移动组网配置示例
?
操作步骤
1. 配置网络互通
★配置接入交换机SW1。将接口GE0/0/1~GE0/0/3加入VLAN100(AP所在VLAN)。GE0/0/1~GE0/0/2的缺省VLAN为VLAN10 。
[HUAWEI] sysname SW1
[SW1] vlan batch 100
[SW1] interface gigabitethernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/1] port-isolate enable
[SW1-GigabitEthernet0/0/1] quit
[SW1] interface gigabitethernet 0/0/2
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/1] port-isolate enable
[SW1-GigabitEthernet0/0/1] quit
[SW1] interface gigabitethernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type trunk
[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/3] quit
★配置汇聚交换机SW2。配置接口GE0/0/1加入VLAN100,GE0/0/2加入VLAN101~VLAN102和VLAN200,GE0/0/3加入VLAN201。
[HUAWEI] sysname SW2
[SW2] vlan batch 100 to 102 200 201
[SW2] interface gigabitethernet 0/0/1
[SW2-GigabitEthernet0/0/1] port link-type trunk
[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/1] quit
[SW2] interface gigabitethernet 0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 to 102 200
[SW2-GigabitEthernet0/0/2] quit
[SW2] interface gigabitethernet 0/0/3
[SW2-GigabitEthernet0/0/3] port link-type trunk
[SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 201
[SW2-GigabitEthernet0/0/3] quit
★在汇聚交换机SW2上创建VLANIF100~VLANIF102、VLANIF200和VLANIF201并配置IP地址。其中VLANIF100为AP的网关,VLANIF101为访客用户的网关,VLANIF102为企业员工的网关,VLANIF200用于SW2与AC通信,VLANIF201用于SW2与Router通信。
[SW2] interface vlanif 100
[SW2-Vlanif100] ip address 10.1.100.1 24
[SW2-Vlanif100] quit
[SW2] interface vlanif 101
[SW2-Vlanif101] ip address 10.1.101.1 24
[SW2-Vlanif101] quit
[SW2] interface vlanif 102
[SW2-Vlanif102] ip address 10.1.102.1 24
[SW2-Vlanif102] quit
[SW2] interface vlanif 200
[SW2-Vlanif200] ip address 10.1.200.2 24
[SW2-Vlanif200] quit
[SW2] interface vlanif 201
[SW2-Vlanif201] ip address 10.1.201.2 24
[SW2-Vlanif201] quit
★配置AC连接汇聚交换机SW2的接口GE0/0/1加入VLAN101~VLAN102和VLAN200。
[AC6605] sysname AC
[AC] vlan batch 101 to 102 200
[AC] interface vlanif 200
[AC-Vlanif200] ip address 10.1.200.1 24
[AC-Vlanif200] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 to 102 200
[AC-GigabitEthernet0/0/1] quit
★配置Router的接口GE2/0/0加入VLAN201,并且配置IP地址使Router能与SW2通信。
[Huawei] sysname Router
[Router] vlan batch 201
[Router] interface vlanif 201
[Router-Vlanif201] ip address 10.1.201.1 24
[Router-Vlanif201] quit
[Router] interface gigabitethernet 2/0/0
[Router-GigabitEthernet2/0/0] port link-type trunk
[Router-GigabitEthernet2/0/0] port trunk allow-pass vlan 201
[Router-GigabitEthernet2/0/0] quit
★配置Router到SW2的路由。
[Router] ip route-static 10.1.101.0 24 10.1.201.2
[Router] ip route-static 10.1.102.0 24 10.1.201.2
★配置SW2的缺省路由,下一跳为Router的VLANIF201。
[SW2] ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
★配置AC到AP的路由,下一跳为SW2的VLANIF200 (AC和AP之间配置路由可达) 。
[AC] ip route-static 10.1.100.0 24 10.1.200.2
2. 配置DHCP服务,为AP和STA分配IP地址
★配置SW2作为DHCP服务器给AP和STA分配IP地址。AP和AC间为三层网络时需要通过配置Option 43向AP通告AC的IP地址。
[SW2] dhcp enable
[SW2] interface vlanif 100
[SW2-Vlanif100] dhcp select interface
[SW2-Vlanif100] dhcp server option 43 sub-option 3 ascii 10.1.200.1
[SW2-Vlanif100] quit
[SW2] interface vlanif 101
[SW2-Vlanif101] dhcp select interface
[SW2-Vlanif101] quit
[SW2] interface vlanif 102
[SW2-Vlanif102] dhcp select interface
[SW2-Vlanif102] quit
3. 配置AP上线
★创建AP组“guest”和“employee”。
[AC] wlan
[AC-wlan-view] ap-group name guest
[AC-wlan-ap-group-guest] quit
[AC-wlan-view] ap-group name employee
[AC-wlan-ap-group-employee] quit
★创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name guest
[AC-wlan-ap-group-guest] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-guest] quit
[AC-wlan-view] ap-group name employee
[AC-wlan-ap-group-employee] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-employee] quit
[AC-wlan-view] quit
★配置AC的源接口(即AC所在的VLAN)。
[AC] capwap source interface vlanif 200
★在AC上离线导入AP。将部署在前台大厅的AP加入到AP组“guest”,部署在办公区域的AP加入到AP组“employee”,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60ce-4256-8620的AP部署在办公区域,命名此AP为“office”。
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60da-5621-d160
[AC-wlan-ap-0] ap-name lobby
Warning: This operation may cause AP reset. Continue? [Y/N]y
[AC-wlan-ap-0] ap-group guest
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit
[AC-wlan-view] ap-id 1 ap-mac 60ce-4256-8620
[AC-wlan-ap-2] ap-name office
Warning: This operation may cause AP reset. Continue? [Y/N]y
[AC-wlan-ap-2] ap-group employee
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-2] quit
★将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。
[AC-wlan-view] display ap all
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
----------------------------------------------------------------------------------------------
0 60ce-4256-8620 office employee 10.1.100.253 AP4050 nor 0 2H:30M:1S
1 60da-5621-d160 lobby guest 10.1.100.254 AP4050 nor 0 2H:29M:29S
----------------------------------------------------------------------------------------------
Total: 2
4. 配置WLAN业务参数
★创建名为“guest”和“employee”的SSID模板,并分别配置SSID名称为“guest”和“employee”。
[AC-wlan-view] ssid-profile name guest
[AC-wlan-ssid-prof-guest] ssid guest
[AC-wlan-ssid-prof-guest] quit
[AC-wlan-view] ssid-profile name employee
[AC-wlan-ssid-prof-employee] ssid employee
[AC-wlan-ssid-prof-employee] quit
★创建名为“guest”和“employee”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用SSID模板。
[AC-wlan-view] vap-profile name guest
[AC-wlan-vap-prof-guest] forward-mode tunnel
[AC-wlan-vap-prof-guest] service-vlan vlan-id 101
[AC-wlan-vap-prof-guest] ssid-profile guest
[AC-wlan-vap-prof-guest] quit
[AC-wlan-view] vap-profile name employee
[AC-wlan-vap-prof-employee] forward-mode tunnel
[AC-wlan-vap-prof-employee] service-vlan vlan-id 102
[AC-wlan-vap-prof-employee] ssid-profile employee
[AC-wlan-vap-prof-employee] quit
★配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板的配置。
[AC-wlan-view] ap-group name guest
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 0
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 1
[AC-wlan-ap-group-guest] quit
[AC-wlan-view] ap-group name employee
[AC-wlan-ap-group-employee] vap-profile employee wlan 1 radio 0
[AC-wlan-ap-group-employee] vap-profile employee wlan 1 radio 1
[AC-wlan-ap-group-employee] quit
5. 配置AP射频的信道和功率
举例中AP射频的信道和功率仅为示例,实际配置中请根据AP的国家码和网规结果进行配置。
★ 关闭射频的信道和功率自动调优功能。射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效。
[AC-wlan-view] rrm-profile name default
[AC-wlan-rrm-prof-default] calibrate auto-channel-select disable
[AC-wlan-rrm-prof-default] calibrate auto-txpower-select disable
[AC-wlan-rrm-prof-default] quit
★配置AP射频0的信道和功率。
[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio 0
[AC-wlan-radio-0/0] channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0] eirp 127
[AC-wlan-radio-0/0] quit
★配置AP射频1的信道和功率。
[AC-wlan-ap-0] radio 1
[AC-wlan-radio-0/1] channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1] eirp 127
[AC-wlan-radio-0/1] quit
[AC-wlan-ap-0] quit
6. 验证配置结果
? WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid guest和display vap ssid employee查看如下信息,当“Status”项显示为“ON”时,表示AP对应的射频上的VAP已创建成功。
[AC-wlan-view] display vap ssid guest
WID : WLAN ID
--------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
--------------------------------------------------------------------------------
0 lobby 0 1 60da-5621-d160 ON OPEN 1 guest
0 lobby 1 1 60da-5621-d170 ON OPEN 0 guest
-------------------------------------------------------------------------------
Total: 2
[AC-wlan-view] display vap ssid employee
WID : WLAN ID
--------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
--------------------------------------------------------------------------------
1 office 0 1 60ce-4256-8620 ON WPA2-PSK 0 employee
1 office 1 1 60ce-4256-8630 ON WPA2-PSK 1 employee
-------------------------------------------------------------------------------
Total: 2
? STA搜索到名为“guest”和“employee”的无线网络,并正常关联后,在AC上执行display station ssid guest和display station ssid employee命令,可以查看到用户已经分别接入到无线网络“guest”和“employee”中。
[AC-wlan-view] display station ssid guest
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
------------------------------------------------------------------------------
28cd-12fd-2aad 0 lobby 0/1 2.4G 11n 2/4 -53 101 10.1.101.254
------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0
[AC-wlan-view] display station ssid employee
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
------------------------------------------------------------------------------
A116-2ec7-3e09 2 office 1/1 5G 11n 26/51 -61 102 10.1.103.254
------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1