huawei 无线网络配置
二层AC
AP上线配置
配置AC源地址 capwap source interface Vlanif 1
进入配置界面 wlan
AC认证方式 ap auth-mode mac-auth
添加AP 默认在default组内 ap-id 0 ap-mac 00e0-fcc2-57f0
查看全部ap状态 idle 初始化 nor正常上线状态 fault 离线 display ap all 配置管理域模板 regulatory-domain-profile name huawei 配置国家代码 country-code CN 不同国家无线频率不一样
配置安全模板 security-profile name huawei 配置加密方式密码 security wpa-wpa2 psk pass-phrase 12345678 aes
配置SSID模板 ssid-profile name huawei配置无线SSID ssid wifiname WiFi名称
配置vap模板 vap-profile name huawei 配置转发模式 forward-mode direct-forward direct-forward直接转发 softgre云AP tunnel 隧道转发 配置业务VLAN service-vlan vlan-id 10调用安全模板 security-profile huawei调用SSID模板 ssid-profile huawei创建AP组 ap-group name work进入AP ap-id 0 加入AP组 ap-group work修改AP名 ap-name ap1调用域管理模板 regulatory-domain-profile huawei配置射频信号 vap-profile huawei wlan 1 radio all
下面是部分代码
[AC6005]capwap source interface Vlanif 1
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-id 1 ap-mac 00e0-fc7f-0ea0
[AC6005]display ap all
[AC6005-wlan-view]regulatory-domain-profile name huawei
[AC6005-wlan-regulate-domain-huawei]country-code CN
[AC6005-wlan-view]security-profile name huawei
[AC6005-wlan-view]ssid-profile name huawei
[AC6005-wlan-ssid-prof-huawei]ssid wifiname
[AC6005-wlan-view]vap-profile name huawei
[AC6005-wlan-vap-prof-huawei]forward-mode direct-forward
[AC6005-wlan-vap-prof-huawei]service-vlan vlan-id 10
[AC6005-wlan-vap-prof-huawei]security-profile huawei
[AC6005-wlan-vap-prof-huawei]ssid-profile huawei
[AC6005-wlan-view]ap-group name work
[AC6005-wlan-ap-group-work]vap-profile huawei wlan 1 radio all
[AC6005-wlan-view]ap-id 0
[AC6005-wlan-ap-0]ap-group work
[AC6005-wlan-ap-0]ap-name ap1
实验证明不分旁挂式和直连式 所有配置在最后
管理地址不建议使用vlan1 因为任何一电脑接入都会获取到管理地址同一网段。
可在连接每个AP的接口上打上其他网段的PVID
配置文件如下
R1
interface Ethernet0/0/0ip address 21.1.1.1 255.255.255.0
interface Ethernet0/0/1ip address 12.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
ip route-static 10.1.0.0 255.255.0.0 21.1.1.2
R2
interface Ethernet0/0/0ip address 12.1.1.2 255.255.255.0
interface LoopBack0ip address 2.2.2.2 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 12.1.1.1
LSW1
vlan batch 10 20 to 21 30
ip pool work10gateway-list 10.1.1.1network 10.1.1.0 mask 255.255.255.0dns-list 8.8.8.8
ip pool work20network 10.1.2.0 mask 255.255.255.0dns-list 8.8.8.8
interface Vlanif10ip address 10.1.1.1 255.255.255.0dhcp select global
interface Vlanif20ip address 10.1.2.1 255.255.255.0dhcp select global
interface Vlanif21ip address 21.1.1.2 255.255.255.0
interface Vlanif30ip address 10.1.30.1 255.255.255.0dhcp select interface
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3port link-type accessport default vlan 21
ip route-static 0.0.0.0 0.0.0.0 21.1.1.1
LSW2
vlan batch 10 20 30
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 30port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
AC
vlan batch 3 10 20 30
interface Vlanif3ip address 192.168.0.9 255.255.255.0
interface Vlanif30ip address 10.1.30.2 255.255.255.0
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 30port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3port link-type accessport default vlan 3
capwap source interface vlanif30
wlansecurity-profile name ciscosecurity wpa-wpa2 psk pass-phrase %^%#B^%X'-dygMX+&l'yw&KE/VW@;2)r]#]H`>J!(B3B
%^%# aessecurity-profile name huaweisecurity wpa-wpa2 psk pass-phrase %^%#VQnQRJ\>p~#bxPC|0cULmv|51c~JzW9kiF78=rV4
%^%# aesssid-profile name ciscossid ciscossid-profile name huaweissid wifinamevap-profile name ciscoservice-vlan vlan-id 20ssid-profile ciscosecurity-profile ciscovap-profile name huaweiservice-vlan vlan-id 10ssid-profile huaweisecurity-profile huaweiregulatory-domain-profile name huaweiap-group name workregulatory-domain-profile huaweiradio 0vap-profile huawei wlan 1vap-profile cisco wlan 2radio 1vap-profile huawei wlan 1vap-profile cisco wlan 2radio 2vap-profile huawei wlan 1vap-profile cisco wlan 2ap-id 0 type-id 56 ap-mac 00e0-fcc2-57f0 ap-sn 2102354483104F519A66ap-name ap1ap-group workap-id 1 type-id 56 ap-mac 00e0-fc7f-0ea0 ap-sn 210235448310F080403Dap-name ap2ap-group work
三层AC
三层AC管理地址有两个
一个是AC管理地址 vlanif3 AC需要保证路由可达
一个是给AP分配地址 vlanif10 需要在DHCP地址池指定AC地址 option 43 ascii 10.1.3.2
配置如下
R1
interface Ethernet0/0/0ip address 11.1.1.1 255.255.255.0
interface Ethernet0/0/1ip address 2.2.2.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 2.2.2.2
ip route-static 10.0.0.0 255.0.0.0 11.1.1.2
R2
interface Ethernet0/0/0ip address 2.2.2.2 255.255.255.0
interface LoopBack0ip address 3.3.3.3 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
LSW1
vlan batch 2 to 3 10 to 11 20
dhcp enable
ip pool 1gateway-list 10.1.1.1network 10.1.1.0 mask 255.255.255.0dns-list 8.8.8.8option 43 ascii 10.1.3.2
ip pool 20gateway-list 10.1.2.1network 10.1.2.0 mask 255.255.255.0dns-list 8.8.8.8
interface Vlanif3ip address 10.1.3.2 255.255.255.0
interface Vlanif10ip address 10.1.1.1 255.255.255.0dhcp select global
interface Vlanif11ip address 11.1.1.2 255.255.255.0
interface Vlanif20ip address 10.1.2.1 255.255.255.0dhcp select global
interface GigabitEthernet0/0/1port link-type accessport default vlan 11
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094
ip route-static 0.0.0.0 0.0.0.0 11.1.1.1
LSW2
vlan batch 10 to 11 20
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 10port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094
AC
vlan batch 3 10 20
interface Vlanif3ip address 10.1.3.1 255.255.255.0
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094
ip route-static 0.0.0.0 0.0.0.0 10.1.3.2
capwap source interface vlanif3
wlansecurity-profile name huaweiwifisecurity wpa-wpa2 psk pass-phrase %^%#!mOW*,2vM89N6RN4;G#O^.uQ01s|b~4${
<'GWK`E
%^%# aesssid-profile name huaweiwifissid huaweiwifivap-profile name huaweiwifiservice-vlan vlan-id 20ssid-profile huaweiwifisecurity-profile huaweiwifiap-group name group1radio 0vap-profile huaweiwifi wlan 1radio 1vap-profile huaweiwifi wlan 1radio 2vap-profile huaweiwifi wlan 1ap-group name defaultap-id 0 type-id 47 ap-mac 00e0-fc81-7bb0 ap-sn 210235448310E80AE10Dap-name ap1ap-group group1