|
企业环境中往往需要部署多台AP,需要一般部署一台集中控制器,我们称为AC。管理员通过在AC上完成配置并下发给AP(这种AP就是瘦AP),使得整个企业级无线局域网的部署和运维更加高效。
WLAN配置
实验拓扑:  
配置AC与AP/企业网络路由器之间的通信:
[AC]vlan batch 100 110
[AC]interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk pvid vlan 100
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1]quit
[AC]interface gigabitethernet 0/0/10
[AC-GigabitEthernet0/0/10]port link-type trunk
[AC-GigabitEthernet0/0/10]port trunk allow-pass vlan 110
AC配置为DHCP服务器,为AP和STA分配IP地址:
[AC]dhcp enable
[AC]interface vlanif 100
[AC-Vlanif100]ip address 192.168.100.1 24
[AC-Vlanif100]dhcp select interface
[AC-Vlanif100]quit
[AC]interface vlanif 110
[AC-Vlanif110]ip address 192.168.110.1 24
[AC-Vlanif110]dhcp select interface
创建AP组
[AC]wlan
[AC-wlan-view]ap-group name ap-group-guest
[AC-wlan-ap-group-ap-group-guest]
配置AC系统参数
[AC]wlan
[AC-wlan-view]regulatory-domain-profile name domain-guest
[AC-wlan-regulate-domain-deomain-guest]country-code cn
在AP组中应用域管理模版domain-guest
[AC]wlan
[AC-wlan-view]ap-group name ap-group-guest
[AC-wlan-ap-group- ap-group-guest]regulatory-domain-profile domain-guest
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
设置AC的源接口
[AC]capwap source interface vlanif 100
使用MAC地址认证的方式在AC上添加AP:
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00E0-FC9A-2D50
[AC-wlan-ap-0]ap-name lobby
[AC-wlan-ap-0]ap-group ap-group-guest
在AC上查看AP状态:
[AC]display ap all
Total AP information:
nor : normal [1]
--------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------------
0 00e0-fc9a-2d50 lobby ap-group-guest 192.168.100.1 AP6010DN-AGN nor 0 10S
--------------------------------------------------------------------------------------
Total: 1
配置WLAN业务参数
配置SSID模版:
[AC]wlan
[AC-wlan-view]ssid-profile name ssid-guest
[AC-wlan-ssid-prof-ssid-guest]ssid guest
配置安全模版:
[AC-wlan-view]security-profile name sec-guest
[AC-wlan-sec-prof-sec-guest]security wpa2 psk pass-phrase huawei123 aes
配置VAP模版:
[AC]wlan
[AC-wlan-view]vap-profile name vap-guest
[AC-wlan-vap-prof-vap-guest]forward-mode tunnel
[AC-wlan-vap-prof-vap-guest]service-vlan vlan-id 110
[AC-wlan-vap-prof-vap-guest]ssid-profile ssid-guest
[AC-wlan-vap-prof-vap-guest]security-profile sec-guest
在AP组中应用VAP模版:
[AC]wlan
[AC-wlan-view]ap-group name ap-group-guest
[AC-wlan-ap-group-ap-group-guest]vap-profile vap-guest wlan 1 radio all
验证创建的VAP:
[AC]display vap ssid guest
AP ID AP name RfID WID BSSID Status Auth type STA SSID
1 lobby 1 1 00E0-FC9A-2D50 ON WPA2-PSK 0 ssid-guest
Total: 1
查看已连接的STA:
[AC]display station ssid guest
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
5489-9892-4226 0 lobby 1/1 5G 11n 46/59 -68 110 192.168.110.2
过程(补):
  
|