2]vlan batch 100 to 104

[LSW2-GigabitEthernet0/0/1]port link-type trunk  

[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 104

[LSW2-GigabitEthernet0/0/2]port link-type trunk                  

[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 to 102

[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 100

[LSW2-GigabitEthernet0/0/2]port-isolate enable

[LSW2-GigabitEthernet0/0/3]port link-type trunk                  

[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 to 102

[LSW2-GigabitEthernet0/0/3]port trunk pvid vlan 100

[LSW2-GigabitEthernet0/0/3]port-isolate enable

[LSW2-GigabitEthernet0/0/4]port link-type trunk                  

[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 103 104

[LSW2-GigabitEthernet0/0/4]port trunk pvid vlan 100

[LSW2-GigabitEthernet0/0/4]port-isolate enable

[LSW2-GigabitEthernet0/0/5]port link-type trunk  

[LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 103 to 104  

[LSW2-GigabitEthernet0/0/5]port trunk pvid vlan 100

[LSW2-GigabitEthernet0/0/5]port-isolate enable

[LSW1]vlan batch 100 to 104 200 201

[LSW1-GigabitEthernet0/0/1]port link-type trunk

[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 104

[LSW1-GigabitEthernet0/0/3]port link-type trunk  

[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 200

[LSW1-GigabitEthernet0/0/2]port link-type access  

[LSW1-GigabitEthernet0/0/2]port default vlan 201

[LSW1-Vlanif100]ip add 10.1.1.1 24

[LSW1-Vlanif101]ip add 10.1.11.1 24

[LSW1-Vlanif102]ip add 10.1.12.1 24

[LSW1-Vlanif103]ip add 10.1.13.1 24

[LSW1-Vlanif104]ip add 10.1.14.1 24

[LSW1-Vlanif200]ip add 10.2.1.1 24

[LSW1-Vlanif201]ip add 10.3.1.1 24

[AC1]vlan batch 101 to 104 200

[AC1-GigabitEthernet0/0/1]port link-type trunk  

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 200

[AC1-Vlanif200]ip add 10.2.1.2 24

[AR1-GigabitEthernet0/0/0]ip add 10.3.1.3 24

[AR1]ip route-static 10.1.1.0 24 10.3.1.1  //配置AR1到LSW1的路由

[AR1]ip route-static 10.1.11.0 24 10.3.1.1  

[AR1]ip route-static 10.1.12.0 24 10.3.1.1

[AR1]ip route-static 10.1.13.0 24 10.3.1.1

[AR1]ip route-static 10.1.14.0 24 10.3.1.1

[LSW1]ip route-static 0.0.0.0 0.0.0.0 10.3.1.3  //配置LSW1的缺省路由

[AC1]ip route-static 10.1.1.0 24 10.2.1.1  //配置AC到AP的路由

2. 配置DHCP服务,为AP和STA分配IP地址

[LSW1]dhcp enable  

[LSW1-Vlanif100]dhcp select relay

[LSW1-Vlanif100]dhcp relay server-ip 10.3.1.3

[LSW1-Vlanif101]dhcp select relay  

[LSW1-Vlanif101]dhcp relay server-ip 10.3.1.3

[LSW1-Vlanif102]dhcp select relay  

[LSW1-Vlanif102]dhcp relay server-ip 10.3.1.3

[LSW1-Vlanif103]dhcp select relay  

[LSW1-Vlanif103]dhcp relay server-ip 10.3.1.3

[LSW1-Vlanif104]dhcp select relay  

[LSW1-Vlanif104]dhcp relay server-ip 10.3.1.3

[AR1]dhcp enable  

[AR1]ip pool ap  //配置由AR1作为DHCP服务器给AP分配IP地址

[AR1-ip-pool-ap]network 10.1.1.0 mask 24

[AR1-ip-pool-ap]gateway-list 10.1.1.1

[AR1-ip-pool-ap]option 43 sub-option 3 ascii 10.2.1.2

[AR1]ip pool sta1  //配置由AR1作为DHCP服务器给STA分配IP地址

[AR1-ip-pool-sta1]network 10.1.11.0 mask 24    

[AR1-ip-pool-sta1]gateway-list 10.1.11.1        

[AR1]ip pool sta2              

[AR1-ip-pool-sta2]network 10.1.12.0 mask 24

[AR1-ip-pool-sta2]gateway-list 10.1.12.1    

[AR1]ip pool sta3              

[AR1-ip-pool-sta3]network 10.1.13.0 mask 24

[AR1-ip-pool-sta3]gateway-list 10.1.13.1    

[AR1]ip pool sta4              

[AR1-ip-pool-sta4]network 10.1.14.0 mask 24

[AR1-ip-pool-sta4]gateway-list 10.1.14.1    

[AR1-GigabitEthernet0/0/0]dhcp select global

3. 配置VLAN pool,用于作为业务VLAN

[AC1]vlan  pool sta-pool1

[AC1-vlan-pool-sta-pool1]vlan 101 102

[AC1-vlan-pool-sta-pool1]assignment hash  

[AC1]vlan pool sta-pool2

[AC1-vlan-pool-sta-pool2]vlan 103 104        

[AC1-vlan-pool-sta-pool2]assignment hash

4. 配置AP上线

[AC1-wlan-view]ap-group name guest  //创建AP组

[AC1-wlan-view]ap-group name employee

[AC1-wlan-view]regulatory-domain-profile name domain1  //创建域管理模板

[AC1-wlan-regulate-domain-domain1]country-code cn  //配置AC的国家码

[AC1-wlan-view]ap-group name guest

[AC1-wlan-ap-group-guest]regulatory-domain-profile domain1  //在AP组下引用域管理模板

[AC1-wlan-view]ap-group name employee

[AC1-wlan-ap-group-employee]regulatory-domain-profile domain1

[AC1]capwap source interface Vlanif 200  //配置AC的源接口

[AC1]wlan

[AC1-wlan-view]ap auth-mode mac-auth  

[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc32-56d0  //在AC上离线导入AP

[AC1-wlan-ap-0]ap-name ap1

[AC1-wlan-ap-0]ap-group guest

[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc42-47d0

[AC1-wlan-ap-1]ap-name ap2  

[AC1-wlan-ap-1]ap-group guest

[AC1-wlan-view]ap-id 2 ap-mac 00e0-fcc1-3660

[AC1-wlan-ap-2]ap-name ap3                  

[AC1-wlan-ap-2]ap-group employee

[AC1-wlan-view]ap-id 3 ap-mac 00e0-fca3-0630

[AC1-wlan-ap-3]ap-name ap4                  

[AC1-wlan-ap-3]ap-group employee

 华为设备配置大型网络WLAN基本业务_WLAN_02

5. 配置WLAN业务参数

[AC1-wlan-view]security-profile name guest  //创建名为安全模板

[AC1-wlan-sec-prof-guest]security wpa2 psk pass-phrase abc@1234 aes  //配置安全策略

[AC1-wlan-view]security-profile name employee  

[AC1-wlan-sec-prof-employee]security wpa2 psk pass-phrase abcd@1234 aes

[AC1-wlan-view]ssid-profile name guest  //创建SSID模板

[AC1-wlan-ssid-prof-guest]ssid guest  //配置SSID名称

[AC1-wlan-view]ssid-profile  name employee

[AC1-wlan-ssid-prof-employee]ssid employee

[AC1-wlan-view]vap-profile name guest  //创建VAP模板

[AC1-wlan-vap-prof-guest]forward-mode  direct-forward   //配置业务数据转发模式

[AC1-wlan-vap-prof-guest]service-vlan vlan-pool sta-pool1   //配置业务VLAN

[AC1-wlan-vap-prof-guest]security-profile guest  //引用安全模板

[AC1-wlan-vap-prof-guest]ssid-profile guest  //引用SSID模板

[AC1-wlan-view]vap-profile name employee        

[AC1-wlan-vap-prof-employee]forward-mode direct-forward  

[AC1-wlan-vap-prof-employee]service-vlan vlan-pool sta-pool2

[AC1-wlan-vap-prof-employee]security-profile employee

[AC1-wlan-vap-prof-employee]ssid-profile employee

[AC1-wlan-view]ap-group name guest

[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 0  //配置AP组引用VAP模板,AP上射频0使用VAP模板的配置

[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 1  //配置AP组引用VAP模板,AP上射频0使用VAP模板的配置

[AC1-wlan-view]ap-group name employee          

[AC1-wlan-ap-group-employee]vap-profile employee wlan 1 radio 0

[AC1-wlan-ap-group-employee]vap-profile employee wlan 1 radio 1

6. 配置AP射频的信道和功率

[AC1-wlan-view]ap-id 0

[AC1-wlan-ap-0]radio 0

[AC1-wlan-radio-0/0]channel 20mhz 6

[AC1-wlan-radio-0/0]eirp 127

[AC1-wlan-ap-0]radio 1        

[AC1-wlan-radio-0/1]channel 20mhz 149

[AC1-wlan-radio-0/1]eirp 127  

7. 验证配置

 华为设备配置大型网络WLAN基本业务_网络_03

华为设备配置大型网络WLAN基本业务_无线_04