网络拓扑:
配置思路:
操作步骤:
一、配置核心交换机
1、配置DHCP地址池
#AP业务网段-公网WIFI
[SW1]ip pool pool9
[SW1-ip-pool-pool9]network 192.168.9.0 mask 24
[SW1-ip-pool-pool9]gateway-list 192.168.9.254
[SW1-ip-pool-pool9]excluded-ip-address 192.168.9.252 192.168.9.253
[SW1-ip-pool-pool9]quit
[SW1]interface Vlanif 9
[SW1-Vlanif9]ip address 192.168.9.254 24
[SW1-Vlanif9]dhcp select global
[SW1-Vlanif9]quit
#AP业务网段-员工WIFI
[SW1]ip pool pool10
[SW1-ip-pool-pool10]network 192.168.10.0 mask 24
[SW1-ip-pool-pool10]gateway-list 192.168.10.254
[SW1-ip-pool-pool10]excluded-ip-address 192.168.10.252 192.168.10.253
[SW1-ip-pool-pool10]quit
[SW1]interface Vlanif 10
[SW1-Vlanif10]ip address 192.168.10.254 24
[SW1-Vlanif10]dhcp select global
[SW1-Vlanif10]quit2、配置上联接口
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/4]description connect to AC2
[SW1-GigabitEthernet0/0/4]quit
#连接AC接口
[SW1]interface Vlanif 5
[SW1-Vlanif5]ip address 192.168.5.2 24
[SW1-Vlanif5]quit3、配置下联接口
前文已经配置,省略
4、在核心A上配置DHCP中继,代理AC分配IP地址
[SW1]interface Vlanif 4
[SW1-Vlanif4]ip address 192.168.4.1 24
[SW1-Vlanif4]dhcp select relay
[SW1-Vlanif4]dhcp relay server-ip 192.168.5.1
[SW1-Vlanif4]quit二、配置AC
1、添加vlan
[AC6605]vlan batch 4 5
#AC与核心交换机的对接vlan
[AC6605]interface Vlanif 5
[AC6605-Vlanif5]ip address 192.168.5.1 24
[AC6605-Vlanif5]dhcp select global
[AC6605-Vlanif5]quit2、配置下联接口
[AC6605]interface GigabitEthernet 0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit3、配置AC到AP的路由,下一跳为核心A的vlan5
#vlan4是AP设备管理IP网段
[AC6605]ip route-static 192.168.4.0 24 192.168.5.24、在AC上创建全局地址池为AP提供地址
[AC6605]dhcp enable
[AC6605]ip pool huawei
[AC6605-ip-pool-huawei]network 192.168.4.0 mask 24
[AC6605-ip-pool-huawei]gateway-list 192.168.4.1
[AC6605-ip-pool-huawei]option 43 sub-option 3 ascii 192.168.5.1
[AC6605-ip-pool-huawei]quit
[AC6605]interface Vlanif 4
[AC6605-Vlanif4]dhcp select global
[AC6605-Vlanif4]quit5、配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中
[AC6605]wlan
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code cn
[AC6605-wlan-regulate-domain-default]quit
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group2]quit
[AC6605-wlan-view]quit
# 配置AC的源接口
[AC6605]capwap source interface Vlanif 5
# 在AC上离线导入AP,并将area_1和area_2分别加入AP组“ap-group1”和“ap-group2”中。假设AP的MAC地址为00e0-fcf3-1000,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为00e0-fcf3-1000的AP部署在1号区域,命名此AP为area_1。
[AC6605]wlan
[AC6605-wlan-view]ap auth-mode mac-auth
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fcf3-1000 #需要提前查看AP的MAC地址
[AC6605-wlan-ap-0]ap-name area_1 #如果没有跳转到这里,AP需要重启
[AC6605-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-0]quit
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc96-3c70
[AC6605-wlan-ap-1]ap-name area_2
[AC6605-wlan-ap-1]ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-1]quit
# 将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。
[AC6605-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
--------------------------------------------------------------------------------
--------------
ID MAC Name Group IP Type State STA Upti
me
--------------------------------------------------------------------------------
--------------
0 00e0-fc96-3c70 area_1 ap-group1 192.168.4.64 AP2050DN nor 1 52M:
30S
1 00e0-fcf3-1000 area_2 ap-group2 192.168.4.36 AP2050DN nor 2 48M:
7S
--------------------------------------------------------------------------------
--------------
Total: 2
6、配置WLAN业务参数
# 创建名为“wlan-net”的安全模板,并配置安全策略
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6605-wlan-sec-prof-wlan-net]quit
# 创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”
[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC6605-wlan-ssid-prof-wlan-net]quit
[AC6605-wlan-view]ssid-profile name wlan-public
[AC6605-wlan-ssid-prof-wlan-public]ssid wlan-public
[AC6605-wlan-ssid-prof-wlan-public]quit
# 创建名为“wlan-net1”和“wlan-net2”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板
[AC6605-wlan-view]vap-profile name wlan-net1
[AC6605-wlan-vap-prof-wlan-net1]service-vlan vlan-id 10
[AC6605-wlan-vap-prof-wlan-net1]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]ssid-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]quit
[AC6605-wlan-view]vap-profile name wlan-public
[AC6605-wlan-vap-prof-wlan-public]service-vlan vlan-id 9
[AC6605-wlan-vap-prof-wlan-public]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-public]ssid-profile wlan-public
[AC6605-wlan-vap-prof-wlan-public]quit
# 配置AP组引用VAP模板,area_1上射频0和射频1都使用VAP模板“wlan-net1”的配置,area_2上射频0和射频1都使用VAP模板“wlan-net2”的配置
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group2]quit
这是AP已经可以正常使用,如果需要优化就添加第7项配置内容
员工WIFI
公共WIFI
7、开启射频调优功能自动选择AP最佳信道和功率
# 在域管理模板下配置调优信道集合
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]dca-channel 2.4g channel-set 1,6,11
[AC6605-wlan-regulate-domain-default]dca-channel 5g bandwidth 20mhz
[AC6605-wlan-regulate-domain-default]dca-channel 5g channel-set 149,153,157,161
[AC6605-wlan-regulate-domain-default]quit
# 创建空口扫描模板“wlan-airscan”,并配置调优信道集合、扫描间隔时间和扫描持续时间
[AC6605-wlan-view]air-scan-profile name wlan-airscan
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-channel-set dca-channel
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-period 60
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-interval 60000
[AC6605-wlan-air-scan-prof-wlan-airscan]quit
# 创建2G射频模板“wlan-radio2g”,并在该模板下引用空口扫描模板“wlan-airscan”
[AC6605-wlan-view]radio-2g-profile name wlan-radio2g
[AC6605-wlan-radio-2g-prof-wlan-radio2g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-2g-prof-wlan-radio2g]quit
# 创建5G射频模板“wlan-radio5g”,并在该模板下引用空口扫描模板“wlan-airscan
[AC6605-wlan-view]radio-5g-profile name wlan-radio5g
[AC6605-wlan-radio-5g-prof-wlan-radio5g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-5g-prof-wlan-radio5g]quit
# 在名为“ap-group1”和“ap-group2”的AP组下引用5G射频模板“wlan-radio5g”和2G射频模板“wlan-radio2g”
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]quit8、验证配置结果
WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid wlan-net查看如下信息,当“Status”项显示为“ON”时,表示AP对应的射频上的VAP已创建成功
<AC6605>display vap all
Info: This operation may take a few seconds, please wait..
WID : WLAN ID
--------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
--------------------------------------------------------------------------------
0 area_1 0 1 00E0-FC96-3C70 ON WPA/WPA2-PSK 1 wlan-net
0 area_1 1 1 00E0-FC96-3C80 ON WPA/WPA2-PSK 0 wlan-net
1 area_2 0 1 00E0-FCF3-1000 ON WPA/WPA2-PSK 1 wlan-public
1 area_2 1 1 00E0-FCF3-1010 ON WPA/WPA2-PSK 1 wlan-public
--------------------------------------------------------------------------------
Total: 4
三、配置AP
1、查看APMAC
2、选择5G
至此整个中小企业网络架构基本配置完成,接下来到扩展优化配置
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/95236.html
