数据规划
- Eth-Trunk1 AC:GE1/0/2,GE1/0/4加入Eth-Trunk1。S5700-1:GE0/0/1,GE0/0/4加入Eth-Trunk1,AC与接入交换机之间,配置Eth-Trunk1以增加,网络带宽,并提高网络可靠性;
- Eth-Trunk2 AC:GE1/0/3,GE1/0/5加入Eth-Trunk2
S5700-2:GE0/0/1,GE0/0/4加入Eth-Trunk2,AC与接入交换机之间配置Eth-Trunk2以增加网络带宽,并提高网络可靠性; - AC的源接口IP地址:10.23.100.1/24 ;
- WMM模板名称:wmm
- 射频模板名称:radio
- 安全模板名称:security,安全与认证策略:WPA2+PSK,认证密钥:huawei123,加密方式:CCMP;
- 流量模板名称:traffic
- 服务集 名称:area1
SSID:area1 WLAN虚接口:WLAN-ESS1 业务数据转发模式:直接转发 用于区域1内的网络覆 盖 名称:area2
SSID:area2 WLAN虚接口:WLAN-ESS2 业务数据转发模式:直接转发
- DHCP服务器 AC作为DHCP服务器,为AP、STA和PC分配地址;
- AP的网关及IP地址池范围:VLANIF 100:
10.23.100.1/24,10.23.100.2~10.23.100.254/24 - STA的网关及IP地址池范围:
VLANIF 101:
10.23.101.1/24,10.23.101.2~10.23.101.254/24,区域1内的STA的网关及IP地址池范围;
VLANIF 102:10.23.102.1/24,10.23.102.2~10.23.102.254/24,区域2内的STA的网关
及IP地址池范围;
PC的网关及IP地址池范围:VLANIF 103:10.23.103.1/24,10.23.103.2~10.23.103.254/24
配置思路
采用如下的思路配置有线无线用户统一接入示例:
- 配置各网络设备,使AP、接入交换机S5700、AC和上层网络设备之间实现网 络互通。
- 配置AC作为DHCP服务器,为AP、有线用户和无线用户分配IP地址。有线用 户侧配置完成。
- 配置WLAN基本业务,包括AC系统参数、AC上管理AP和WLAN业务参数。
- 配置VAP并下发配置。无线用户侧配置完成。
- 验证配置结果,有线用户和无线用户都能够接入Internet。
操作步骤
步骤1:配置各网络设备互通。配置接入有线用户的交换机S5700-1连接PC1、PC2的接口都加入VLAN103(有线用户数据使用的VLAN),S5700-1和AC间配置Eth-Trunk1并加入VLAN103。
[HUAWEI] sysname S5700-1
[S5700-1] vlan batch 103
[S5700-1] interface gigabitethernet 0/0/2
[S5700-1-GigabitEthernet0/0/2] port link-type access
[S5700-1-GigabitEthernet0/0/2] port default vlan 103
[S5700-1-GigabitEthernet0/0/2] quit
[S5700-1] interface gigabitethernet 0/0/3
[S5700-1-GigabitEthernet0/0/3] port link-type access
[S5700-1-GigabitEthernet0/0/3] port default vlan 103
[S5700-1-GigabitEthernet0/0/3] quit
[S5700-1] interface eth-trunk 1 //配置Eth-Trunk接口,提高网络带宽和可靠性
[S5700-1-Eth-Trunk1] trunkport gigabitethernet 0/0/1 0/0/4
[S5700-1-Eth-Trunk1] port link-type trunk
[S5700-1-Eth-Trunk1] port trunk allow-pass vlan 103
[S5700-1-Eth-Trunk1] quit配置接入无线用户的交换机S5700-2连接AP1的接口GE0/0/2加入VLAN100(管理VLAN)和VLAN101(业务VLAN),连接AP2的接口GE0/0/3加入VLAN100(管理VLAN)VLAN102(业务VLAN),S5700-2和AC间配置Eth-Trunk2加入VLAN100、VLAN101和VLAN102。
<HUAWEI> system-view
[HUAWEI] sysname S5700-2
[S5700-2] vlan batch 100 to 102
[S5700-2] interface gigabitethernet 0/0/2
[S5700-2-GigabitEthernet0/0/2] port link-type trunk
[S5700-2-GigabitEthernet0/0/2] port trunk pvid vlan 100
[S5700-2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[S5700-2-GigabitEthernet0/0/2] port-isolate enable
//配置端口隔离,减少可能会在VLAN内存在的不必要广播报文,或者减少不同AP间的WLAN用户二层互通的问题出现。
[S5700-2-GigabitEthernet0/0/2] quit
[S5700-2] interface gigabitethernet 0/0/3
[S5700-2-GigabitEthernet0/0/3] port link-type trunk
[S5700-2-GigabitEthernet0/0/3] port trunk pvid vlan 100
[S5700-2-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 102
[S5700-2-GigabitEthernet0/0/3] port-isolate enable
[S5700-2-GigabitEthernet0/0/3] quit
[S5700-2] interface eth-trunk 2
[S5700-2-Eth-Trunk2] trunkport gigabitethernet 0/0/1 0/0/4
[S5700-2-Eth-Trunk2] port link-type trunk
[S5700-2-Eth-Trunk2] port trunk allow-pass vlan 100 to 102
[S5700-2-Eth-Trunk2] quitAC和接入有线用户的交换机S5700-1间配置Eth-Trunk1并加入VLAN103,AC和接入无线用户的交换机S5700-2间配置Eth-Trunk2并加入VLAN100、VLAN101和VLAN102。AC连接上层网络的接口GE1/0/1加入VLAN101、VLAN102和VLAN103。
[HUAWEI] sysname AC
[AC] vlan batch 100 to 103
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 101 to 103
[AC-GigabitEthernet1/0/1] quit
[AC] interface eth-trunk 1
[AC-Eth-Trunk1] trunkport GigabitEthernet 1/0/2 1/0/4
[AC-Eth-Trunk1] port link-type trunk
[AC-Eth-Trunk1] port trunk allow-pass vlan 103
[AC-Eth-Trunk1] quit
[AC] interface eth-trunk 2
[AC-Eth-Trunk2] trunkport GigabitEthernet 1/0/3 1/0/5
[AC-Eth-Trunk2] port link-type trunk
[AC-Eth-Trunk2] port trunk allow-pass vlan 100 to 102
[AC-Eth-Trunk2] quit步骤2:配置AC为DHCP Server,分别为PC、AP、STA分配IP地址。配置AC通过接口地址池为AP分配IP地址。
[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] description manage_ap //配置VLANIF接口的描述信息,便于理解接口作用
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select interface //配置接口地址池,为AP分配IP地址
[AC-Vlanif100] quit配置AC通过全局地址池为PC分配IP地址。
[AC] interface vlanif 103
[AC-Vlanif103] description manage_pc
[AC-Vlanif103] ip address 10.23.103.1 24
[AC-Vlanif103] dhcp select global //配置全局地址池,为有线PC分配IP地址 [AC-Vlanif103] quit
[AC] ip pool 103 //地址池的具体配置方式
[AC-ip-pool-103] gateway-list 10.23.103.1
[AC-ip-pool-103] network 10.23.103.0 mask 24
[AC-ip-pool-103] quit配置AC通过全局地址池为STA分配IP地址。地址池101为连接到AP1的STA分配 地址,地址池102为连接到AP2的STA分配地址。
[AC] interface vlanif 101
[AC-Vlanif101] description sta_pool1
[AC-Vlanif101] ip address 10.23.101.1 24
[AC-Vlanif101] dhcp select global
[AC-Vlanif101] quit
[AC] ip pool 101
[AC-ip-pool-101] gateway-list 10.23.101.1
[AC-ip-pool-101] network 10.23.101.0 mask 24
[AC-ip-pool-101] quit
[AC] interface vlanif 102
[AC-Vlanif102] description sta_pool2
[AC-Vlanif102] ip address 10.23.102.1 24
[AC-Vlanif102] dhcp select global
[AC-Vlanif102] quit
[AC] ip pool 102
[AC-ip-pool-102] gateway-list 10.23.102.1
[AC-ip-pool-102] network 10.23.102.0 mask 24
[AC-ip-pool-102] quit步骤3:配置AC的系统参数。 配置AC的国家码
[AC] wlan ac-global country-code cn //配置AC的国家码,使AC管理的AP的射频 特性符合不同国家或区域的法律法规要求,国家码缺省值为CN
Warning: Modifying the country code will clear channel configurations of the AP radio using the country code and reset the AP. If the new country code does not support the radio, all configurations of the radio are cleared. Continue?[Y/N]:y配置AC ID和运营商标识。
[AC] wlan ac-global ac id 1 carrier id other //AC ID缺省为0,修改为1配置AC的源接口。
[AC] capwap source interface vlanif 100 [AC] wlan步骤4:在AC上管理AP。 现场获取AP的MAC地址后,查看AP的设备类型ID。
[AC-wlan-view] display ap-type all
All AP types information:
------------------------------------------------------------------------------ ID Type
------------------------------------------------------------------------------ 17 AP6010SN-GN
19 AP6010DN-AGN
21 AP6310SN-GN
23 AP6510DN-AGN
25 AP6610DN-AGN
27 AP7110SN-GN
28 AP7110DN-AGN
29 AP5010SN-GN
30 AP5010DN-AGN
31 AP3010DN-AGN
33 AP6510DN-AGN-US
34 AP6610DN-AGN-US
35 AP5030DN
36 AP5130DN
37 AP7030DE
38 AP2010DN
39 AP8130DN
40 AP8030DN
42 AP9330DN
------------------------------------------------------------------------------ Total number: 19配置AP认证模式为MAC地址认证(缺省值,不需配置)。根据查询到的AP设备类型ID,离线添加AP。假设AP的类型为AP6010DN-AGN,其MAC地址为 60de-4476-e360和dcd2-fc04-b500。
[AC-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360 //离线添加一个AP
[AC-wlan-ap-1] quit
[AC-wlan-view] ap id 2 type-id 19 mac dcd2-fc04-b500 //离线添加另外一个AP [AC-wlan-ap-2] quit配置AP域并将AP加入到AP域 。
[AC-wlan-view] ap-region id 10 //新建AP域10
[AC-wlan-ap-region-10] quit
[AC-wlan-view] ap id 1
[AC-wlan-ap-1] region-id 10 //将ID为1的AP加入到AP域10中,AP缺省加入域0
[AC-wlan-ap-1] quit
[AC-wlan-view] ap id 2
[AC-wlan-ap-2] region-id 10
[AC-wlan-ap-2] quit将AP上电后,当查看到AP的“AP State”字段为“normal”,表明AP在AC中正常上线。
[AC-wlan-view] display ap all
All AP(s) information:
Normal[2],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0] Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]
------------------------------------------------------------------------------
AP AP AP Profile AP AP
ID Type MAC ID State Sysname
------------------------------------------------------------------------------
1 AP6010DN-AGN 60de-4476-e360 0/10 normal ap-1
2 AP6010DN-AGN dcd2-fc04-b500 0/10 normal ap-2
------------------------------------------------------------------------------
Total number: 2,printed: 2步骤5:配置WLAN业务参数。 创建名为“wmm”的WMM模板。
[AC-wlan-view] wmm-profile name wmm id 1
[AC-wlan-wmm-prof-wmm] quit创建名为“radio”的射频模板,绑定WMM模板“wmm”。
[AC-wlan-view] radio-profile name radio id 1
[AC-wlan-radio-prof-radio] wmm-profile name wmm
[AC-wlan-radio-prof-radio] quit
[AC-wlan-view] quit创建WLAN-ESS接口1和2。
[AC] interface wlan-ess 1
[AC-Wlan-Ess1] port trunk allow-pass vlan 101 // WLAN-ESS接口加入业务 VLAN中
[AC-Wlan-Ess1] quit
[AC] interface wlan-ess 2
[AC-Wlan-Ess2] port trunk allow-pass vlan 102
[AC-Wlan-Ess2] quit创建名为“security”的安全模板。
[AC] wlan
[AC-wlan-view] security-profile name security id 1
[AC-wlan-sec-prof-security] security-policy wpa2 //配置安全策略为WPA2
[AC-wlan-sec-prof-security] wpa2 authentication-method psk pass-phrase cipher huawei123 encryption-method ccmp //配置加密方式为PSK+CCMP
[AC-wlan-sec-prof-security] quit创建名为“traffic”的流量模板,配置单个STA上行报文的限制速率为2000kbit/s, 下行报文的限制速率为2400kbit/s。
[AC-wlan-view] traffic-profile name traffic id 1
[AC-wlan-traffic-prof-traffic] rate-limit client up 2000
[AC-wlan-traffic-prof-traffic] rate-limit client down 2400
[AC-wlan-traffic-prof-traffic] quit创建名为“area1”和“area2”的服务集并绑定WLAN-ESS接口、安全模板和流量模 板,转发模式为直接转发(缺省值,不需要配置),配置单个服务集的最大接入 用户数目,以最大接入用户数为128为例。
[AC-wlan-view] service-set name area1 id 1
[AC-wlan-service-set-area1] ssid area1 //配置SSID名称
[AC-wlan-service-set-area1] wlan-ess 1 //配置服务集绑定的WLAN-ESS接口
[AC-wlan-service-set-area1] security-profile name security //配置服务集绑定的安 全模板
[AC-wlan-service-set-area1] traffic-profile name traffic //配置服务集绑定的流量 模板
[AC-wlan-service-set-area1] service-vlan 101 //配置服务集绑定的业务VLAN
[AC-wlan-service-set-area1] forward-mode direct-forward //配置服务集的转发模 式为直接转发
[AC-wlan-service-set-area1] max-user-number 128 //配置服务集的最大接入用户 数目为128
[AC-wlan-service-set-area1] quit
[AC-wlan-view] service-set name area2 id 2
[AC-wlan-service-set-area2] ssid area2
[AC-wlan-service-set-area2] wlan-ess 2
[AC-wlan-service-set-area2] security-profile name security
[AC-wlan-service-set-area2] traffic-profile name traffic
[AC-wlan-service-set-area2] service-vlan 102
[AC-wlan-service-set-area2] forward-mode direct-forward
[AC-wlan-service-set-area2] max-user-number 128 //配置服务集的最大接入用户 数目为128
[AC-wlan-service-set-area2] quit步骤6:配置VAP并下发。
配置VAP
[AC-wlan-view] ap 1 radio 0
[AC-wlan-radio-1/0] radio-profile name radio //配置射频上绑定射频模板
[AC-wlan-radio-1/0] service-set name area1 //配置射频上绑定服务集,射频绑定服 务集后,会生成一个VAP
[AC-wlan-radio-1/0] quit
[AC-wlan-view] ap 2 radio 0
[AC-wlan-radio-2/0] radio-profile name radio
[AC-wlan-radio-2/0] service-set name area2
[AC-wlan-radio-2/0] quit下发配置
[AC-wlan-view] commit all //在AC上配置关于AP的WLAN业务配置后,需要下发 配置到AP上才能最终生效
Warning: Committing configuration may cause service interruption, continue?[Y/N] :y步骤7:验证配置结果。配置完成后,通过display vap ap 1 radio 0和display vap ap 2 radio 0命令,可以 查看到VAP已创建成功。
[AC-wlan-view] display vap ap 1 radio 0
All VAP Information(Total-1):
SS: Service-set BP: Bridge-profile MP: Mesh-profile ----------------------------------------------------------------------
AP ID Radio ID SS ID BP ID MP ID WLAN ID BSSID
Type
1 0 1 - - 1 60DE-4476-E360 service
----------------------------------------------------------------------
Total: 1
[AC-wlan-view] display vap ap 2 radio 0
All VAP Information(Total-1):
SS: Service-set BP: Bridge-profile MP: Mesh-profile ----------------------------------------------------------------------
AP ID Radio ID SS ID BP ID MP ID WLAN ID BSSID
Type
2 0 2 - - 1 DCD2-FC04-B500
service
----------------------------------------------------------------------
Total: 1STA搜索到名为“area1”和“area2”的无线网络并正常关联后,STA能够被分配相应
的IP地址,用户输入预共享密钥可以访问无线网络,在AC上执行display station
assoc-info命令,可以查看到用户已经接入到无线网络“area1”或“area2”中。
[AC-wlan-view] display station assoc-info ap 1 radio 0
------------------------------------------------------------------------------
STA MAC AP ID RADIO ID SS ID SSID
------------------------------------------------------------------------------
9021-55dc-3e17 1 0 1 area1
------------------------------------------------------------------------------
Total stations: 1
[AC-wlan-view] display station assoc-info ap 2 radio 0
------------------------------------------------------------------------------
STA MAC AP ID RADIO ID SS ID SSID
------------------------------------------------------------------------------
9544-623a-531a 2 0 2 area2
Total stations: 1
------------------------------------------------------------------------------无线用户STA和有线用户PC能够分配到IP地址,正常连接网络。
配置小结
- 直接连接AP的设备的接口,比如S5700-2的GE0/0/2和GE0/0/3接口,必须配
置PVID。 - AP无法正常上线时,可以先检查为AP分配IP地址的服务器是否配置正确。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
