dis current-configuration  #  set memory-usage threshold 0 # ssl renegotiation-rate 1  # vlan batch 10 100 to 101 # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name macportal_authen_profile # vlan pool sta  vlan 101 # dhcp enable # diffserv domain default # radius-server template default # pki realm default  rsa local-key-pair default  enrollment self-signed # ike proposal default  encryption-algorithm aes-256   dh group14   authentication-algorithm sha2-256   authentication-method pre-share  integrity-algorithm hmac-sha2-256   prf hmac-sha2-256  # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # ip pool AP  gateway-list 10.1.100.254   network 10.1.100.0 mask 255.255.255.0   option 43 sub-option 3 ascii 10.1.10.1  # aaa  authentication-scheme default  authentication-scheme radius   authentication-mode radius  authorization-scheme default  accounting-scheme default  domain default   authentication-scheme radius   radius-server default  domain default_admin   authentication-scheme default  local-user admin password irreversible-cipher $1a$Kj=mY420C4$8huBQG[Xl"71=X3f]G /#5#P~&*\Z~6\}Sc,geu2"$  local-user admin privilege level 15  local-user admin service-type http # interface Vlanif10  ip address 10.1.10.1 255.255.255.0 # interface Vlanif100  ip address 10.1.100.1 255.255.255.0  dhcp select global # interface MEth0/0/1  undo negotiation auto  duplex half # interface GigabitEthernet0/0/1  port link-type trunk  port trunk allow-pass vlan 10 100 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21  undo negotiation auto  duplex half # interface GigabitEthernet0/0/22  undo negotiation auto  duplex half # interface GigabitEthernet0/0/23  undo negotiation auto  duplex half # interface GigabitEthernet0/0/24  undo negotiation auto  duplex half # interface XGigabitEthernet0/0/1 # interface XGigabitEthernet0/0/2 # interface NULL0 #  snmp-agent local-engineid 800007DB03000000000000  snmp-agent  # ssh server secure-algorithms cipher aes256_ctr aes128_ctr ssh server key-exchange dh_group14_sha1 ssh client secure-algorithms cipher aes256_ctr aes128_ctr ssh client secure-algorithms hmac sha2_256 ssh client key-exchange dh_group14_sha1 # capwap source interface vlanif100 # user-interface con 0  authentication-mode password user-interface vty 0 4  protocol inbound all user-interface vty 16 20  protocol inbound all # wlan  traffic-profile name default  security-profile name yhd   security wpa-wpa2 psk pass-phrase %^%#oD{c66+x9,'S$_1t~;M~Jb)_CE%{:*,#'kDEZ,mH %^%# aes  security-profile name default  security-profile name default-wds  security-profile name default-mesh  ssid-profile name yhd   ssid yhd  ssid-profile name default  venue-name-profile name yhd  vap-profile name yhd   forward-mode tunnel   service-vlan vlan-id 101   ssid-profile yhd   security-profile yhd  vap-profile name default  wds-profile name default  mesh-handover-profile name default  mesh-profile name default  regulatory-domain-profile name yhd  regulatory-domain-profile name default  air-scan-profile name default  rrm-profile name default  radio-2g-profile name default  radio-5g-profile name default  wids-spoof-profile name default  wids-profile name default  wireless-access-specification  ap-system-profile name default  port-link-profile name default  wired-port-profile name default  serial-profile name preset-enjoyor-toeap   ap-group name yh   regulatory-domain-profile yhd   radio 0    vap-profile yhd wlan 1   radio 1    vap-profile yhd wlan 1  ap-group name default  ap-id 0 type-id 56 ap-mac 00e0-fc56-7840 ap-sn 210235448310C277C95F   ap-group yh  provision-ap # dot1x-access-profile name dot1x_access_profile # mac-access-profile name mac_access_profile # return  

 dis current-configuration  # sysname Huawei # vlan batch 10 100 to 101 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # dhcp enable # diffserv domain default # drop-profile default # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password simple admin  local-user admin service-type http # interface Vlanif1 # interface Vlanif10  ip address 10.1.10.2 255.255.255.0 # interface Vlanif100  ip address 10.1.100.2 255.255.255.0  dhcp select relay  dhcp relay server-ip 10.1.10.1 # interface Vlanif101  ip address 10.1.101.2 255.255.255.0  dhcp select interface # interface MEth0/0/1 # interface GigabitEthernet0/0/1  port link-type trunk  port trunk allow-pass vlan 10 100 # interface GigabitEthernet0/0/2  port link-type trunk  port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return

 dis current-configuration  # sysname Huawei # vlan batch 100 to 101 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa  authentication-scheme default  authorization-scheme default  accounting-scheme default  domain default  domain default_admin  local-user admin password simple admin  local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface GigabitEthernet0/0/1  port link-type trunk  port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/2  port link-type trunk  port trunk pvid vlan 100  port trunk allow-pass vlan 100 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return

隧道模式个人大概需要等待3分钟左右才生效，看个人电脑性能。 

 隧道模式隧道指定的是AP设备vlan100 或者AP 地址

open 43 可选项指定AC设备源头，dhcp 中继AC源IP 获取AP地址

业务转发指定业务vlan 或IP地址

与交换机相连接的AP设备 网络中数据已经封装，需要解封装AP带TAG标识的VLANID 才能识别到！