华为ENSP中AP与AC的配置教程
2022/06/02 16:55:40
1、配置交换机
[sw1]vlan 100
[sw1]port-group group-member g0/0/1 to g0/0/5
[sw1-port-group]port link-type trunk
[sw1-port-group]port trunk pvid vlan 100
[sw1-port-group]port trunk allow-pass vlan all
2、配置核心交换机
[sw2]vlan batch 100 210
[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[sw2-GigabitEthernet0/0/1]port trunk pvid vlan 100
[sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw2-GigabitEthernet0/0/1]int g0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/2]port default vlan 210
[sw2]int Vlanif 100
[sw2-Vlanif100]ip address 192.168.100.1 24
[sw2-Vlanif100]int vlanif 201
[sw2-Vlanif201]ip address 192.168.210.254 24
3、配置DHCP服务器
[dhcp]dhcp enable
[dhcp]ip pool vlan100
[dhcp-ip-pool-vlan100]network 192.168.100.0 mask 24
[dhcp-ip-pool-vlan100]gateway-list 192.168.100.1
[dhcp]int g0/0/0
[dhcp-GigabitEthernet0/0/0]ip address 192.168.210.1 24
[dhcp-GigabitEthernet0/0/0]dhcp select global
4、启动ap1,查看是否能获得IP地址;
<Huawei>display ip int brief
5、配置DHCP中继代理
[sw2]dhcp enable
[sw2]int Vlanif 100
[sw2-Vlanif100]dhcp select relay
[sw2-Vlanif100]dhcp relay server-ip 192.168.210.1
6、重启ap,查看是否能够获得IP地址;
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]shutdown
[Huawei-GigabitEthernet0/0/0]undo shutdown
<Huawei>reboot
7、为DHCP服务器设置默认路由
[dhcp]ip route-static 0.0.0.0 0 192.168.210.254
--------------------------------------------------
*********所有的设备综合配置**************************
SW1配置:
undo terminal monitor
system-view
sysname SW1
vlan 100
q
port-group group-member g0/0/1 to g0/0/5
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan all
SW2配置:
undo terminal monitor
system-view
sysname SW2
vlan batch 100 210
int vlanif100
ip add 192.168.100.1 24
quit
int vlanif210
ip add 192.168.210.254 24
quit
int g0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan all
quit
int g0/0/2
port link-type access
port default vlan 210
quit
int vlanif100
dhcp select relay
dhcp relay server-ip 192.168.210.1
DHCP配置:
undo terminal monitor
system-view
sysname DHCP
dhcp enable
int g0/0/0
ip add 192.168.210.1 24
dhcp select global
quit
ip pool vlan100
network 192.168.100.0 mask 24
gateway-list 192.168.100.1
dns-list 100.100.100.100
quit
ip route-static 0.0.0.0 0 192.168.210.254
配置企业无线网络阶段二:让AP向AC注册
1、配置AC服务器
[AC6605]vlan 200
[AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type access
[AC6605-GigabitEthernet0/0/1]port default vlan 200
[AC6605]int Vlanif 200
[AC6605-Vlanif200]ip address 192.168.200.2 24
[AC6605]ip route-static 0.0.0.0 0 192.168.200.1
undo terminal monitor
system-view
sysname AC
vlan 200
quit
int g0/0/1
port link-type access
port default vlan 200
quit
int vlanif200
ip add 192.168.200.2 24
quit
ip route-static 0.0.0.0 0 192.168.200.1
capwap source interface Vlanif 200
2、配置核心交换添加vlan200
sw2:
vlan 200
int g0/0/3
port link-type access
port default vlan 200
int vlanif 200
ip address 192.168.200.1 24
3、配置DHCP服务器为客户端分配置AC服务器的地址
ip pool vlan100
option 43 sub-option 3 ascii 192.168.200.2
[dhcp]ip pool vlan100
[dhcp-ip-pool-vlan100]option 43 sub-option 3 ascii 192.168.200.2
option 43:所有其它服务器
sub-option 3:代表AC服务器
ascii:ascii编码
192.168.200.2 :AC服务器的IP地址
4、重启AP,让AP获得AC服务器地址;
5、配置AC服务器,允许AP注册;
1)指定capwap协议的信令源地址
[AC6605]capwap source interface Vlanif 200 //指定capwap协议的信令源地址
2)指定AC的验证方式为MAC地址验证 最容易出错(忘记配置)
[AC-wlan-view]ap auth-mode mac-auth
查看ap mac地址:
<Huawei>display int g0/0/0
#创建 AP-group,为的是后期对大量AP进行批量管理
[AC6605-wlan-view]ap-group name guest
[AC6605-wlan-ap-group-guest]quit
[AC6605-wlan-view]ap-group name yuangong
[AC6605-wlan-ap-group-yuangong]quit
#创建 “域配置文件”,指定的是 AP 所使用的是哪个国家的无线频率范围;
[AC6605-wlan-view]regulatory-domain-profile name China
[AC6605-wlan-regulate-domain-China]country-code CN
[AC6605-wlan-regulate-domain-China]quit
#将配置好的“域配置文件”关联到每一个 ap-group ;
[AC6605-wlan-view]ap-group name guest
[AC6605-wlan-ap-group-guest]regulatory-domain-profile China
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6605-wlan-ap-group-guest]quit
[AC6605-wlan-view]ap-group name yuangong
[AC6605-wlan-ap-group-yuangong]regulatory-domain-profile China
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6605-wlan-ap-group-yuangong]quit
#在 AC 上手动添加 ap (基于MAC地址进行注册)
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fcb6-4850 [是要自己查看的]
[AC6605-wlan-ap-1]ap-name guest-1 [为了区分设备上的多个ap,取的名字]
[AC6605-wlan-ap-1]ap-group guest [为ap指定所加入的 ap-group]
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcee-0670
[AC6605-wlan-ap-2]ap-name guest-2
[AC6605-wlan-ap-2]ap-group guest
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-2]quit
[AC6605-wlan-view]ap-id 3 ap-mac 00e0-fc44-6910
[AC6605-wlan-ap-3]ap-name yuangong-1
[AC6605-wlan-ap-3]ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-3]quit
[AC6605-wlan-view]ap-id 4 ap-mac 00e0-fcc9-22f0
[AC6605-wlan-ap-4]ap-name yuangong-2
[AC6605-wlan-ap-4]ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-4]quit
6、在ap上验证是否注册成功
===== CAPWAP LINK IS UP!!! =====
ap注册成功后会自动重启
ap注册成功后主机名会自动更改
7、在ac上验证ap是否注册成功
[AC]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [4]
--------------------------------------------------------------------------------
-------------------
ID MAC Name Group IP Type State ST
A Uptime
--------------------------------------------------------------------------------
-------------------
1 00e0-fcd4-01b0 guest-1 guest 192.168.100.254 AP4050DN-E nor 0
3M:49S
2 00e0-fc74-3e20 guest-2 guest 192.168.100.251 AP4050DN-E nor 0
3M:50S
3 00e0-fc6d-7d30 yuangong-1 yuangong 192.168.100.253 AP4050DN-E nor 0
4M:1S
4 00e0-fcb2-03f0 yuangong-2 yuangong 192.168.100.252 AP3030DN nor 0
4M:2S
--------------------------------------------------------------------------------
-------------------
Total: 4
状态应该为 :nor
************阶段二的:AC此步骤的全部配置************
wlan
ap-group name guest
quit
ap-group name yuangong
quit
regulatory-domain-profile name China
country-code CN
quit
ap-group name guest
regulatory-domain-profile China
y
quit
ap-group name yuangong
regulatory-domain-profile China
y
quit
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fcd4-01b0
ap-name guest-1
ap-group guest
y
quit
ap-id 2 ap-mac 00e0-fc74-3e20
ap-name guest-2
ap-group guest
y
quit
ap-id 3 ap-mac 00e0-fc6d-7d30
ap-name yuangong-1
ap-group yuangong
y
quit
ap-id 4 ap-mac 00e0-fcb2-03f0
ap-name yuangong-2
ap-group yuangong
y
quit
配置企业无线网络阶段三:让AC为AP分配无线参数
1、创建vlan地址池
[AC]vlan pool sta-pool1
[AC-vlan-pool-sta-pool1]vlan 101 102
[AC-vlan-pool-sta-pool1]quit
[AC]vlan pool sta-pool2
[AC-vlan-pool-sta-pool2]vlan 103 104
[AC-vlan-pool-sta-pool2]quit
2、设置加密配置文件,为AP分配无线密码;
[AC-wlan-view]security-profile name guest
[AC-wlan-sec-prof-guest]security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-guest]quit
[AC-wlan-view]security-profile name yuangong
[AC-wlan-sec-prof-yuangong]security wpa2 psk pass-phrase b1234567 aes
[AC-wlan-sec-prof-yuangong]quit
3、设置ssid名称,为AP分配无线信号的名称;
[AC-wlan-view]ssid-profile name guest
[AC-wlan-ssid-prof-guest]ssid guest
[AC-wlan-ssid-prof-guest]quit
[AC-wlan-view]ssid-profile name yuangong
[AC-wlan-ssid-prof-yuangong]ssid yuangong
[AC-wlan-ssid-prof-yuangong]quit
4、创建无线客户端访问模板,关联以上三个参数;
[AC-wlan-view]vap-profile name guest
[AC-wlan-vap-prof-guest]service-vlan vlan-pool sta-pool1
[AC-wlan-vap-prof-guest]security-profile guest
[AC-wlan-vap-prof-guest]ssid-profile guest
[AC-wlan-vap-prof-guest]quit
[AC-wlan-view]vap-profile name yuangong
[AC-wlan-vap-prof-yuangong]service-vlan vlan-pool sta-pool2
[AC-wlan-vap-prof-yuangong]security-profile yuangong
[AC-wlan-vap-prof-yuangong]ssid-profile yuangong
[AC-wlan-vap-prof-guest]quit
5、为ap开启无线信号
[AC-wlan-view]ap-group name guest
[AC-wlan-ap-group-guest]vap-profile guest wlan 1 radio 0
[AC-wlan-ap-group-guest]vap-profile guest wlan 1 radio 1
[AC-wlan-view]ap-group name yuangong
[AC-wlan-ap-group-yuangong]vap-profile yuangong wlan 1 radio 0
[AC-wlan-ap-group-yuangong]vap-profile yuangong wlan 1 radio 1
6、创建客户端所在的vlan
[sw1]vlan batch 101 102 103 104
[sw2]vlan batch 101 102 103 104
7、为核心交换机设置vlan虚接口IP地址
[sw2]int Vlanif 101
[sw2-Vlanif101]ip address 192.168.101.1 24
[sw2]int Vlanif 102
[sw2-Vlanif101]ip address 192.168.102.1 24
[sw2]int Vlanif 103
[sw2-Vlanif101]ip address 192.168.103.1 24
[sw2]int Vlanif 104
[sw2-Vlanif101]ip address 192.168.104.1 24
8、为4个vlan创建dhcp地址池
[dhcp]ip pool vlan101
[dhcp-ip-pool-vlan101]network 192.168.101.0 mask 24
[dhcp-ip-pool-vlan101]gateway-list 192.168.101.1
[dhcp]ip pool vlan102
[dhcp-ip-pool-vlan102]network 192.168.102.0 mask 24
[dhcp-ip-pool-vlan102]gateway-list 192.168.102.1
[dhcp]ip pool vlan103
[dhcp-ip-pool-vlan103]network 192.168.103.0 mask 24
[dhcp-ip-pool-vlan103]gateway-list 192.168.103.1
[dhcp]ip pool vlan104
[dhcp-ip-pool-vlan104]network 192.168.104.0 mask 24
[dhcp-ip-pool-vlan104]gateway-list 192.168.104.1
9、配置中继代理
[sw2]int Vlanif 101
[sw2-Vlanif101]dhcp select relay
[sw2-Vlanif101]dhcp relay server-ip 192.168.201.2
[sw2]int Vlanif 102
[sw2-Vlanif102]dhcp select relay
[sw2-Vlanif102]dhcp relay server-ip 192.168.201.2
[sw2]int Vlanif 103
[sw2-Vlanif103]dhcp select relay
[sw2-Vlanif103]dhcp relay server-ip 192.168.201.2
[sw2]int Vlanif 104
[sw2-Vlanif104]dhcp select relay
[sw2-Vlanif104]dhcp relay server-ip 192.168.201.2
************************阶段三:AC的配置*************
vlan pool pool1
vlan 101 102
quit
vlan pool pool2
vlan 103 104
quit
wlan
security-profile name guest
security wpa2 psk pass-phrase a1234567 aes
quit
security-profile name yuangong
security wpa2 psk pass-phrase b1234567 aes
quit
ssid-profile name guest
ssid guest
quit
ssid-profile name yuangong
ssid yuangong
quit
vap-profile name guest
service-vlan vlan-pool pool1
security-profile guest
ssid-profile guest
quit
vap-profile name yuangong
service-vlan vlan-pool pool2
security-profile yuangong
ssid-profile yuangong
quit
ap-group name guest
vap-profile guest wlan 1 radio 0
vap-profile guest wlan 1 radio 1
quit
ap-group name yuangong
vap-profile yuangong wlan 1 radio 0
vap-profile yuangong wlan 1 radio 1
quit
*****************SW2地址创建及DHCP中继配置**************
vlan batch 101 102 103 104
int vlanif 101
ip add 192.168.101.1 24
dhcp select relay
dhcp relay server-ip 192.168.210.1
quit
int vlanif 102
ip add 192.168.102.1 24
dhcp select relay
dhcp relay server-ip 192.168.210.1
quit
int vlanif 103
ip add 192.168.103.1 24
dhcp select relay
dhcp relay server-ip 192.168.210.1
quit
int vlanif 104
ip add 192.168.104.1 24
dhcp select relay
dhcp relay server-ip 192.168.210.1
quit
*****************DHCP地址池配置**************
ip pool vlan101
network 192.168.101.0 mask 24
gateway-list 192.168.101.1
dns-list 101.101.101.101
quit
ip pool vlan102
network 192.168.102.0 mask 24
gateway-list 192.168.102.1
dns-list 102.102.102.102
quit
ip pool vlan103
network 192.168.103.0 mask 24
gateway-list 192.168.103.1
dns-list 103.103.103.103
quit
ip pool vlan104
network 192.168.104.0 mask 24
gateway-list 192.168.104.1
dns-list 104.104.104.104
quit
测试结果: