目录
项目背景
- 企业内网大量AP通过DHCP的方式获得IP地址。
- 为了实现后期大量AP的统一管理,希望通过AC实现集中控制。
- 在AC设备上,为了便于设备管理,按照统一的格式进行命名。
- 不同的无线终端,动态分配IP地址。
- 配置AC,为不同的AP下发不同的配置,确保可以发射无线信号。
- 实现不同无线终端互通,PC连接WIFI。
配置思路
一、配置AP获取IP地址
1、需求
- 企业的“无线网络”改造,使用“旁挂式”组网,确保可扩展性
- 无线控制器(AC)连接在核心交换机上,属于 VLAN 200
- AP连接在汇聚层交换机上,AP的管理IP地址属于 VLAN 100
- 企业内网中存在4个VLAN,分别服务于内网员工和外部人员
- AP的网关以及所有无线用户的终端的网关,都配置在核心交换机
- AP和无线用户终端的IP地址都是通过 DHCP 的方式获得
- 最终确保连接到不同AP的无线终端之间可以互通
2、步骤
1)配置SW2
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW2
[SW2]vlan batch 100 101 102 103 104
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]port-g
[SW2]port-group g
[SW2]port-group group-member g0/0/2 to g0/0/5
[SW2-port-group]port link-type trunk
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/4]port link-type trunk
[SW2-GigabitEthernet0/0/5]port link-type trunk
[SW2-port-group]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[SW2-port-group]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/2]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/3]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/4]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/5]port trunk pvid vlan 100
[SW2-port-group]q
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
2)配置DHCP中继(SW1)
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW1
[SW1]vlan batch 100 101 102 103 104 200 210
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]q
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 210
[SW1-GigabitEthernet0/0/1]q
[SW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW1]int Vlanif 100
[SW1-Vlanif100]ip address 192.168.100.254 24
[SW1-Vlanif100]dhcp select relay
[SW1-Vlanif100]dhcp relay server-ip 192.168.210.1
[SW1-Vlanif100]q
[SW1]int Vlanif 210
[SW1-Vlanif210]ip add 192.168.210.254 24
[SW1-Vlanif210]q
3)配置DHCP服务器
<Huawei>sy
[Huawei]sysname R1
[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip pool vlan100
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan100]network 192.168.100.0 mask 24
[R1-ip-pool-vlan100]gateway-list 192.168.100.254
[R1-ip-pool-vlan100]dns-list 8.8.8.8
[R1-ip-pool-vlan100]lease day 1
[R1-ip-pool-vlan100]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.210.1 24
[R1-GigabitEthernet0/0/0]dhcp select global
[R1-GigabitEthernet0/0/0]q
[R1]ip route-static 0.0.0.0 0 192.168.210.254
二、 实现AP自动注册
1、需求
- 企业内网的大量AP已经通过 DHCP 的方式获得 IP 地址
- 为了实现后期大量AP的统一管理,希望通过 AC 实现集中控制
- 在AC设备上,为了便于设备管理,按照统一的命名格式
2 、步骤
1)配置DHCP服务器,为AP 分配 AC 服务器的IP地址
<R1>sy
Enter system view, return user view with Ctrl+Z.
[R1]ip pool vlan100
[R1-ip-pool-vlan100]option 43 sub-option 3 ascii 192.168.200.1
2)配置网关,实现AC和AP互通
[SW1]int Vlanif 200
[SW1-Vlanif200]ip add 192.168.200.254 24
[SW1-Vlanif200]q
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 200
[SW1-GigabitEthernet0/0/3]q
<AC6605>sy
Enter system view, return user view with Ctrl+Z.
[AC6605]sysname AC
[AC]vlan 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC-vlan200]q
[AC]int g0/0/1
[AC-GigabitEthernet0/0/1]port link-type access
[AC-GigabitEthernet0/0/1]port default vlan 200
[AC-GigabitEthernet0/0/1]q
[AC]int Vlanif 200
[AC-Vlanif200]ip add 192.168.200.1 24
[AC-Vlanif200]q
[AC]ip route-static 0.0.0.0 0 192.168.200.254
3)配置AC,离线导入AP,实现AP注册
[AC]wlan
[AC-wlan-view]ap-group name nei
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-nei]q
[AC-wlan-view]ap-group name wai
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-wai]q
[AC-wlan-view]regulatory-domain-profile name china
[AC-wlan-regulate-domain-china]country-code cn
Info: The current country code is same with the input country code.
[AC-wlan-regulate-domain-china]q
[AC-wlan-view]ap-group name nei
[AC-wlan-ap-group-nei]regulatory-domain-profile china
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-nei]q
[AC-wlan-view]ap-group name wai
[AC-wlan-ap-group-wai]regulatory-domain-profile china
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-wai]q
[AC-wlan-view]ap-id 1 ap-mac 00e0-fcab-18a0
[AC-wlan-ap-1]ap-name nei-1
[AC-wlan-ap-1]ap-group nei
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-1]q
[AC-wlan-view]ap-id 2 ap-mac 00e0-fca1-2f50
[AC-wlan-ap-2]ap-name nei-2
[AC-wlan-ap-2]ap-group nei
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-2]q
[AC-wlan-view]ap-id 3 ap-mac 00e0-fc34-2680
[AC-wlan-ap-3]ap-name wai-1
[AC-wlan-ap-3]ap-group wai
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-3]q
[AC-wlan-view]ap-id 4 ap-mac 00e0-fc94-7170
[AC-wlan-ap-4]ap-name wai-2
[AC-wlan-ap-4]ap-group wai
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-4]q
[AC-wlan-view]q
[AC]capwap source interface Vlanif 200
[AC]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [4]
--------------------------------------------------------------------------------
-----------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------
-----------
1 00e0-fcab-18a0 nei-1 nei 192.168.100.253 AP4050DN-E nor 0 1M:42S
2 00e0-fca1-2f50 nei-2 nei 192.168.100.252 AP4050DN-E nor 0 16S
3 00e0-fc34-2680 wai-1 wai 192.168.100.251 AP4050DN-E nor 0 43S
4 00e0-fc94-7170 wai-2 wai 192.168.100.250 AP4050DN-E nor 0 57S
--------------------------------------------------------------------------------
-----------
Total: 4
三、配置WLAN业务参数
1 、需求
- 基于分配好的IP方案,为不同的无线终端,动态分配IP地址
- 配置AC,为不同的AP下发不同的配置,确保可以发射无线信号
- 实现不同的“无线终端”可以成功连接 AP ,并成功获得 IP 地址
- 实现不同的“无线终端”之间的互通
2、 步骤
1)配置AC上的相关业务参数(配置后如图)
[AC]wlan
[AC-wlan-view]ssid-profile name nei
[AC-wlan-ssid-prof-nei]ssid nei
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-nei]q
[AC-wlan-view]ssid-profile name wai
[AC-wlan-ssid-prof-wai]ssid wai
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-wai]q
[AC-wlan-view]security-profile name nei
[AC-wlan-sec-prof-nei]security wpa2 psk pass-phrase a123456789 aes
[AC-wlan-sec-prof-nei]q
[AC-wlan-view]security-profile name wai
[AC-wlan-sec-prof-wai]security wpa2 psk pass-phrase b123456789 aes
[AC-wlan-sec-prof-wai]q
[AC-wlan-view]q
[AC]vlan pool nei
[AC-vlan-pool-nei]vlan 101 102
[AC-vlan-pool-nei]q
[AC]vlan pool wai
[AC-vlan-pool-wai]vlan 103 104
[AC-vlan-pool-wai]q
[AC]wlan
[AC-wlan-view]vap-profile name nei
[AC-wlan-vap-prof-nei]ssid-profile nei
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-nei]security-profile nei
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-nei]service-vlan vlan-pool nei
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-nei]q
[AC-wlan-view]vap-profile name wai
[AC-wlan-vap-prof-wai]ssid-profile wai
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-wai]security-profile wai
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-wai]service-vlan vlan-pool wai
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-wai]q
[AC-wlan-view]ap-group name nei
[AC-wlan-ap-group-nei]vap-profile nei wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-nei]vap-profile nei wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-nei]q
[AC-wlan-view]ap-group name wai
[AC-wlan-ap-group-wai]vap-profile wai wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-wai]vap-profile wai wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
2)配置 DHCP 服务器,为无线终端用户分配IP地址
[R1]ip pool vlan101
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan101]network 192.168.101.0 mask 24
[R1-ip-pool-vlan101]gateway-list 192.168.101.254
[R1-ip-pool-vlan101]dns-list 8.8.8.8
[R1-ip-pool-vlan101]lease day 1
[R1-ip-pool-vlan101]q
[R1]ip pool vlan102
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan102]network 192.168.102.0 mask 24
[R1-ip-pool-vlan102]gateway-list 192.168.102.254
[R1-ip-pool-vlan102]dns-list 8.8.8.8
[R1-ip-pool-vlan102]lease day 1
[R1-ip-pool-vlan102]q
[R1]ip pool vlan103
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan103]network 192.168.103.0 mask 24
[R1-ip-pool-vlan103]gateway-list 192.168.103.254
[R1-ip-pool-vlan103]dns-list 8.8.8.8
[R1-ip-pool-vlan103]lease day 1
[R1-ip-pool-vlan103]q
[R1]ip pool vlan104
Info: It's successful to create an IP address pool.
[R1-ip-pool-vlan104]network 192.168.104.0 mask 24
[R1-ip-pool-vlan104]gateway-list 192.168.104.254
[R1-ip-pool-vlan104]dns-list 8.8.8.8
[R1-ip-pool-vlan104]lease day 1
[R1-ip-pool-vlan104]q
3)配置DHCP中继(SW1)
[SW1]vlan batch 101 102 103 104
[SW1]interface Vlanif 101
[SW1-Vlanif101]ip address 192.168.101.254 24
[SW1-Vlanif101]dhcp select relay
[SW1-Vlanif101]dhcp relay server-ip 192.168.210.1
[SW1-Vlanif101]quit
[SW1]interface Vlanif 102
[SW1-Vlanif102]ip address 192.168.102.254 24
[SW1-Vlanif102]dhcp select relay
[SW1-Vlanif102]dhcp relay server-ip 192.168.210.1
[SW1-Vlanif102]quit
[SW1]interface Vlanif 103
[SW1-Vlanif103]ip address 192.168.103.254 24
[SW1-Vlanif103]dhcp select relay
[SW1-Vlanif103]dhcp relay server-ip 192.168.210.1
[SW1-Vlanif103]quit
[SW1]interface Vlanif 104
[SW1-Vlanif104]ip address 192.168.104.254 24
[SW1-Vlanif104]dhcp select relay
[SW1-Vlanif104]dhcp relay server-ip 192.168.210.1
[SW1-Vlanif104]quit
本文含有隐藏内容,请 开通VIP 后查看