目录
■无线WLAN配置
需求
1、配置隧道转发模式,完成AP上线,内部办公用户(VLAN101)能通过无线上网。
2、访客(VLAN102)能通过无线上网,配置为直接转发模式。隧道转发与直接转发过程如下图所示:
3、管理VLAN100,业务VAN101和102,VLAN101为内部用户提供上网服务(SSID:work),VLAN 102为访客提供上网服务(SSTD:guest)。AP通过AC DHCP自动获取 IP 192.168.100.0/24地址段的地址,用户通过SW1 DHCP自动分配对应网段的地址。
实验
SW1
<Huawei>system-view
[Huawei]sysname SW1
[SW1]vlan batch 101 102 200
[SW1]interface Gigabitethernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type access
[SW1-GigabitEthernet0/0/3] port default vlan 200
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-G1gabitEthernet0/0/2] port trunk allow-pass vlan all
[SW1-G1gabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SW1-Gigabitethernet0/0/1]quit
[SW1]dhcp enable
[SW1]interface vlanif 101
[SW1-vlanif101]ip add 192.168.101.254 24
[SW1-vlanif101]quit
[SW1]interface vlanif 102
[SW1-vlanif102]ip add 192.168.102.254 24
[SW1-vlanif102]quit
[SW1]interface vlanif 200
[SW1-vlanif200]ip add 192.168.200.1 30
[SW1-vlanif200]quit
[SW1]dhcp enable
[SW1]interface vlanif 101
[SW1-vlanif101]dhcp select interface
[SW1-vlanif101]quit
[SW1]interface vlanif 102
[SW1-vlanif102]dhcp select interface
[SW1-vlanif102]quit
[SW1]
[SW1]vlan 100
[SW1-vlan100]quit
[SW1]interface g0/0/1
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 102 100
[SW1-GigabitEthernet0/0/1]quit
[SW1]
Router
<Huawei>system-view
[Huawei]sysname Router
[Router]interface GigabitEthernet 0/0/0
[Router-GigabitEthernet0/0/0]ip add 192.168.200.2 30
[Router-GigabitEthernet0/0/0]quit
[Router]ip route-static 192.168.101.0 24 192.168.200.1
[Router]ip route-static 192.168.102.0 24 192.168.200.1
SW2
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan 100
[SW2-vlan100]quit
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/1]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/1]quit
[SW2]
[SW2]vlan 102
[SW2-vlan102]quit
[SW2]interface g0/0/1
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 102
[SW2-GigabitEthernet0/0/1]int g0/0/3
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 102
[SW2-GigabitEthernet0/0/3]quit
[SW2]
AC6605
<Huawei>system-view
[Huawei]sysname AC6605
[AC6605]vlan batch 100 101 102
[AC6605]interface GigabitEthernet 0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit
[AC6605]interface vlanif 100
[AC6605-vlanif100]ip add 192.168.100.254 24
[AC6605-vlanif100]quit
[AC6605]dhcp enable
[AC6605]interface vlanif 100
[AC6605-vlanif100]dhcp select interface
[AC6605-vlanif100]quit
[AC6605]wlan
[AC6605-wlan-view]regulatory-domain-profile name china
[AC6605-wlan-regulate-domain-china]country-code CN
[AC6605-wlan-regulate-domain-china]quit
[AC6605-wlan-view]ap-group name jiaoxue
[AC6605-wlan-ap-group-jiaoxue]regulatory-domain-profile china
[AC6605-wlan-ap-group-jiaoxue]quit
[AC6605-wlan-view]quit
[AC6605]capwap source interface vlanif 100
[AC6605]wlan
[AC6605-wlan-view]ap auth-mode mac-auth
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc3f-7500
[AC6605-wlan-ap-1]ap-name JX001
[AC6605-wlan-ap-1]ap-group jiaoxue
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]quit
[AC6605]display ap all
进行[SW1]vlan 100操作后。
[AC6605]display ap all
[AC6605]wlan
[AC6605-wlan-view]security-profile name sec_work
[AC6605-wlan-sec-prof-sec_work]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6605-wlan-sec-prof-sec_work]quit
[AC6605-wlan-view]quit
# 配置SSID
[AC6605]wlan
[AC6605-wlan-view]ssid-profile name profile_work
[AC6605-wlan-ssid-prof-profile_work]ssid work
[AC6605-wlan-ssid-prof-profile_work]quit
[AC6605-wlan-view]vap-profile name vap_work
[AC6605-wlan-vap-prof-vap_work]ssid-profile profile_work
[AC6605-wlan-vap-prof-vap_work]forward-mode tunnel
[AC6605-wlan-vap-prof-vap_work]service-vlan vlan-id 101
[AC6605-wlan-vap-prof-vap_work]security-profile sec_work
[AC6605-wlan-vap-prof-vap_work]quit
[AC6605-wlan-view]ap-group name jiaoxue
[AC6605-wlan-ap-group-jiaoxue]vap-profile vap_work wlan 1 radio 0
[AC6605-wlan-ap-group-jiaoxue]quit
[AC6605-wlan-view]quit
# 访客
[AC6605]wlan
[AC6605-wlan-view]ssid-profile name profile_guest
[AC6605-wlan-ssid-prof-profile_guest]ssid guest
[AC6605-wlan-ssid-prof-profile_guest]quit
[AC6605-wlan-view]vap-profile name vap_guest
[AC6605-wlan-vap-prof-vap_guest]forward-mode direct-forward
[AC6605-wlan-vap-prof-vap_guest]service-vlan vlan-id 102
[AC6605-wlan-vap-prof-vap_guest]security-profile sec_work
[AC6605-wlan-vap-prof-vap_guest]ssid-profile profile_guest
[AC6605-wlan-vap-prof-vap_guest]quit
[AC6605-wlan-view]ap-group name jiaoxue
[AC6605-wlan-ap-group-jiaoxue]vap-profile vap_guest wlan 2 radio all
至此,本文分享的内容就结束了。