wlan_旁挂
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
配置大型网络WLAN基本业务示例
组网需求
如图1,某企业AC连接通过SwitchB连接出口网关Router,并通过SwitchB和SwitchA连接AP。
通过WLAN部署,提供SSID为test和test1的无线网络方便用户随时随地接入。
网关Router作为DHCP 服务器为无线用户和AP提供IP地址。
用户希望能在尽可能少的更改现有组网架构的情况下,进行WLAN部署,AC只对AP进行集中管理,STA的业务数据不需要转发到AC上。
图1 配置大型网络WLAN基本业务组网图
表1 数据规划表
配置项数据WLAN服务不认证,不加密。
AC的源接口VLANIF200:172.16.100.2/24
AC Carrier ID/AC ID Other/1
表1 数据规划表
配置项数据AP域10
服务集∙SSID:test、test1
∙数据转发模式:直接转发
DHCP服务器Router作为DHCP服务器,为AP和STA分AP的网关VLANIF100:192.168.10.1/24
AP的IP地址池192.168.10.2~192.168.10.254/24
STA1的网关VLANIF101:192.168.11.1/24
STA1的IP地址池192.168.11.2~192.168.11.254/24
STA2的网关VLANIF102:192.168.12.1/24
STA2的IP地址池192.168.12.2~192.168.12.254/24
配置思路
采用如下的思路配置大型网络WLAN基本业务:
1.配置SwitchA和SwitchB,实现二层网络互通;配置SwitchB、Router和AC,实现三层网络
互通。
2.在Router上配置基于全局的DHCP服务器为AP和STA分配IP地址。
3.配置WLAN基本业务,保证用户能够通过WLAN网络接入Internet。
说明:
本配置中的SwitchA采用的是华为盒式交换机,SwitchB采用的是框式交换机。
操作步骤
1.配置网络互通
2.
# 配置SwitchA。
将接口GE0/0/1加入VLAN100(管理VLAN),允许VLAN101(业务VLAN)
的报文通过;将接口GE0/0/2加入VLAN100(管理VLAN),允许VLAN102(业务VLAN)的报
文通过;将接口GE0/0/3允许VLAN100、VLAN101和VLAN102的报文通过。
3.
说明:
4.
建议在SwitchA连接AP的接口GE0/0/1和GE0/0/2上配置端口隔离,如果不配置端口隔离,可能会在VLAN内存在不必要的广播报文,或者导致不同AP间的WLAN用户二层互通的问题。
5.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 100 101 102
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SwitchA-GigabitEthernet0/0/1] port-isolate enable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 102
[SwitchA-GigabitEthernet0/0/2] port-isolate enable
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 102
[SwitchA-GigabitEthernet0/0/3] quit
6.
# 配置SwitchB。
配置接口GE1/0/1允许VLAN100、VLAN101和VLAN102的报文通过,GE1/0/2允许VLAN200的报文通过,GE1/0/3允许VLAN201的报文通过。
7.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] vlan batch 100 101 102 200 201
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 102
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 200
[SwitchB-GigabitEthernet1/0/2] quit
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type trunk
[SwitchB-GigabitEthernet1/0/3] port trunk allow-pass vlan 201
[SwitchB-GigabitEthernet1/0/3] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 192.168.10.1 24
[SwitchB-Vlanif100] quit
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] ip address 192.168.11.1 24
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 102
[SwitchB-Vlanif101] ip address 192.168.12.1 24
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ip address 172.16.100.10 24
[SwitchB-Vlanif200] quit
[SwitchB] interface vlanif 201
[SwitchB-Vlanif201] ip address 172.16.101.10 24
[SwitchB-Vlanif201] quit
8.
# 配置AC连接SwitchB的接口Gigabitethernet0/0/1允许VLAN200的报文通过。
9.
<AC6605> system-view
[AC6605] sysname AC
[AC] vlan batch 101 102 200
[AC] interface vlanif 200
[AC-Vlanif200] ip address 172.16.100.2 24
[AC-Vlanif200] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 200
[AC-GigabitEthernet0/0/1] quit
10.
# 配置Router允许VLAN201的报文通过。
11.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 201
[Router] interface vlanif 201
[Router-Vlanif201] ip address 172.16.101.1 24
[Router-Vlanif201] quit
[Router] interface gigabitethernet 2/0/0
[Router-GigabitEthernet2/0/0] port link-type trunk
[Router-GigabitEthernet2/0/0] port trunk allow-pass vlan 201 [Router-GigabitEthernet2/0/0] quit
12.
# 配置Router到SwitchB的路由。
13.
[Router] ip route-static 192.168.10.0 24 172.16.101.10 [Router] ip route-static 192.168.11.0 24 172.16.101.10 [Router] ip route-static 192.168.12.0 24 172.16.101.10
14.
# 配置SwitchB的缺省路由,下一跳为Router的VLANIF201。
15.
[SwitchB] ip route-static 0.0.0.0 0.0.0.0 172.16.101.1
16.
# 配置AC到AP的路由,下一跳为SwitchB的VLANIF200。
17.
[AC] ip route-static 192.168.10.0 24 172.16.100.10
18.
19.
20.配置DHCP服务,为AP和STA分配IP地址
21.
# 配置SwitchB作为DHCP中继。
22.
[SwitchB] dhcp enable
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] dhcp select relay
[SwitchB-Vlanif100] dhcp relay server-ip 172.16.101.1
[SwitchB-Vlanif100] quit
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] dhcp select relay
[SwitchB-Vlanif101] dhcp relay server-ip 172.16.101.1
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 102
[SwitchB-Vlanif102] dhcp select relay
[SwitchB-Vlanif102] dhcp relay server-ip 172.16.101.1
[SwitchB-Vlanif102] quit
23.
# 配置由Router作为DHCP服务器给AP和STA分配IP地址。
24.
[Router] dhcp enable
[Router] ip pool ap
[Router-ip-pool-ap] network 192.168.10.0 mask 24
[Router-ip-pool-ap] gateway-list 192.168.10.1
[Router-ip-pool-ap] option 43 sub-option 3 ascii 172.16.100.2
[Router-ip-pool-ap] quit
[Router] ip pool sta1
[Router-ip-pool-sta1] network 192.168.11.0 mask 24
[Router-ip-pool-sta1] gateway-list 192.168.11.1
[Router-ip-pool-sta1] quit
[Router] ip pool sta2
[Router-ip-pool-sta2] network 192.168.12.0 mask 24
[Router-ip-pool-sta2] gateway-list 192.168.12.1
[Router-ip-pool-sta2] quit
[Router] interface vlanif 201
[Router-Vlanif201] dhcp select global
[Router-Vlanif201] quit
25.
26.
27.配置AC的系统参数
28.
# 配置AC的国家码。
29.
[AC] wlan ac-global country-code cn
Warning: Modify the country code may delete configuration on those AP which us e the global country code and reset them, are you sure to continue?[Y/N]:y
30.
# 配置AC ID和运营商标识。
31.
[AC] wlan ac-global ac id 1 carrier id other
32.
# 配置AC的源接口。
33.
[AC] wlan
[AC-wlan-view] wlan ac source interface vlanif 200
34.
35.
36.在AC上管理AP
37.
# 现场获取AP的MAC地址后,查看AP的设备类型ID。
38.
[AC-wlan-view] display ap-type all All AP types information: ------------------------------------------------------------------------------
ID Type
------------------------------------------------------------------------------
17 AP6010SN-GN
19AP6010DN-AGN
21 AP6310SN-GN
23 AP6510DN-AGN
25 AP6610DN-AGN
27 AP7110SN-GN
28 AP7110DN-AGN
29 AP5010SN-GN
30 AP5010DN-AGN
31 AP3010DN-AGN
33 AP6510DN-AGN-US
34 AP6610DN-AGN-US
------------------------------------------------------------------------------
Total number: 12
39.
# 根据查询到的AP设备类型ID,离线添加AP。
假设AP的类型为AP6010DN-AGN,其MAC地
址分别为60de-4476-e360和dcd2-fc04-b500。
40.
[AC-wlan-view] ap-auth-mode mac-auth
[AC-wlan-view] ap id 0 type-id 19 mac 60de-4476-e360
[AC-wlan-ap-0] quit
[AC-wlan-view] ap id 1 type-id 19 mac dcd2-fc04-b500
[AC-wlan-ap-1] quit
41.
说明:
42.
ap-auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行
ap-auth-mode mac-auth。
43.
# 配置AP域并将AP加入到AP域。
44.
[AC-wlan-view] ap-region id 10
[AC-wlan-ap-region-10] quit
[AC-wlan-view] ap id 0
[AC-wlan-ap-0] region-id 10
[AC-wlan-ap-0] quit
[AC-wlan-view] ap id 1
[AC-wlan-ap-1] region-id 10
[AC-wlan-ap-1] quit
45.
# 将AP上电后,可以查看到AP的“AP State”字段为“normal”。
46.
[AC-wlan-view] display ap all All AP information: Normal[2],Fault[0],Commit-failed[0],Committing[0],Config[0]
Config-failed[0],Download[0],Standby[0],Type-not-match[0]
------------------------------------------------------------------------------
AP AP AP Profile AP AP
/Region
ID Type MAC ID State Sysname
------------------------------------------------------------------------------
0 AP6010DN-AGN 60de-4476-e360 0/10 normal ap-0
1 AP6010DN-AGN dcd2-fc04-b500 0/10 normal ap-1
------------------------------------------------------------------------------ Total number: 2,printed: 2
47.
48.
49.配置WLAN业务参数
50.
# 创建名为“wmm”的WMM模板,参数采用默认配置。
51.
[AC-wlan-view] wmm-profile name wmm id 1
[AC-wlan-wmm-prof-wmm] quit
52.
# 创建名为“radio”的射频模板,绑定WMM模板“wmm”。
53.
[AC-wlan-view] radio-profile name radio id 1
[AC-wlan-radio-prof-radio] wmm-profile name wmm
[AC-wlan-radio-prof-radio] quit
[AC-wlan-view] quit
54.
# 创建WLAN-ESS接口。
55.
[AC] interface wlan-ess 0
[AC-WLAN-ESS0] port hybrid pvid vlan 101
[AC-WLAN-ESS0] port hybrid untagged vlan 101
[AC-WLAN-ESS0] quit
[AC] interface wlan-ess 1
[AC-WLAN-ESS1] port hybrid pvid vlan 102
[AC-WLAN-ESS1] port hybrid untagged vlan 102
[AC-WLAN-ESS1] quit
56.
# 创建名为“security”的安全模板,参数采用默认配置,即开放认证、不加密。
57.
[AC] wlan
[AC-wlan-view] security-profile name security id 1
[AC-wlan-sec-prof-security] quit
58.
# 创建名为“traffic”的流量模板,参数采用默认配置。
59.
[AC-wlan-view] traffic-profile name traffic id 1
[AC-wlan-traffic-prof-traffic] quit
60.
# 创建名为“test”和“test1”的服务集并绑定WLAN-ESS接口、安全模板和流量模板。
61.
[AC-wlan-view] service-set name test id 1
[AC-wlan-service-set-test] ssid test
[AC-wlan-service-set-test] wlan-ess 0
[AC-wlan-service-set-test] security-profile name security
[AC-wlan-service-set-test] traffic-profile name traffic
[AC-wlan-service-set-test] service-vlan 101
[AC-wlan-service-set-test] forward-mode direct
[AC-wlan-service-set-test] quit
[AC-wlan-view] service-set name test1 id 2
[AC-wlan-service-set-test1] ssid test1
[AC-wlan-service-set-test1] wlan-ess 1
[AC-wlan-service-set-test1] security-profile name security
[AC-wlan-service-set-test1] traffic-profile name traffic
[AC-wlan-service-set-test1] service-vlan 102
[AC-wlan-service-set-test1] forward-mode direct
[AC-wlan-service-set-test1] quit
62.
63.
64.配置VAP并下发
65.
# 配置VAP。
66.
[AC-wlan-view] ap 0 radio 0
[AC-wlan-radio-0/0] radio-profile name radio
Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y
[AC-wlan-radio-0/0] service-set name test
[AC-wlan-radio-0/0] quit
[AC-wlan-view] ap 1 radio 0
[AC-wlan-radio-1/0] radio-profile name radio
Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y
[AC-wlan-radio-1/0] service-set name test1
[AC-wlan-radio-1/0] quit
67.
# 提交配置。
68.
[AC-wlan-view] commit all
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
69.
70.
71.验证配置结果
72.
配置完成后,通过display vap ap 0 radio 0命令,可以查看到VAP已创建成功。
73.
[AC-wlan-view] display vap ap 0 radio 0
All VAP Information(Total-1):
SS: Service-set BP: Bridge-profile MP: Mesh-profile
----------------------------------------------------------------------
AP ID Radio ID SS ID BP ID MP ID WLAN ID BSSID Type
0 0 1 - - 1 60DE-4476-E360 service
----------------------------------------------------------------------
Total: 1
74.
STA搜索到名为“test”或“test1”的无线网络并正常关联后,在AC上执行display station assoc-info命令,可以查看到用户已经接入到无线网络“test”和“test1”中。
75.
[AC-wlan-view] display station assoc-info ap 0 radio 0
------------------------------------------------------------------------------ STA MAC AP-ID RADIO-ID SS-ID SSID
------------------------------------------------------------------------------ 9021-55dc-3e68 0 0 1 test
------------------------------------------------------------------------------ Total stations: 1
76.
[AC-wlan-view] display station assoc-info ap 1 radio 0
------------------------------------------------------------------------------ STA MAC AP-ID RADIO-ID SS-ID SSID
------------------------------------------------------------------------------ 9021-55dc-3e17 1 0 2 test1
------------------------------------------------------------------------------ Total stations: 1
77.。