H3C无线基本配置实例

H3C ⽆线基本配置实例
h3c ⽆线控制器ac 配置
H3C WX3024H ⽆线AC
配置⽅法
AC 控制器配置：
在L3 switch 上开启DHCP server 功能，AP 、⽆线客户端Client 和有线客户端Host 都能通过DHCP server ⾃动获取IP 地址。

在L3 switch 和AC 上配置到达对端⽹段的静态路由。

在AC 上配置⽆线服务，确保Client 可以通过配置的⽆线服务接⼊⽹络。

配置注意事项
配置AP 的序列号时请确保该序列号与AP 唯⼀对应，AP 的序列号可以通过AP 设备背⾯的标签获取。

配置L3 switch 和AP 相连的接⼝禁⽌VLAN 1报⽂通过，以防⽌VLAN 1内报⽂过多。

1 配置AC
(1) 配置AC 的接⼝
# 创建VLAN 10及其对应的VLAN 接⼝，并为该接⼝配置IP 地址。

AP 将获取该IP 地址与AC 建⽴CAPWAP 隧道。

<AC> system-view
[AC] vlan 10
[AC-vlan10] quit
[AC] interface vlan-interface10
[AC-Vlan-interface10] ip address 10.152.1.6 255.255.255.0
[AC-Vlan-interface10] quit
# 创建VLAN 70，AC 需要使⽤该VLAN 转发⽆线客户端数据报⽂。

[AC] vlan 70
[AC-vlan70] quit
# 配置AC 和L3 switch 相连的接⼝GigabitEthernet1/0/1为Trunk 类型，禁⽌VLAN 1报⽂通过，允许VLAN 10和VLAN 70通过。

[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[AC-GigabitEthernet1/0/1] port trunk permit vlan 10 70
[AC-GigabitEthernet1/0/1] quit
(2)配置三层路由
# 配置AC 到10.152.7.0⽹段的静态路由，指定下⼀跳的IP 地址为10.152.1.2。

[AC] ip route-static 10.152.7.0.0 24 10.152.1.2
(3)配置⽆线服务
# 创建⽆线服务模板1，并进⼊⽆线服务模板视图。

[AC] wlan service-template 1
# 配置SSID 为Somidezoffice 。

[AC-wlan-st-1] ssid Somidezoffice
# 使能服务模板。

[AC-wlan-st-1] service-template enable
[AC-wlan-st-1] quit
(4)配置AP
# 创建⼿⼯AP1，名称为officeap1(增加⼀个ap ，增加⼀个名字)，型号名称为WA4320i-ACN 。

[AC] wlan ap officeap1 model WA4320i-ACN
# 设置AP 的序列号为210235A1GPC177000751。

[AC-wlan-ap-officeap1] serial-id 210235A1GPC177000751
# 创建⼿⼯AP2
[AC] wlan ap officeap2 model WA4320i-ACN
[AC-wlan-ap-officeap2] serial-id 210235A1GPC179001703
以此类推....
# 进⼊AP 的Radio 1视图，并将⽆线服务模板1绑定到Radio 1(5GHz)上，并指定客户端上线的VLAN 为VLAN 70。

[AC-wlan-ap-officeap1] radio 1
[AC-wlan-ap-officeap1-radio-1] service-template 1 vlan 70
# 开启Radio 1的射频功能。

[AC-wlan-ap-officeap1-radio-1] radio enable
[AC-wlan-ap-officeap1-radio-1] return
# 进⼊AP的Radio 2视图，并将⽆线服务模板1绑定到Radio 2(2.4GHz)上，并指定客户端上线的VLAN为VLAN 70。

[AC-wlan-ap-officeap1] radio 2
[AC-wlan-ap-officeap1-radio-2] service-template 1 vlan 70
# 开启Radio 1的射频功能。

[AC-wlan-ap-officeap1-radio-2] radio enable
[AC-wlan-ap-officeap1-radio-2] return
以此类推.....
# 开启mac⽩名单，只允许⽩名单内客户端通过密码认证
[H3C]wlan whitelist mac xxxx-xxxx-xxxx
AC配置命令：
sysname H3C
#
vlan 10
#
vlan 70
#
wlan service-template 1
ssid somidezoffice
service-template enable
#
#
interface Vlan-interface10
ip address 10.152.1.6 255.255.255.0
#
interface Vlan-interface70
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 70
#
line vty 0 4
authentication-mode scheme
user-role network-admin
protocol inbound ssh
#
ip route-static 10.152.7.0 24 10.152.1.2
#
snmp-agent
snmp-agent local-engineid 800063A28080F62E5885C000000001
snmp-agent community read somidez
snmp-agent sys-info version v2c v3
#
ssh server enable
#
local-user admin class manage
password simple Somidez_2018
service-type ssh https
authorization-attribute user-role network-admin
#
ip https enable
#
wlan ap 74ea-cbb4-7ac0 model WA4320i-ACN
serial-id 210235A1GPC177000751
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114080 model WA4320i-ACN
serial-id 210235A1GPC179001703
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114200 model WA4320i-ACN
serial-id 210235A1GPC179001715
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8116340 model WA4320i-ACN
serial-id 210235A1GPC179001981
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8117740 model WA4320i-ACN
serial-id 210235A1GPC179002141
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114c60 model WA4320i-ACN
serial-id 210235A1GPC179001798
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114e80 model WA4320i-ACN
serial-id 210235A1GPC179001815
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac81162c0 model WA4320i-ACN
serial-id 210235A1GPC179001977
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eacbb47ac0 model WA4320i-ACN
serial-id 210235A1GPC179000751
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan whitelist mac-address 3052-cb02-27ec
wlan whitelist mac-address d0fc-cc37-1604
三层交换机配置命令：
(1) 配置L3 switch的接⼝
# 创建VLAN 70和VLAN 10，并配置IP地址，⽤于转发AC和AP间的CAPWAP隧道内的流量。

<L3 switch> system-view
[L3 switch] vlan 10
[L3 switch-vlan10] quit
[L3 switch] interface vlan-interface 10
[L3 switch-Vlan-interface10] ip address 10.152.1.2 255.255.255.0
[L3 switch-Vlan-interface10] quit
[L3 switch] vlan 70
[L3 switch-vlan70] quit
[L3 switch] interface vlan-interface 70
[L3 switch-Vlan-interface70] ip address 10.152.7.1 255.255.255.0
[L3 switch-Vlan-interface70] quit
# 配置L3 switch和AC相连的接⼝GigabitEthernet1/0/1为Trunk类型，允
许VLAN10和VLAN 70通过。

[L3 switch] interface gigabitEthernet 1/0/1
[L3 switch-GigabitEthernet1/0/1] port link-type trunk
[L3 switch-GigabitEthernet1/0/1] port trunk permit vlan 10 70
[L3 switch-GigabitEthernet1/0/1] quit
# 配置L3 switch和AP相连的接⼝GigabitEthernet1/0/2为Trunk类型，允许所
有VLAN通过，当前Trunk⼝的PVID为70。

[L3 switch] interfac gigabitEthernet 1/0/2
[L3 switch-GigabitEthernet1/0/2] port link-type trunk
[L3 switch-GigabitEthernet1/0/2] port trunk permit vlan all
[L3 switch-GigabitEthernet1/0/2] port trunk pvid vlan 70
[L3 switch-GigabitEthernet1/0/2] quit
(2)配置DHCP server
# 开启DHCP server功能。

[L3 switch] dhcp enable
# 配置DHCP地址池vlan70为AP分配地址范围为10.152.7.0/24，⽹关地址
为10.152.7.1。

[L3 switch] dhcp server ip-pool vlan70
[L3 switch-dhcp-pool-vlan70] network 10.152.7.0mask 255.255.255.0
[L3 switch-dhcp-pool-1] gateway-list 10.152.7.1
# 配置DHCP Option43的内容为AC的⼗六进制IP地址。

[L3 switch-dhcp-pool-1] option 43 hex 80070000010a980106
[L3 switch-dhcp-pool-1] quit
继续AC控制器的界⾯话配置：
1. WiFi密码设置：
【⽹络】--【⽆线⽹络】--编辑该ssid
选择加密⽅式：
1. 【⽆线配置】--【AP管理】
2.1、默认关闭2.4ghzWiFi，开启2.4ghzwifi，【⽹络】--【AP管理】--【AP】
2.2、AP全局配置固化，全部开启
2.3、AP预配置
2.3.1、开启⾃动下发功能
⾄此，H3C AC控制器全部配置完成。