华为ENSP中AP与AC的配置 |
您所在的位置:网站首页 › 华为ensp无线实验 › 华为ENSP中AP与AC的配置 |
华为ENSP中AP与AC的配置
|
配置企业无线网络阶段一:让AP获得IP地址 1、配置交换机 [sw1]vlan 100 [sw1]port-group group-member g0/0/1 to g0/0/5 [sw1-port-group]port link-type trunk [sw1-port-group]port trunk pvid vlan 100 [sw1-port-group]port trunk allow-pass vlan all 2、配置核心交换机 [sw2]vlan batch 100 210 [sw2]int g0/0/1 [sw2-GigabitEthernet0/0/1]port link-type trunk [sw2-GigabitEthernet0/0/1]port trunk pvid vlan 100 [sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan all [sw2-GigabitEthernet0/0/1]int g0/0/2 [sw2-GigabitEthernet0/0/2]port link-type access [sw2-GigabitEthernet0/0/2]port default vlan 210 [sw2]int Vlanif 100 [sw2-Vlanif100]ip address 192.168.100.1 24 [sw2-Vlanif100]int vlanif 201 [sw2-Vlanif201]ip address 192.168.210.254 24 3、配置DHCP服务器 [dhcp]dhcp enable [dhcp]ip pool vlan100 [dhcp-ip-pool-vlan100]network 192.168.100.0 mask 24 [dhcp-ip-pool-vlan100]gateway-list 192.168.100.1 [dhcp]int g0/0/0 [dhcp-GigabitEthernet0/0/0]ip address 192.168.210.1 24 [dhcp-GigabitEthernet0/0/0]dhcp select global 4、启动ap1,查看是否能获得IP地址; display ip int brief 5、配置DHCP中继代理 [sw2]dhcp enable [sw2]int Vlanif 100 [sw2-Vlanif100]dhcp select relay [sw2-Vlanif100]dhcp relay server-ip 192.168.210.1 6、重启ap,查看是否能够获得IP地址; [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]shutdown [Huawei-GigabitEthernet0/0/0]undo shutdown reboot 7、为DHCP服务器设置默认路由 [dhcp]ip route-static 0.0.0.0 0 192.168.210.254 -------------------------------------------------- *********所有的设备综合配置************************** SW1配置: undo terminal monitor system-view sysname SW1 vlan 100 q port-group group-member g0/0/1 to g0/0/5 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan all SW2配置: undo terminal monitor system-view sysname SW2 vlan batch 100 210 int vlanif100 ip add 192.168.100.1 24 quit int vlanif210 ip add 192.168.210.254 24 quit int g0/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan all quit int g0/0/2 port link-type access port default vlan 210 quit int vlanif100 dhcp select relay dhcp relay server-ip 192.168.210.1 DHCP配置: undo terminal monitor system-view sysname DHCP dhcp enable int g0/0/0 ip add 192.168.210.1 24 dhcp select global quit ip pool vlan100 network 192.168.100.0 mask 24 gateway-list 192.168.100.1 dns-list 100.100.100.100 quit ip route-static 0.0.0.0 0 192.168.210.254 配置企业无线网络阶段二:让AP向AC注册1、配置AC服务器 [AC6605]vlan 200 [AC6605]int g0/0/1 [AC6605-GigabitEthernet0/0/1]port link-type access [AC6605-GigabitEthernet0/0/1]port default vlan 200 [AC6605]int Vlanif 200 [AC6605-Vlanif200]ip address 192.168.200.2 24 [AC6605]ip route-static 0.0.0.0 0 192.168.200.1 undo terminal monitor system-view sysname AC vlan 200 quit int g0/0/1 port link-type access port default vlan 200 quit int vlanif200 ip add 192.168.200.2 24 quit ip route-static 0.0.0.0 0 192.168.200.1 capwap source interface Vlanif 200 2、配置核心交换添加vlan200 sw2: vlan 200 int g0/0/3 port link-type access port default vlan 200 int vlanif 200 ip address 192.168.200.1 24 3、配置DHCP服务器为客户端分配置AC服务器的地址 ip pool vlan100 option 43 sub-option 3 ascii 192.168.200.2 [dhcp]ip pool vlan100 [dhcp-ip-pool-vlan100]option 43 sub-option 3 ascii 192.168.200.2 option 43:所有其它服务器 sub-option 3:代表AC服务器 ascii:ascii编码 192.168.200.2 :AC服务器的IP地址 4、重启AP,让AP获得AC服务器地址; 5、配置AC服务器,允许AP注册; 1)指定capwap协议的信令源地址 [AC6605]capwap source interface Vlanif 200 //指定capwap协议的信令源地址 2)指定AC的验证方式为MAC地址验证 最容易出错(忘记配置) [AC-wlan-view]ap auth-mode mac-auth 查看ap mac地址: display int g0/0/0#创建 AP-group,为的是后期对大量AP进行批量管理 [AC6605-wlan-view]ap-group name guest [AC6605-wlan-ap-group-guest]quit [AC6605-wlan-view]ap-group name yuangong [AC6605-wlan-ap-group-yuangong]quit #创建 “域配置文件”,指定的是 AP 所使用的是哪个国家的无线频率范围; [AC6605-wlan-view]regulatory-domain-profile name China [AC6605-wlan-regulate-domain-China]country-code CN [AC6605-wlan-regulate-domain-China]quit #将配置好的“域配置文件”关联到每一个 ap-group ; [AC6605-wlan-view]ap-group name guest [AC6605-wlan-ap-group-guest]regulatory-domain-profile China Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:Y [AC6605-wlan-ap-group-guest]quit [AC6605-wlan-view]ap-group name yuangong [AC6605-wlan-ap-group-yuangong]regulatory-domain-profile China Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:Y [AC6605-wlan-ap-group-yuangong]quit #在 AC 上手动添加 ap (基于MAC地址进行注册) [AC6605-wlan-view]ap-id 1 ap-mac 00e0-fcb6-4850 [是要自己查看的] [AC6605-wlan-ap-1]ap-name guest-1 [为了区分设备上的多个ap,取的名字] [AC6605-wlan-ap-1]ap-group guest [为ap指定所加入的 ap-group] Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC6605-wlan-ap-1]quit [AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcee-0670 [AC6605-wlan-ap-2]ap-name guest-2 [AC6605-wlan-ap-2]ap-group guest Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC6605-wlan-ap-2]quit [AC6605-wlan-view]ap-id 3 ap-mac 00e0-fc44-6910 [AC6605-wlan-ap-3]ap-name yuangong-1 [AC6605-wlan-ap-3]ap-group yuangong Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC6605-wlan-ap-3]quit [AC6605-wlan-view]ap-id 4 ap-mac 00e0-fcc9-22f0 [AC6605-wlan-ap-4]ap-name yuangong-2 [AC6605-wlan-ap-4]ap-group yuangong Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC6605-wlan-ap-4]quit 6、在ap上验证是否注册成功 ===== CAPWAP LINK IS UP!!! ===== ap注册成功后会自动重启 ap注册成功后主机名会自动更改 7、在ac上验证ap是否注册成功 [AC]display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [4] -------------------------------------------------------------------------------- ------------------- ID MAC Name Group IP Type State ST A Uptime -------------------------------------------------------------------------------- ------------------- 1 00e0-fcd4-01b0 guest-1 guest 192.168.100.254 AP4050DN-E nor 0 3M:49S 2 00e0-fc74-3e20 guest-2 guest 192.168.100.251 AP4050DN-E nor 0 3M:50S 3 00e0-fc6d-7d30 yuangong-1 yuangong 192.168.100.253 AP4050DN-E nor 0 4M:1S 4 00e0-fcb2-03f0 yuangong-2 yuangong 192.168.100.252 AP3030DN nor 0 4M:2S -------------------------------------------------------------------------------- ------------------- Total: 4 状态应该为 :nor ************阶段二的:AC此步骤的全部配置************wlan ap-group name guest quit ap-group name yuangong quit regulatory-domain-profile name China country-code CN quit ap-group name guest regulatory-domain-profile China y quit ap-group name yuangong regulatory-domain-profile China y quitap auth-mode mac-auth ap-id 1 ap-mac 00e0-fcd4-01b0 ap-name guest-1 ap-group guest y quit ap-id 2 ap-mac 00e0-fc74-3e20 ap-name guest-2 ap-group guest y quit ap-id 3 ap-mac 00e0-fc6d-7d30 ap-name yuangong-1 ap-group yuangong y quit ap-id 4 ap-mac 00e0-fcb2-03f0 ap-name yuangong-2 ap-group yuangong y quit 配置企业无线网络阶段三:让AC为AP分配无线参数1、创建vlan地址池 [AC]vlan pool sta-pool1 [AC-vlan-pool-sta-pool1]vlan 101 102 [AC-vlan-pool-sta-pool1]quit [AC]vlan pool sta-pool2 [AC-vlan-pool-sta-pool2]vlan 103 104 [AC-vlan-pool-sta-pool2]quit 2、设置加密配置文件,为AP分配无线密码; [AC-wlan-view]security-profile name guest [AC-wlan-sec-prof-guest]security wpa2 psk pass-phrase a1234567 aes [AC-wlan-sec-prof-guest]quit [AC-wlan-view]security-profile name yuangong [AC-wlan-sec-prof-yuangong]security wpa2 psk pass-phrase b1234567 aes [AC-wlan-sec-prof-yuangong]quit 3、设置ssid名称,为AP分配无线信号的名称; [AC-wlan-view]ssid-profile name guest [AC-wlan-ssid-prof-guest]ssid guest [AC-wlan-ssid-prof-guest]quit [AC-wlan-view]ssid-profile name yuangong [AC-wlan-ssid-prof-yuangong]ssid yuangong [AC-wlan-ssid-prof-yuangong]quit 4、创建无线客户端访问模板,关联以上三个参数; [AC-wlan-view]vap-profile name guest [AC-wlan-vap-prof-guest]service-vlan vlan-pool sta-pool1 [AC-wlan-vap-prof-guest]security-profile guest [AC-wlan-vap-prof-guest]ssid-profile guest [AC-wlan-vap-prof-guest]quit [AC-wlan-view]vap-profile name yuangong [AC-wlan-vap-prof-yuangong]service-vlan vlan-pool sta-pool2 [AC-wlan-vap-prof-yuangong]security-profile yuangong [AC-wlan-vap-prof-yuangong]ssid-profile yuangong [AC-wlan-vap-prof-guest]quit 5、为ap开启无线信号 [AC-wlan-view]ap-group name guest [AC-wlan-ap-group-guest]vap-profile guest wlan 1 radio 0 [AC-wlan-ap-group-guest]vap-profile guest wlan 1 radio 1 [AC-wlan-view]ap-group name yuangong [AC-wlan-ap-group-yuangong]vap-profile yuangong wlan 1 radio 0 [AC-wlan-ap-group-yuangong]vap-profile yuangong wlan 1 radio 1 6、创建客户端所在的vlan [sw1]vlan batch 101 102 103 104 [sw2]vlan batch 101 102 103 104 7、为核心交换机设置vlan虚接口IP地址 [sw2]int Vlanif 101 [sw2-Vlanif101]ip address 192.168.101.1 24 [sw2]int Vlanif 102 [sw2-Vlanif101]ip address 192.168.102.1 24 [sw2]int Vlanif 103 [sw2-Vlanif101]ip address 192.168.103.1 24 [sw2]int Vlanif 104 [sw2-Vlanif101]ip address 192.168.104.1 24 8、为4个vlan创建dhcp地址池 [dhcp]ip pool vlan101 [dhcp-ip-pool-vlan101]network 192.168.101.0 mask 24 [dhcp-ip-pool-vlan101]gateway-list 192.168.101.1 [dhcp]ip pool vlan102 [dhcp-ip-pool-vlan102]network 192.168.102.0 mask 24 [dhcp-ip-pool-vlan102]gateway-list 192.168.102.1 [dhcp]ip pool vlan103 [dhcp-ip-pool-vlan103]network 192.168.103.0 mask 24 [dhcp-ip-pool-vlan103]gateway-list 192.168.103.1 [dhcp]ip pool vlan104 [dhcp-ip-pool-vlan104]network 192.168.104.0 mask 24 [dhcp-ip-pool-vlan104]gateway-list 192.168.104.1 9、配置中继代理 [sw2]int Vlanif 101 [sw2-Vlanif101]dhcp select relay [sw2-Vlanif101]dhcp relay server-ip 192.168.201.2 [sw2]int Vlanif 102 [sw2-Vlanif102]dhcp select relay [sw2-Vlanif102]dhcp relay server-ip 192.168.201.2 [sw2]int Vlanif 103 [sw2-Vlanif103]dhcp select relay [sw2-Vlanif103]dhcp relay server-ip 192.168.201.2 [sw2]int Vlanif 104 [sw2-Vlanif104]dhcp select relay [sw2-Vlanif104]dhcp relay server-ip 192.168.201.2 ************************阶段三:AC的配置************* vlan pool pool1 vlan 101 102 quit vlan pool pool2 vlan 103 104 quit wlan security-profile name guest security wpa2 psk pass-phrase a1234567 aes quit security-profile name yuangong security wpa2 psk pass-phrase b1234567 aes quit ssid-profile name guest ssid guest quit ssid-profile name yuangong ssid yuangong quit vap-profile name guest service-vlan vlan-pool pool1 security-profile guest ssid-profile guest quit vap-profile name yuangong service-vlan vlan-pool pool2 security-profile yuangong ssid-profile yuangong quit ap-group name guest vap-profile guest wlan 1 radio 0 vap-profile guest wlan 1 radio 1 quit ap-group name yuangong vap-profile yuangong wlan 1 radio 0 vap-profile yuangong wlan 1 radio 1 quit *****************SW2地址创建及DHCP中继配置************** vlan batch 101 102 103 104 int vlanif 101 ip add 192.168.101.1 24 dhcp select relay dhcp relay server-ip 192.168.210.1 quit int vlanif 102 ip add 192.168.102.1 24 dhcp select relay dhcp relay server-ip 192.168.210.1 quit int vlanif 103 ip add 192.168.103.1 24 dhcp select relay dhcp relay server-ip 192.168.210.1 quit int vlanif 104 ip add 192.168.104.1 24 dhcp select relay dhcp relay server-ip 192.168.210.1 quit*****************DHCP地址池配置************** ip pool vlan101 network 192.168.101.0 mask 24 gateway-list 192.168.101.1 dns-list 101.101.101.101 quit ip pool vlan102 network 192.168.102.0 mask 24 gateway-list 192.168.102.1 dns-list 102.102.102.102 quit ip pool vlan103 network 192.168.103.0 mask 24 gateway-list 192.168.103.1 dns-list 103.103.103.103 quit ip pool vlan104 network 192.168.104.0 mask 24 gateway-list 192.168.104.1 dns-list 104.104.104.104 quit 测试结果:   
按照上面的步骤即可完成此项目
|
【本文地址】
今日新闻 |
推荐新闻 |