7、中小企業網絡架構-無線接入基本配置

網絡拓撲：

配置思路：

 

操作步驟：

一、配置核心交換機

1、配置DHCP地址池

#AP業務網段-公網WIFI
[SW1]ip pool pool9
[SW1-ip-pool-pool9]network 192.168.9.0 mask 24
[SW1-ip-pool-pool9]gateway-list 192.168.9.254
[SW1-ip-pool-pool9]excluded-ip-address 192.168.9.252 192.168.9.253
[SW1-ip-pool-pool9]quit
[SW1]interface  Vlanif  9
[SW1-Vlanif9]ip address 192.168.9.254 24
[SW1-Vlanif9]dhcp select global
[SW1-Vlanif9]quit

#AP業務網段-員工WIFI
[SW1]ip pool pool10	
[SW1-ip-pool-pool10]network 192.168.10.0 mask 24	
[SW1-ip-pool-pool10]gateway-list 192.168.10.254
[SW1-ip-pool-pool10]excluded-ip-address  192.168.10.252 192.168.10.253
[SW1-ip-pool-pool10]quit
[SW1]interface  Vlanif  10
[SW1-Vlanif10]ip address  192.168.10.254 24	
[SW1-Vlanif10]dhcp select  global
[SW1-Vlanif10]quit

2、配置上聯接口

[SW1]interface  GigabitEthernet  0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk  allow-pass  vlan
[SW1-GigabitEthernet0/0/4]port trunk  allow-pass  vlan  all
[SW1-GigabitEthernet0/0/4]description connect to AC2
[SW1-GigabitEthernet0/0/4]quit

#連接AC接口
[SW1]interface  Vlanif  5
[SW1-Vlanif5]ip address 192.168.5.2 24
[SW1-Vlanif5]quit

3、配置下聯接口

前文已經配置，省略

4、在覈心A上配置DHCP中繼，代理AC分配IP地址

[SW1]interface  Vlanif  4
[SW1-Vlanif4]ip address  192.168.4.1 24
[SW1-Vlanif4]dhcp select relay
[SW1-Vlanif4]dhcp relay server-ip 192.168.5.1
[SW1-Vlanif4]quit

二、配置AC

1、添加vlan

[AC6605]vlan batch 4 5

#AC與核心交換機的對接vlan
[AC6605]interface  Vlanif 5
[AC6605-Vlanif5]ip address 192.168.5.1 24
[AC6605-Vlanif5]dhcp  select global 
[AC6605-Vlanif5]quit

2、配置下聯接口

[AC6605]interface  GigabitEthernet  0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk  allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit

3、配置AC到AP的路由，下一跳爲核心A的vlan5

#vlan4是AP設備管理IP網段
[AC6605]ip route-static 192.168.4.0 24 192.168.5.2

4、在AC上創建全局地址池爲AP提供地址

[AC6605]dhcp enable
[AC6605]ip pool huawei
[AC6605-ip-pool-huawei]network 192.168.4.0 mask 24
[AC6605-ip-pool-huawei]gateway-list 192.168.4.1
[AC6605-ip-pool-huawei]option 43 sub-option 3 ascii 192.168.5.1
[AC6605-ip-pool-huawei]quit

[AC6605]interface  Vlanif  4
[AC6605-Vlanif4]dhcp  select global 
[AC6605-Vlanif4]quit

5、配置AP上線

# 創建AP組，用於將相同配置的AP都加入同一AP組中
[AC6605]wlan
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]quit

# 創建域管理模板，在域管理模板下配置AC的國家碼並在AP組下引用域管理模板
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code cn
[AC6605-wlan-regulate-domain-default]quit

[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group2]quit
[AC6605-wlan-view]quit

# 配置AC的源接口
[AC6605]capwap source interface Vlanif 5

# 在AC上離線導入AP，並將area_1和area_2分別加入AP組“ap-group1”和“ap-group2”中。假設AP的MAC地址爲00e0-fcf3-1000，並且根據AP的部署位置爲AP配置名稱，便於從名稱上就能夠了解AP的部署位置。例如MAC地址爲00e0-fcf3-1000的AP部署在1號區域，命名此AP爲area_1。
[AC6605]wlan 
[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fcf3-1000        #需要提前查看AP的MAC地址
[AC6605-wlan-ap-0]ap-name area_1    #如果沒有跳轉到這裏，AP需要重啓
[AC6605-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-0]quit

[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc96-3c70
[AC6605-wlan-ap-1]ap-name area_2
[AC6605-wlan-ap-1]ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-1]quit

# 將AP上電後，當執行命令display ap all查看到AP的“State”字段爲“nor”時，表示AP正常上線。
[AC6605-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
--------------------------------------------------------------------------------
--------------
ID   MAC            Name   Group     IP           Type            State STA Upti
me
--------------------------------------------------------------------------------
--------------
0    00e0-fc96-3c70 area_1 ap-group1 192.168.4.64 AP2050DN       nor   1   52M:
30S
1    00e0-fcf3-1000 area_2 ap-group2 192.168.4.36 AP2050DN       nor   2   48M:
7S
--------------------------------------------------------------------------------
--------------
Total: 2

6、配置WLAN業務參數

# 創建名爲“wlan-net”的安全模板，並配置安全策略
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6605-wlan-sec-prof-wlan-net]quit

# 創建名爲“wlan-net”的SSID模板，並配置SSID名稱爲“wlan-net”
[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC6605-wlan-ssid-prof-wlan-net]quit

[AC6605-wlan-view]ssid-profile name wlan-public
[AC6605-wlan-ssid-prof-wlan-public]ssid wlan-public
[AC6605-wlan-ssid-prof-wlan-public]quit

# 創建名爲“wlan-net1”和“wlan-net2”的VAP模板，配置業務數據轉發模式、業務VLAN，並且引用安全模板和SSID模板
[AC6605-wlan-view]vap-profile name wlan-net1	
[AC6605-wlan-vap-prof-wlan-net1]service-vlan vlan-id 10
[AC6605-wlan-vap-prof-wlan-net1]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]ssid-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]quit
[AC6605-wlan-view]vap-profile name wlan-public
[AC6605-wlan-vap-prof-wlan-public]service-vlan vlan-id 9
[AC6605-wlan-vap-prof-wlan-public]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-public]ssid-profile wlan-public
[AC6605-wlan-vap-prof-wlan-public]quit

# 配置AP組引用VAP模板，area_1上射頻0和射頻1都使用VAP模板“wlan-net1”的配置，area_2上射頻0和射頻1都使用VAP模板“wlan-net2”的配置
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2	
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group2]quit

這是AP已經可以正常使用，如果需要優化就添加第7項配置內容

員工WIFI

公共WIFI

7、開啓射頻調優功能自動選擇AP最佳信道和功率

# 在域管理模板下配置調優信道集合
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]dca-channel 2.4g channel-set 1,6,11
[AC6605-wlan-regulate-domain-default]dca-channel 5g bandwidth 20mhz
[AC6605-wlan-regulate-domain-default]dca-channel 5g channel-set 149,153,157,161
[AC6605-wlan-regulate-domain-default]quit

# 創建空口掃描模板“wlan-airscan”，並配置調優信道集合、掃描間隔時間和掃描持續時間
[AC6605-wlan-view]air-scan-profile name wlan-airscan
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-channel-set dca-channel
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-period 60
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-interval 60000
[AC6605-wlan-air-scan-prof-wlan-airscan]quit

# 創建2G射頻模板“wlan-radio2g”，並在該模板下引用空口掃描模板“wlan-airscan”
[AC6605-wlan-view]radio-2g-profile name wlan-radio2g
[AC6605-wlan-radio-2g-prof-wlan-radio2g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-2g-prof-wlan-radio2g]quit

# 創建5G射頻模板“wlan-radio5g”，並在該模板下引用空口掃描模板“wlan-airscan
[AC6605-wlan-view]radio-5g-profile name wlan-radio5g
[AC6605-wlan-radio-5g-prof-wlan-radio5g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-5g-prof-wlan-radio5g]quit

# 在名爲“ap-group1”和“ap-group2”的AP組下引用5G射頻模板“wlan-radio5g”和2G射頻模板“wlan-radio2g”
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]quit

8、驗證配置結果

WLAN業務配置會自動下發給AP，配置完成後，通過執行命令display vap ssid wlan-net查看如下信息，當“Status”項顯示爲“ON”時，表示AP對應的射頻上的VAP已創建成功
<AC6605>display  vap all 
Info: This operation may take a few seconds, please wait..
WID : WLAN ID            
--------------------------------------------------------------------------------

AP ID AP name RfID WID  BSSID          Status  Auth type     STA   SSID       
--------------------------------------------------------------------------------

0     area_1  0    1    00E0-FC96-3C70 ON      WPA/WPA2-PSK  1     wlan-net   
0     area_1  1    1    00E0-FC96-3C80 ON      WPA/WPA2-PSK  0     wlan-net   
1     area_2  0    1    00E0-FCF3-1000 ON      WPA/WPA2-PSK  1     wlan-public
1     area_2  1    1    00E0-FCF3-1010 ON      WPA/WPA2-PSK  1     wlan-public
--------------------------------------------------------------------------------

Total: 4

三、配置AP

1、查看APMAC

2、選擇5G

 

至此整個中小企業網絡架構基本配置完成，接下來到擴展優化配置