一、实验拓扑¶
二、实验需求¶
1、配置AP上线 2、配置有线网络侧互联互通
三、实验说明¶
1、AC采用旁挂组网方式,AC和AP处于同一个二层组网; 2、AC作为DHCP服务器给AP分配IP地址,S1作为DHCP服务器给接入的STA分配IP地址; 3、业务数据采用直接转发模式; 4、AP管理VLAN为VLAN100,STA业务VLAN为VLAN1O1; 5、AP的IP地址池:192.168.100.1-192.168.100.253/24 6、STA的地址池: 192.168.101.1-192.168.101.253/24 7、STA默认网关为192.168.101.254,AC的源接口IP地址:vlanif100(192.168.100.254/24) 8、AP组名称:ap-group1 9、AP组引用模板:VAP模板HCIA-wlan、域管理模板default 10、域管理模板名称:default 11、域管理模板国家码:CN 12、SSID模板名称:HCIA-WLAN 13、SSID名称:HCIA-WLAN 14、安全模板名称:HCIA-WLAN 15、安全模板安全策略:WPA-WPA2+PSK+AES 16、安全模板密码:HCIA-Datacom 17、VAP模板名称:HCIA-WLAN 18、VAP模板转发模式:直接转发 19、VAP模板业务VLAN:VLAN101 20、VAP模板引用模板:SSID模板HCIA-WLAN、安全模板HCIA- WLAN 21、S1创建的LoopBack口后续作测试用。
四、实验配置¶
1、设备命名
[AC6005]sysname AC
[Huawei]sysname S1
[Huawei]sysname S3
[Huawei]sysname S4
2、开启S3、S4连接AP接口的PoE供电功能
[S3]interface GigabitEthernet 0/0/4
[S3-GigabitEthernet0/0/4]poe enable
[S4]interface GigabitEthernet 0/0/4
[S4-GigabitEthernet0/0/4]poe enable
3、VLAN配置
[AC]vlan batch 100 101
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[S1]vlan batch 100 101
[S1]interface GigabitEthernet 0/0/10
[S1-GigabitEthernet0/0/10]port link-type trunk
[S1-GigabitEthernet0/0/10]port trunk allow-pass vlan 100 101
[S1-GigabitEthernet0/0/10]undo port trunk allow-pass vlan 1
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]port link-type trunk
[S1-GigabitEthernet0/0/13]port trunk allow-pass vlan 100 101
[S1-GigabitEthernet0/0/13]undo port trunk allow-pass vlan 1
[S1]interface GigabitEthernet 0/0/14
[S1-GigabitEthernet0/0/14]port link-type trunk
[S1-GigabitEthernet0/0/14]port trunk allow-pass vlan 100 101
[S1-GigabitEthernet0/0/14]undo port trunk allow-pass vlan 1
[S3]vlan batch 100 101
[S3]interface GigabitEthernet 0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S3-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[S3]interface GigabitEthernet 0/0/4
[S3-GigabitEthernet0/0/4]port link-type trunk
[S3-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101
[S3-GigabitEthernet0/0/4]port trunk pvid vlan 100
[S3-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1
[S4]vlan batch 100 101
[S4]interface GigabitEthernet 0/0/1
[S4-GigabitEthernet0/0/1]port link-type trunk
[S4-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S4-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[S4]interface GigabitEthernet 0/0/4
[S4-GigabitEthernet0/0/4]port link-type trunk
[S4-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 101
[S4-GigabitEthernet0/0/4]port trunk pvid vlan 100
[S4-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1
4、配置STA网关地址、AC源接口地址以及测试用到LoopBack地址
[AC]interface Vlanif 100
[AC-Vlanif100]ip address 192.168.100.254 24
[S1]interface Vlanif 101
[S1-Vlanif101]ip address 192.168.101.254 24
[S1]interface LoopBack 0
[S1-LoopBack0]ip address 10.0.1.1 32
5、DHCP配置
[AC]dhcp enable
[AC]ip pool ap
[AC-ip-pool-ap]network 192.168.100.0 mask 24
[AC-ip-pool-ap]gateway-list 192.168.100.254
[AC]interface Vlanif 100
[AC-Vlanif100]dhcp select global
[S1]dhcp enable
[S1]ip pool sta
[S1-ip-pool-sta]network 192.168.101.0 mask 24
[S1-ip-pool-sta]gateway-list 192.168.101.254
[S1]interface Vlanif 101
[S1-Vlanif101]dhcp select global
6、配置AP上线
(1)创建名为ap-group1的AP组
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
(2)创建域管理模板,在域管理模板下配置AC的国家码。缺省情况下,设备的国家码标识为"CN";缺省情况下,系统上存在名为default的域管理模板。
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code CN
(3)在AP组下引用域管理模板
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
(4)配置AC建立CAPWAP隧道的源接口,缺省情况下,AP认证模式为MAC地址认证。
[AC]capwap source interface Vlanif 100
(5)在AC上离线导入AP,并将AP加入配置好的AP组
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00E0-FCE5-7BD0
[AC-wlan-ap-0]ap-name ap1
[AC-wlan-ap-0]ap-group ap-group1
[AC-wlan-view]ap-id 1 ap-mac 00E0-FC43-1D80
[AC-wlan-ap-1]ap-name ap2
[AC-wlan-ap-1]ap-group ap-group1
7、配置WLAN业务参数 (1)创建名为"HCIA-WLAN"的安全模板,并配置安全策略
[AC-wlan-view]security-profile name HCIA-WLAN
[AC-wlan-sec-prof-HCIA-WLAN]security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
(2)创建名为"HCIA-WLAN"的SSID模板,并配置SSID名称为"HCIA-WLAN"
[AC-wlan-view]ssid-profile name HCIA-WLAN
[AC-wlan-ssid-prof-HCIA-WLAN]ssid HCIA-WLAN
(3)创建名为“HCIA-WLAN”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。缺省情况下,VAP模板下的数据转发方式为直接转发;
[AC-wlan-view]vap-profile name HCIA-WLAN
[AC-wlan-vap-prof-HCIA-WLAN]forward-mode direct-forward
[AC-wlan-vap-prof-HCIA-WLAN]service-vlan vlan-id 101 //用于配置VAP业务VLAN,当STA接入无线网络后,从AP转发出来的用户数据会带上service-VLAN的Tag
[AC-wlan-vap-prof-HCIA-WLAN]security-profile HCIA-WLAN
[AC-wlan-vap-prof-HCIA-WLAN]ssid-profile HCIA-WLAN
(4)配置AP组引用VAP模板
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile HCIA-WLAN wlan 1 radio all
8、STA上ping测试
STA>ping 10.0.1.1
Ping 10.0.1.1: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: bytes=32 seq=1 ttl=255 time=141 ms
From 10.0.1.1: bytes=32 seq=2 ttl=255 time=141 ms
From 10.0.1.1: bytes=32 seq=3 ttl=255 time=141 ms
From 10.0.1.1: bytes=32 seq=4 ttl=255 time=140 ms
From 10.0.1.1: bytes=32 seq=5 ttl=255 time=141 ms
9、AC上查看STA的信息
[AC]display station all
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP a
ddress SSID
5489-98fa-7474 1 ap2 0/1 2.4G - -/- - 101 192.
168.101.252 HCIA-WLAN
Total: 1 2.4G: 1 5G: 0
10、AC上查看AP的信息
[AC]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
ID MAC Name Group IP Type State STA Upt
ime
0 00e0-fce5-7bd0 ap1 ap-group1 192.168.100.45 AP9131DN nor 0 35M
:49S
1 00e0-fc43-1d80 ap2 ap-group1 192.168.100.238 AP9131DN nor 1 35M
:11S
Total: 2