1、无线局域网的架构主要分为
(1)基于控制器的AP架构(瘦AP,FitAP)
(2)传统的独立AP架构(胖AP,FatAP)
近几年WLAN技术的发展,瘦AP正在迅速替代胖AP模式
2、胖AP
(1)除无线接入功能外,一般具备WLAN、LAN两个接口,多支持DHCP服务器、DNS和MAC地址克隆,以及VPN接入、防火墙等安全功能;
(2)胖AP也称为独立AP,所有的配置存储于自治型接入点本身,因此设备的管理和配置均由接入点处理。所有加解密和MAC层功能也由自治型接入点完成;
(3)胖AP的例子典型的是无线路由器。
3、瘦AP
(1)无线局域网一体化发展的下一个阶段是集中式WLAN架构。这种模式使用位于网络核心的WLAN控制器,在集中式的无线局域网体系结构中,基于控制器的接入点,也称为轻量型AP;
(2)为了实现WLAN网络的快速部署、网络设备的集中管理、精细化的用户管理,相比胖AP方式,企业用户以及运营商更倾向于采用集中控制性WLAN组网(瘦AP+AC);
(3)AC和AP之间采用CAPWAP协议。
(4)瘦AP不接ac也会发出无线信号。
基础配置
LSW1
[LSW1]interface GigabitEthernet 0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[LSW1-GigabitEthernet0/0/1]int g 0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 10
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
AC1
[AC6605]vlan 10
[AC6605]interface GigabitEthernet 0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]int g0/0/2
[AC6605-GigabitEthernet0/0/2]port link-type access
[AC6605-GigabitEthernet0/0/2]port default vlan 10
[AC6605-GigabitEthernet0/0/2]q
[AC6605]dhcp enable //开启DHCP功能
[AC6605]interface Vlanif 10
[AC6605-Vlanif10]ip address 192.168.1.254 24
[AC6605-Vlanif10]dhcp select gl
[AC6605-Vlanif10]quit
分别创建两个地址池
[AC6605]wlan //在AC上配置AP上线
[AC6605-wlan-view]ap-group name ap //创建AP组,用于将相同配置的AP加入到同一AP组
[AC6605-wlan-ap-group-ap]regulatory-domain-profile default
[AC6605-wlan-ap-group-ap]quit
[AC6605-wlan-view]regulatory-domain-profile name defult //创建域管理模板,在域管理模板配置AC的国家码并在AP组下引用管理模块
[AC6605-wlan-regulate-domain-defult]country-code cn
[AC6605-wlan-regulate-domain-defult]quit
[AC6605-wlan-view]quit
[AC6605]capwap source int Vlanif 10 //配置AC源接口或者//capwap source ip-add
[AC6605]wlan
[AC6605-wlan-view]ap auth-mode mac-auth
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fc98-65f0 //查看AP2的MAC地址,并记录下来;ap-mac [AP1的mac地址]
[AC6605-wlan-ap-0]ap-name ybd
[AC6605-wlan-ap-0]ap-group ap
[AC6605-wlan-ap-0]quit
[AC6605]wlan
[AC6605-wlan-view]security-profile name wlan
[AC6605-wlan-sec-prof-wlan]security wpa-wpa2 psk pass-phrase 87654321 aes //配置WLAN业务参数,配置WPA-WPA2+PSK+AES
[AC6605-wlan-sec-prof-wlan]quit
[AC6605-wlan-view]ssid-profile name wlan //创建名为"wlan"的SSID
[AC6605-wlan-ssid-prof-wlan]ssid wlan //配置SSID名称为"wlan"
[AC6605-wlan-ssid-prof-wlan]quit
[AC6605-wlan-view]vap-profile name wlan //创建名为"wlan"的VAP模板,配置业务数据转发模式,业务VLAN,并且引用安全模板和SSID
[AC6605-wlan-vap-prof-wlan]forward-mode direct-forward //配置直接转发
[AC6605-wlan-vap-prof-wlan]security-profile wlan
[AC6605-wlan-vap-prof-wlan]ssid-profile wlan
[AC6605-wlan-vap-prof-wlan]service-vlan vlan-id 20 //定义业务vlan为20
[AC6605-wlan-vap-prof-wlan]quit
[AC6605-wlan-view]ap-group name ap //配置AP组引用VAP模板,AP上射频1和射频1都使用VAP模板"wlan"的配置
[AC6605-wlan-ap-group-ap]vap-profile wlan wlan 1 radio 0
[AC6605-wlan-ap-group-ap]vap-profile wlan wlan 1 radio 1
[AC6605-wlan-ap-group-ap]quit
[AC6605-wlan-view]rrm-profile name default
[AC6605-wlan-rrm-prof-default]calibrate auto-channel-select disable
//配置AP射频的信道和功率,关闭射频的信道和功率自动调优功能。射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效
[AC6605-wlan-rrm-prof-default]calibrate auto-txpower-select disable
[AC6605-wlan-rrm-prof-default]quit
[AC6605-wlan-view]ap-id 0 //配置射频0的信道和功率
[AC6605-wlan-ap-0]radio 0
[AC6605-wlan-radio-0/0]channel 20mhz 6
[AC6605-wlan-radio-0/0]eirp 127
[AC6605-wlan-radio-0/0]quit
[AC6605-wlan-ap-0]radio 1 //配置射频1的信道和功率
[AC6605-wlan-radio-0/1]channel 20mhz 149
[AC6605-wlan-radio-0/1]eirp 127