【华为WLAN】WLAN网络，AC旁挂直接转发基本配置

5643

实验拓扑

拓扑说明
AP1的业务VLAN为101
AP2的业务VLAN为102
AP的管理VLAN为100
业务地址池和管理地址池统一在AC上配置
业务地址网关在路由器上
AP1属于域1，AP2属于域2
转发模式采用直接转发
VLAN101的地址为：192.168.10.0/24，gateway：192.168.10.1
VLAN102的地址为：192.168.20.0/24，gateway：192.168.20.1
VLAN100的地址为：192.168.1.1/24
AP1的SSID为：huawei-1，密码：Admin@123
AP2的SSID为：huawei-2，密码：Admin@123



SW1配置
[SW1]vlanbatch 100 to 102
[SW1]interface g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
//配置TRUNK允许VLAN100和VLAN101，用户VLAN为101由AC下发，管理VLAN为100
[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100
//将连AP的接口PVID改为100
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 102
[SW1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/2]intg0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 101 102
//上行口做中继透传VLAN
[SW1-GigabitEthernet0/0/4]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 to 102
//透传所有用户VLAN和管理VLAN


R1配置
[R1]int g0/0/0.10
[R1-GigabitEthernet0/0/0.10]dot
[R1-GigabitEthernet0/0/0.10]dot1q termination vid 101
[R1-GigabitEthernet0/0/0.10]a b e
[R1-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24
[R1-GigabitEthernet0/0/0.10]int g0/0/0.20
[R1-GigabitEthernet0/0/0.20]dot1q termination vid 102
[R1-GigabitEthernet0/0/0.20]a b e
[R1-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24


AC配置
[AC6605]vlan batch 100 to 102     //创建VLAN
[AC6605]dhcp enable                   //开启DHCP功能
[AC6605]ip pool 101                //创建一个名称为101的地址池
[AC6605-ip-pool-101]network 192.168.10.0 mask 24   //网络号
[AC6605-ip-pool-101]gateway-list 192.168.10.1     //网关
[AC6605-ip-pool-101]dns-list 8.8.8.8                //dns
[AC6605-ip-pool-101]quit
[AC6605]ip pool 102
[AC6605-ip-pool-102]network 192.168.20.0 mask 24
[AC6605-ip-pool-102]gateway-list 192.168.20.1
[AC6605-ip-pool-102]dns-list 8.8.8.8
[AC6605-ip-pool-102]quit
[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 102
[AC6605-GigabitEthernet0/0/1]quit
//物理接口做中继透传用户VLAN和管理VLAN
[AC6605]int vlan 100
[AC6605-Vlanif100]ip add 192.168.1.1 24
[AC6605-Vlanif100]dhcp select interface     //配置IP地址和基于接口的DHCP功能
[AC6605-Vlanif100]int vlan 101
[AC6605-Vlanif101]ip add192.168.10.2 24
[AC6605-Vlanif101]dhcp select global   //配置IP地址和基于全局地址池的DHCP功能
[AC6605-Vlanif101]int vlan 102
[AC6605-Vlanif102]ip add 192.168.20.2 24
[AC6605-Vlanif102]dhcp select global
[AC6605-Vlanif102]quit
[AC6605]wlan ac-global ac id 1 carrier idother
//配置AC的ID和运营商的标识符
[AC6605]wlan ac-global country-code CN      //配置国家编码
[AC6605]wlan                //进入WLAN视图
[AC6605-wlan-view]wlan ac source interface Vlanif 100
//配置WAPCAP的隧道源接口，也就是管理VLAN
[AC6605-wlan-view]ap-region id 1      //创建一个域ID为1
[AC6605-wlan-ap-region-1]quit
[AC6605-wlan-view]ap-region id 2      
[AC6605-wlan-ap-region-2]quit
[AC6605-wlan-view]ap-profile id 1 name 1     //创建一个AP模板
[AC6605-wlan-ap-prof-1]quit
[AC6605-wlan-view]ap-profile id2 name 2
[AC6605-wlan-ap-prof-2]quit
[AC6605-wlan-view]ap id 1 type-id 19 mac00e0-fc20-71e0
[AC6605-wlan-ap-1]ap id 2 type-id 19 mac00e0-fc6f-60f0
//注册AP，ID分别为1和2，基于MAC地址注册，type-id 可以通过display ap-type all来查询
[AC6605-wlan-ap-2]ap id 1       //进入ID为1的AP视图
[AC6605-wlan-ap-1]region-id 1    //关联到域1
[AC6605-wlan-ap-1]ap id 2            
[AC6605-wlan-ap-2]region-id 2
[AC6605-wlan-ap-2]quit
[AC6605-wlan-view]ap-auth-mode mac-auth          //配置AP注册到AC的验证方式为MAC地址认证
[AC6605-wlan-view]ap-whitelist mac 00e0-fc20-71e0
[AC6605-wlan-view]ap-whitelist mac00e0-fc6f-60f0
//配置白名单
[AC6605-wlan-view]security-profile id 1 name security-1
[AC6605-wlan-sec-prof-security-1]security-policy wpa 2
[AC6605-wlan-sec-prof-security-1]wpa2 authentication-method psk pass-phrase cipher Admin@123 encryption-method ccmp
//创建一个安全策略模板，并配置加密方式为wpa2和 SSID接入密码
[AC6605-wlan-sec-prof-security-1]quit
[AC6605-wlan-view]wmm-profileid 1 name wmm-1    //配置WMM模板，用来配置QOS
[AC6605-wlan-wmm-prof-wmm-1]quit
[AC6605-wlan-view]wmm-profileid 2 name wmm-2
[AC6605-wlan-wmm-prof-wmm-2]quit
[AC6605-wlan-view]radio-profileid 1 name radio-1   //创建一个射频模板
[AC6605-wlan-radio-prof-radio-1]wmm-profileid 1        //关联WMM模板
[AC6605-wlan-radio-prof-radio-1]quit
[AC6605-wlan-view]radio-profileid 2 name radio-2
[AC6605-wlan-radio-prof-radio-2]wmm-profileid 2
[AC6605-wlan-radio-prof-radio-2]quit
[AC6605-wlan-view]traffic-profileid 1 name traffic-1    //创建一个流模板，用于QOS
[AC6605-wlan-traffic-prof-traffic-1]quit
[AC6605-wlan-view]traffic-profileid 2 name traffic-2
[AC6605-wlan-traffic-prof-traffic-2]quit
[AC6605-wlan-view]quit
[AC6605]interface Wlan-Ess 1               //创建一个wlan虚拟接口
[AC6605-Wlan-Ess1]port hybridpvid vlan 101
[AC6605-Wlan-Ess1]port hybriduntagged vlan 101    //将此接口以hybrid方式加入到vlan 101中
[AC6605-Wlan-Ess1]quit
[AC6605]interface Wlan-Ess 2
[AC6605-Wlan-Ess2]port hybrid pvid vlan 102
[AC6605-Wlan-Ess2]port hybrid untagged vlan 102
[AC6605-Wlan-Ess2]quit
[AC6605]wlan
[AC6605-wlan-view]service-setid 1 name huawei-1     //创建一个服务集
[AC6605-wlan-service-set-huawei-1]ssidhuawei-1     //配置SSID
[AC6605-wlan-service-set-huawei-1]service-vlan 101     //配置服务VLAN
[AC6605-wlan-service-set-huawei-1]traffic-profileid 1    //关联流模板
[AC6605-wlan-service-set-huawei-1]security-profileid 1    //关联安全模板
[AC6605-wlan-service-set-huawei-1]forward-mode direct-forward  //配置转发方式为直接转发
[AC6605-wlan-service-set-huawei-1]wlan-ess 1      //绑定到wlan接口
[AC6605-wlan-service-set-huawei-1]quit
[AC6605-wlan-view]service-setid 2 name huawei-2
[AC6605-wlan-service-set-huawei-2]ssid huawei-2
[AC6605-wlan-service-set-huawei-2]service-vlan 102
[AC6605-wlan-service-set-huawei-2]wlan-ess 2
[AC6605-wlan-service-set-huawei-2]forward-mode direct-forward
[AC6605-wlan-service-set-huawei-2]security-profileid 1
[AC6605-wlan-service-set-huawei-2]traffic-profileid 2
[AC6605-wlan-service-set-huawei-2]quit
[AC6605-wlan-view]ap 1 radio 0         //进入AP 1的射频视图，0表示2.4G，如果是1表示5G
[AC6605-wlan-radio-1/0]radio-profile id 1      //关联射频模板
[AC6605-wlan-radio-1/0]service-set id 1       //关联服务集
[AC6605-wlan-radio-1/0]quit
[AC6605-wlan-view]ap 2 radio 0
[AC6605-wlan-radio-2/0]radio-profile id 2
[AC6605-wlan-radio-2/0]service-set id 2
[AC6605-wlan-radio-2/0]quit
[AC6605-wlan-view]commit ap 1               //将配置提交给AP
[AC6605-wlan-view]commit all                 //将配置提交给所有AP


查看STA1的SSID信息并连接密码为之前设置的Admin@123

查看STA1的IP地址获取情况

测试STA1连通性

查看STA2的SSID信息并连接密码为之前设置的Admin@123

查看STA  2的IP地址获取情况


测试STA2的连通性

可以使用display ap all命令在AC上查看AP注册状态