huawei AC+AP无线网络配置

huawei 无线网络配置

二层AC

AP上线配置
配置AC源地址                    capwap source interfaceVlanif1   
进入配置界面                  wlan     
AC认证方式                       ap auth-mode mac-auth
添加AP  默认在default组内        ap-id 0 ap-mac 00e0-fcc2-57f0     
查看全部ap状态 idle 初始化  nor正常上线状态    fault 离线    display ap all            

配置管理域模板   regulatory-domain-profile name huawei 
    配置国家代码  country-code CN    不同国家无线频率不一样
配置安全模板        security-profile name huawei 
    配置加密方式密码   security wpa-wpa2 psk pass-phrase 12345678 aes
配置SSID模板                ssid-profile name huawei
    配置无线SSID          ssid wifiname   WiFi名称
配置vap模板                vap-profile name huawei 
    配置转发模式            forward-mode direct-forward        direct-forward直接转发   softgre云AP        tunnel 隧道转发         
    配置业务VLAN        service-vlan vlan-id 10
    调用安全模板            security-profile huawei
    调用SSID模板            ssid-profile huawei

创建AP组        ap-group  name work
    进入AP        ap-id 0     
    加入AP组    ap-group work
    修改AP名    ap-name ap1
    调用域管理模板    regulatory-domain-profile huawei
    配置射频信号        vap-profile huawei wlan 1 radio all 

下面是部分代码
[AC6005]capwap source interface Vlanif 1
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-id 1 ap-mac 00e0-fc7f-0ea0
[AC6005]display ap all
[AC6005-wlan-view]regulatory-domain-profile name huawei
[AC6005-wlan-regulate-domain-huawei]country-code CN
[AC6005-wlan-view]security-profile name huawei
[AC6005-wlan-view]ssid-profile name huawei
[AC6005-wlan-ssid-prof-huawei]ssid wifiname
[AC6005-wlan-view]vap-profile name huawei
[AC6005-wlan-vap-prof-huawei]forward-mode direct-forward
[AC6005-wlan-vap-prof-huawei]service-vlan vlan-id 10
[AC6005-wlan-vap-prof-huawei]security-profile huawei
[AC6005-wlan-vap-prof-huawei]ssid-profile huawei
[AC6005-wlan-view]ap-group name work
[AC6005-wlan-ap-group-work]vap-profile huawei wlan 1 radio all
[AC6005-wlan-view]ap-id 0
[AC6005-wlan-ap-0]ap-group work
[AC6005-wlan-ap-0]ap-name ap1

实验证明不分旁挂式和直连式 所有配置在最后
管理地址不建议使用vlan1 因为任何一电脑接入都会获取到管理地址同一网段。
可在连接每个AP的接口上打上其他网段的PVID

配置文件如下

R1

interface Ethernet0/0/0
 ip address 21.1.1.1255.255.255.0
interface Ethernet0/0/1
 ip address 12.1.1.1255.255.255.0
ip route-static0.0.0.00.0.0.012.1.1.2
ip route-static10.1.0.0255.255.0.021.1.1.2

R2

interface Ethernet0/0/0
 ip address 12.1.1.2255.255.255.0
interface LoopBack0
 ip address 2.2.2.2255.255.255.0
ip route-static0.0.0.00.0.0.012.1.1.1

LSW1

vlan batch 1020 to 2130
ip pool work10
 gateway-list 10.1.1.1
 network 10.1.1.0 mask 255.255.255.0
 dns-list 8.8.8.8
ip pool work20
 network 10.1.2.0 mask 255.255.255.0
 dns-list 8.8.8.8
interface Vlanif10
 ip address 10.1.1.1255.255.255.0
 dhcp select global
interface Vlanif20
 ip address 10.1.2.1255.255.255.0
 dhcp select global
interface Vlanif21
 ip address 21.1.1.2255.255.255.0
interface Vlanif30
 ip address 10.1.30.1255.255.255.0
 dhcp select interface
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 21
ip route-static0.0.0.00.0.0.021.1.1.1

LSW2

vlan batch 102030
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 30
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

AC

vlan batch 3102030
interface Vlanif3
 ip address 192.168.0.9255.255.255.0
interface Vlanif30
 ip address 10.1.30.2255.255.255.0
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 30
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 3
capwap source interface vlanif30
wlan
 security-profile name cisco
  security wpa-wpa2 psk pass-phrase %^%#B^%X'-dygMX+&l'yw&KE/VW@;2)r]#]H`>J!(B3B
%^%# aes
 security-profile name huawei
  security wpa-wpa2 psk pass-phrase %^%#VQnQRJ\>p~#bxPC|0cULmv|51c~JzW9kiF78=rV4
%^%# aes
 ssid-profile name cisco
  ssid cisco
 ssid-profile name huawei
  ssid wifiname
 vap-profile name cisco
  service-vlan vlan-id 20
  ssid-profile cisco
  security-profile cisco
 vap-profile name huawei
  service-vlan vlan-id 10
  ssid-profile huawei
  security-profile huawei
 regulatory-domain-profile name huawei
 ap-group name work
  regulatory-domain-profile huawei
  radio 0
   vap-profile huawei wlan 1
   vap-profile cisco wlan 2
  radio 1
   vap-profile huawei wlan 1
   vap-profile cisco wlan 2
  radio 2
   vap-profile huawei wlan 1
   vap-profile cisco wlan 2
  ap-id 0 type-id 56 ap-mac 00e0-fcc2-57f0 ap-sn 2102354483104F519A66
  ap-name ap1
  ap-group work
 ap-id 1 type-id 56 ap-mac 00e0-fc7f-0ea0 ap-sn 210235448310F080403D
  ap-name ap2
  ap-group work

三层AC

三层AC管理地址有两个
一个是AC管理地址 vlanif3 AC需要保证路由可达
一个是给AP分配地址 vlanif10 需要在DHCP地址池指定AC地址 option 43 ascii 10.1.3.2

配置如下

R1

interface Ethernet0/0/0
 ip address 11.1.1.1255.255.255.0
interface Ethernet0/0/1
 ip address 2.2.2.1255.255.255.0
ip route-static0.0.0.00.0.0.02.2.2.2
ip route-static10.0.0.0255.0.0.011.1.1.2

R2

interface Ethernet0/0/0
 ip address 2.2.2.2255.255.255.0
interface LoopBack0
 ip address 3.3.3.3255.255.255.0
ip route-static0.0.0.00.0.0.02.2.2.1

LSW1

vlan batch 2 to 310 to 1120
dhcp enable
ip pool 1
 gateway-list 10.1.1.1
 network 10.1.1.0 mask 255.255.255.0
 dns-list 8.8.8.8
 option 43 ascii 10.1.3.2
ip pool 20
 gateway-list 10.1.2.1
 network 10.1.2.0 mask 255.255.255.0
 dns-list 8.8.8.8
interface Vlanif3
 ip address 10.1.3.2255.255.255.0
interface Vlanif10
 ip address 10.1.1.1255.255.255.0
 dhcp select global
interface Vlanif11
 ip address 11.1.1.2255.255.255.0
interface Vlanif20
 ip address 10.1.2.1255.255.255.0
 dhcp select global
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
ip route-static0.0.0.00.0.0.011.1.1.1

LSW2

vlan batch 10 to 1120
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

AC

vlan batch 31020
interface Vlanif3
 ip address 10.1.3.1255.255.255.0
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
ip route-static0.0.0.00.0.0.010.1.3.2
capwap source interface vlanif3
wlan
 security-profile name huaweiwifi
  security wpa-wpa2 psk pass-phrase %^%#!mOW*,2vM89N6RN4;G#O^.uQ01s|b~4${<'GWK`E
%^%# aes
 ssid-profile name huaweiwifi
  ssid huaweiwifi
 vap-profile name huaweiwifi
  service-vlan vlan-id 20
  ssid-profile huaweiwifi
  security-profile huaweiwifi
 ap-group name group1
  radio 0
   vap-profile huaweiwifi wlan 1
  radio 1
   vap-profile huaweiwifi wlan 1
  radio 2
   vap-profile huaweiwifi wlan 1
 ap-group name default
 ap-id 0 type-id 47 ap-mac 00e0-fc81-7bb0 ap-sn 210235448310E80AE10D
  ap-name ap1
  ap-group group1