一、拓扑图
二、组网需求
用户同通过WLAN接入网络,以满足移动办公的最基本需求。且再覆盖区域内移动发生漫游时,不影响用户的业务使用
1、AC组网方式:旁挂二层组网
2、DHCP部署方式:
汇聚交换机SWB作为DHCP服务器,为AP和STA分配IP地址。
- 注意:AC与AP在同一个网段时,不需要通过配置Option 43字段或通过DNS方式去获取AC的IP地址,AP可以通过广播方式发现同一网段中的AC
3、业务数据转发方式:隧道转发
- 注意:隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN
三、规划表
配置项 | 数据 |
AP管理vlan | vlan100 |
STA业务vlan | vlan101 |
DHCP服务器 | 汇聚交换机SWB |
AP的IP地址池 | 10.23.100.3~10.23.100.254/24 |
STA的IP地址池 | 10.23.101.2~10.23.101.254/24 |
AC的源接口IP地址 | vlanif100:10.23.100.2/24 |
AP组 | 名称:ap-group1 引用模板:VAP模板wlan-net、域管理模板default、2G射频模板wlan-radio2g、5G射频模板wlan-radio5g |
域管理模板 | 名称:default 国家码:中国 |
SSID模板 | 名称:wlan-net SSID名称:wlan-net |
安全模板 | 名称:wlan-net 安全策略:WPA-WPA2+PSK+AES 密码:a1234567 |
VAP模板 | 名称:wlan-net 转发模式:隧道转发 业务vlan:vlan101 引用模板:SSID模板wlan-net、安全模板wlan-net |
四、配置思路
1、配置AP、AC和周边网络设备之间实现网络互通
2、配置AP上线
- 创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置
- 配置AC的系统参数,包括国家码、AC与AP之间通信的源接口
- 配置AP上线的认证方式并离线导入AP,实现AP正常上线
3、配置WLAN业务参数,实现STA访问WLAN网络功能
五、操作步骤
1、简单配置FW
<SRG>system-view
interface GigabitEthernet0/0/3
[SRG-GigabitEthernet0/0/3]ip address 10.23.102.2 24
[SRG-GigabitEthernet0/0/3]service-manage ping permit
[SRG-GigabitEthernet0/0/3]quit
[SRG]ip route-static 10.23.0.0 16 10.23.102.1
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/3
[SRG-zone-trust]quit
附-设备版本
[SRG]display version
17:00:28 2022/05/18
Huawei Versatile Routing Platform Software
VRP WVSP Software Version VRPV500R003C07
Copyright (c) 2000-2013 by VRP Team Beijing Institute Huawei Tech, Inc
Compiled Feb 27 2014 16:04:12 by VSP2、配置SWA
<Huawei>system-view
[Huawei]sysname SWA
[SWA]vlan batch 100
[SWA]interface GigabitEthernet 0/0/1
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk pvid vlan 100
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SWA-GigabitEthernet0/0/1]port-isolate enable
[SWA-GigabitEthernet0/0/1]quit
[SWA]interface GigabitEthernet 0/0/2
[SWA-GigabitEthernet0/0/2]port link-type trunk
[SWA-GigabitEthernet0/0/2]port trunk allow-pass vlan 100
[SWA-GigabitEthernet0/0/2]quit
[SWA]interface GigabitEthernet 0/0/3
[SWA-GigabitEthernet0/0/3]port link-type trunk
[SWA-GigabitEthernet0/0/3]port trunk pvid vlan 100
[SWA-GigabitEthernet0/0/3]port trunk allow-pass vlan 100
[SWA-GigabitEthernet0/0/3]port-isolate enable
[SWA-GigabitEthernet0/0/3]quit3、配置SWB
#配置接口
<Huawei>system-view
[Huawei]sysname SWB
[SWB]vlan batch 100 101 102
[SWB]interface GigabitEthernet 0/0/1
[SWB-GigabitEthernet0/0/1]port link-type trunk
[SWB-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SWB-GigabitEthernet0/0/1]quit
[SWB]interface GigabitEthernet 0/0/2
[SWB-GigabitEthernet0/0/2]port link-type trunk
[SWB-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[SWB-GigabitEthernet0/0/2]quit
[SWB]interface GigabitEthernet 0/0/3
[SWB-GigabitEthernet0/0/3]port link-type access
[SWB-GigabitEthernet0/0/3]port default vlan 102
[SWB-GigabitEthernet0/0/3]quit
#配置DHCP服务器为STA和AP分配IP地址
[SWB]dhcp enable
[SWB]interface Vlanif 100
[SWB-Vlanif100]ip address 10.23.100.1 24
[SWB-Vlanif100]dhcp select global
[SWB-Vlanif100]quit
[SWB]interface Vlanif 101
[SWB-Vlanif101]ip address 10.23.101.1 24
[SWB-Vlanif101]dhcp select global
[SWB-Vlanif101]quit
[SWB]interface Vlanif 102
[SWB-Vlanif102]ip address 10.23.102.1 24
[SWB-Vlanif102]quit
[SWB]ip pool ap
[SWB-ip-pool-ap]network 10.23.100.0 mask 24
[SWB-ip-pool-ap]gateway-list 10.23.100.1
[SWB-ip-pool-ap]quit
[SWB]ip pool sta
[SWB-ip-pool-sta]network 10.23.101.0 mask 24
[SWB-ip-pool-sta]gateway-list 10.23.101.1
[SWB-ip-pool-sta]quit
#默认路由
[SWB]ip route-static 0.0.0.0 0.0.0.0 10.23.102.2
#附-设备版本
<SWB>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.110 (S5700 V200R001C00)
Copyright (c) 2000-2011 HUAWEI TECH CO., LTD4、配置AC
#配置接口
[AC6605]sysname AC
[AC]vlan batch 100 101
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1]quit
[AC]interface Vlanif 100
[AC-Vlanif100]ip address 10.23.100.2 24
[AC-Vlanif100]quit
#配置AP上线
1、创建AP组,用于将相同配置的AP都加入同一AP组中
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
2、创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code CN
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
3、配置AC的源接口
[AC]capwap source interface Vlanif 100
4、在AC上离线导入AP,并将AP加入AP组“ap-group1”。需要提前查看AP的MAC地址
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00E0-FCBC-4150
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0]quit
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 1 ap-mac 00E0-FCE9-1800
[AC-wlan-ap-1]ap-name area_2
[AC-wlan-ap-1]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-1]quit
5、将AP通电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线
[AC-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
--------------------------------------------------------------------------------
--------------
ID MAC Name Group IP Type State STA Upt
ime
--------------------------------------------------------------------------------
--------------
0 00e0-fcbc-4150 area_1 ap-group1 10.23.100.253 AP6050DN nor 0 1M:
47S
1 00e0-fce9-1800 area_2 ap-group1 10.23.100.254 AP6050DN nor 0 14S
--------------------------------------------------------------------------------
--------------
Total: 2
#配置WLAN业务参数
1、创建名为“wlan-net”的安全模板,并配置安全策略
[AC-wlan-view]security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net]quit
2、创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”
[AC-wlan-view]ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC-wlan-ssid-prof-wlan-net]quit
3、创建名为“wlan-net”的VAP模板,配置业务数据转发模板,业务vlan,并配置引用安全模板和SSID模板
[AC-wlan-view]vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net]forward-mode tunnel
[AC-wlan-vap-prof-wlan-net]service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC-wlan-vap-prof-wlan-net]ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net]quit
4、配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
#附-设备版本
[AC]display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (AC6605 V200R007C10SPC300)
Copyright (C) 2011-2018 HUAWEI TECH CO., LTD查看AP的MAC:
5、验证AC配置结果
1、配置完成后,执行命令display vap ssid wlan-net查看VAP信息,当“Status”显示为“ON”时,表示AP对应射频上的VAP已创建成功。
[AC]display vap ssid wlan-net
Info: This operation may take a few seconds, please wait.
WID : WLAN ID
-----------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
-----------------------------------------------------------------------------
0 area_1 0 1 00E0-FCBC-4150 ON WPA/WPA2-PSK 0 wlan-net
0 area_1 1 1 00E0-FCBC-4160 ON WPA/WPA2-PSK 0 wlan-net
1 area_2 0 1 00E0-FCE9-1800 ON WPA/WPA2-PSK 0 wlan-net
1 area_2 1 1 00E0-FCE9-1810 ON WPA/WPA2-PSK 0 wlan-net
-----------------------------------------------------------------------------
Total: 4
2、STA在AP1的覆盖范围内搜索到SSID为“wlan-net”的无线网络,输入密码“a1234567”并正常关联后,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP1,STA的MAC地址为“5489-98ad-7fd8”。
[AC]display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------
-----------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP a
ddress
--------------------------------------------------------------------------------
-----------
5489-98ad-7fd8 0 area_1 0/1 2.4G - -/- - 101 10.2
3.101.254
--------------------------------------------------------------------------------
-----------
Total: 1 2.4G: 1 5G: 0
6、查看漫游信息
1、当STA从AP1的覆盖范围移动到AP2的覆盖范围时,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP2
[AC]display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
--------------------------------------------------------------------------------
-----------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP a
ddress
--------------------------------------------------------------------------------
-----------
5489-98ad-7fd8 1 area_2 0/1 2.4G - -/- - 101 10.2
3.101.254
--------------------------------------------------------------------------------
-----------
Total: 1 2.4G: 1 5G: 0
2、在AC上执行命令display station roam-track sta-mac 5489-98ad-7fd8,可以查看该STA的漫游轨迹。
[AC]display station roam-track sta-mac 5489-98ad-7fd8
Access SSID:wlan-net
Rx/Tx: link receive rate/link transmit rate(Mbps)
z: Zero Roam c:PMK Cache Roam r:802.11r Roam
------------------------------------------------------------------------------
L2/L3 AC IP AP name Radio ID
BSSID TIME In/Out RSSI Out Rx/Tx
------------------------------------------------------------------------------
-- 10.23.100.2 area_1 0
00e0-fcbc-4150 2022/05/18 13:57:17 -95/-95 0/0
L2 10.23.100.2 area_2 0
00e0-fce9-1800 2022/05/18 14:01:45 -/- -/-
------------------------------------------------------------------------------
Number: 1
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
