7、中小企业网络架构-无线接入基本配置

网络拓扑：

配置思路：

操作步骤：

一、配置核心交换机

1、配置DHCP地址池

#AP业务网段-公网WIFI
[SW1]ip pool pool9
[SW1-ip-pool-pool9]network 192.168.9.0 mask 24
[SW1-ip-pool-pool9]gateway-list 192.168.9.254
[SW1-ip-pool-pool9]excluded-ip-address 192.168.9.252 192.168.9.253
[SW1-ip-pool-pool9]quit
[SW1]interface  Vlanif  9
[SW1-Vlanif9]ip address 192.168.9.254 24
[SW1-Vlanif9]dhcp select global
[SW1-Vlanif9]quit

#AP业务网段-员工WIFI
[SW1]ip pool pool10	
[SW1-ip-pool-pool10]network 192.168.10.0 mask 24	
[SW1-ip-pool-pool10]gateway-list 192.168.10.254
[SW1-ip-pool-pool10]excluded-ip-address  192.168.10.252 192.168.10.253
[SW1-ip-pool-pool10]quit
[SW1]interface  Vlanif  10
[SW1-Vlanif10]ip address  192.168.10.254 24	
[SW1-Vlanif10]dhcp select  global
[SW1-Vlanif10]quit

2、配置上联接口

[SW1]interface  GigabitEthernet  0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk  allow-pass  vlan
[SW1-GigabitEthernet0/0/4]port trunk  allow-pass  vlan  all
[SW1-GigabitEthernet0/0/4]description connect to AC2
[SW1-GigabitEthernet0/0/4]quit

#连接AC接口
[SW1]interface  Vlanif  5
[SW1-Vlanif5]ip address 192.168.5.2 24
[SW1-Vlanif5]quit

3、配置下联接口

前文已经配置，省略

4、在核心A上配置DHCP中继，代理AC分配IP地址

[SW1]interface  Vlanif  4
[SW1-Vlanif4]ip address  192.168.4.1 24
[SW1-Vlanif4]dhcp select relay
[SW1-Vlanif4]dhcp relay server-ip 192.168.5.1
[SW1-Vlanif4]quit

二、配置AC

1、添加vlan

[AC6605]vlan batch 4 5

#AC与核心交换机的对接vlan
[AC6605]interface  Vlanif 5
[AC6605-Vlanif5]ip address 192.168.5.1 24
[AC6605-Vlanif5]dhcp  select global 
[AC6605-Vlanif5]quit

2、配置下联接口

[AC6605]interface  GigabitEthernet  0/0/1
[AC6605-GigabitEthernet0/0/1]port link-type trunk
[AC6605-GigabitEthernet0/0/1]port trunk  allow-pass vlan all
[AC6605-GigabitEthernet0/0/1]quit

3、配置AC到AP的路由，下一跳为核心A的vlan5

#vlan4是AP设备管理IP网段
[AC6605]ip route-static 192.168.4.0 24 192.168.5.2

4、在AC上创建全局地址池为AP提供地址

[AC6605]dhcp enable
[AC6605]ip pool huawei
[AC6605-ip-pool-huawei]network 192.168.4.0 mask 24
[AC6605-ip-pool-huawei]gateway-list 192.168.4.1
[AC6605-ip-pool-huawei]option 43 sub-option 3 ascii 192.168.5.1
[AC6605-ip-pool-huawei]quit

[AC6605]interface  Vlanif  4
[AC6605-Vlanif4]dhcp  select global 
[AC6605-Vlanif4]quit

5、配置AP上线

# 创建AP组，用于将相同配置的AP都加入同一AP组中
[AC6605]wlan
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]quit

# 创建域管理模板，在域管理模板下配置AC的国家码并在AP组下引用域管理模板
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code cn
[AC6605-wlan-regulate-domain-default]quit

[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-ap-group2]quit
[AC6605-wlan-view]quit

# 配置AC的源接口
[AC6605]capwap source interface Vlanif 5

# 在AC上离线导入AP，并将area_1和area_2分别加入AP组“ap-group1”和“ap-group2”中。假设AP的MAC地址为00e0-fcf3-1000，并且根据AP的部署位置为AP配置名称，便于从名称上就能够了解AP的部署位置。例如MAC地址为00e0-fcf3-1000的AP部署在1号区域，命名此AP为area_1。
[AC6605]wlan 
[AC6605-wlan-view]ap auth-mode mac-auth 
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fcf3-1000        #需要提前查看AP的MAC地址
[AC6605-wlan-ap-0]ap-name area_1    #如果没有跳转到这里，AP需要重启
[AC6605-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-0]quit

[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc96-3c70
[AC6605-wlan-ap-1]ap-name area_2
[AC6605-wlan-ap-1]ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6605-wlan-ap-1]quit

# 将AP上电后，当执行命令display ap all查看到AP的“State”字段为“nor”时，表示AP正常上线。
[AC6605-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
--------------------------------------------------------------------------------
--------------
ID   MAC            Name   Group     IP           Type            State STA Upti
me
--------------------------------------------------------------------------------
--------------
0    00e0-fc96-3c70 area_1 ap-group1 192.168.4.64 AP2050DN       nor   1   52M:
30S
1    00e0-fcf3-1000 area_2 ap-group2 192.168.4.36 AP2050DN       nor   2   48M:
7S
--------------------------------------------------------------------------------
--------------
Total: 2

6、配置WLAN业务参数

# 创建名为“wlan-net”的安全模板，并配置安全策略
[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6605-wlan-sec-prof-wlan-net]quit

# 创建名为“wlan-net”的SSID模板，并配置SSID名称为“wlan-net”
[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC6605-wlan-ssid-prof-wlan-net]quit

[AC6605-wlan-view]ssid-profile name wlan-public
[AC6605-wlan-ssid-prof-wlan-public]ssid wlan-public
[AC6605-wlan-ssid-prof-wlan-public]quit

# 创建名为“wlan-net1”和“wlan-net2”的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板
[AC6605-wlan-view]vap-profile name wlan-net1	
[AC6605-wlan-vap-prof-wlan-net1]service-vlan vlan-id 10
[AC6605-wlan-vap-prof-wlan-net1]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]ssid-profile wlan-net
[AC6605-wlan-vap-prof-wlan-net1]quit
[AC6605-wlan-view]vap-profile name wlan-public
[AC6605-wlan-vap-prof-wlan-public]service-vlan vlan-id 9
[AC6605-wlan-vap-prof-wlan-public]security-profile wlan-net
[AC6605-wlan-vap-prof-wlan-public]ssid-profile wlan-public
[AC6605-wlan-vap-prof-wlan-public]quit

# 配置AP组引用VAP模板，area_1上射频0和射频1都使用VAP模板“wlan-net1”的配置，area_2上射频0和射频1都使用VAP模板“wlan-net2”的配置
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group1]quit

[AC6605-wlan-view]ap-group name ap-group2	
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 0
[AC6605-wlan-ap-group-ap-group2]vap-profile wlan-public wlan 1 radio 1
[AC6605-wlan-ap-group-ap-group2]quit

这是AP已经可以正常使用，如果需要优化就添加第7项配置内容

员工WIFI

公共WIFI

7、开启射频调优功能自动选择AP最佳信道和功率

# 在域管理模板下配置调优信道集合
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]dca-channel 2.4g channel-set 1,6,11
[AC6605-wlan-regulate-domain-default]dca-channel 5g bandwidth 20mhz
[AC6605-wlan-regulate-domain-default]dca-channel 5g channel-set 149,153,157,161
[AC6605-wlan-regulate-domain-default]quit

# 创建空口扫描模板“wlan-airscan”，并配置调优信道集合、扫描间隔时间和扫描持续时间
[AC6605-wlan-view]air-scan-profile name wlan-airscan
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-channel-set dca-channel
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-period 60
[AC6605-wlan-air-scan-prof-wlan-airscan]scan-interval 60000
[AC6605-wlan-air-scan-prof-wlan-airscan]quit

# 创建2G射频模板“wlan-radio2g”，并在该模板下引用空口扫描模板“wlan-airscan”
[AC6605-wlan-view]radio-2g-profile name wlan-radio2g
[AC6605-wlan-radio-2g-prof-wlan-radio2g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-2g-prof-wlan-radio2g]quit

# 创建5G射频模板“wlan-radio5g”，并在该模板下引用空口扫描模板“wlan-airscan
[AC6605-wlan-view]radio-5g-profile name wlan-radio5g
[AC6605-wlan-radio-5g-prof-wlan-radio5g]air-scan-profile wlan-airscan
[AC6605-wlan-radio-5g-prof-wlan-radio5g]quit

# 在名为“ap-group1”和“ap-group2”的AP组下引用5G射频模板“wlan-radio5g”和2G射频模板“wlan-radio2g”
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group1]quit
[AC6605-wlan-view]ap-group name ap-group2
[AC6605-wlan-ap-group-ap-group2]radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6605-wlan-ap-group-ap-group2]quit

8、验证配置结果

WLAN业务配置会自动下发给AP，配置完成后，通过执行命令display vap ssid wlan-net查看如下信息，当“Status”项显示为“ON”时，表示AP对应的射频上的VAP已创建成功
<AC6605>display  vap all 
Info: This operation may take a few seconds, please wait..
WID : WLAN ID            
--------------------------------------------------------------------------------

AP ID AP name RfID WID  BSSID          Status  Auth type     STA   SSID       
--------------------------------------------------------------------------------

0     area_1  0    1    00E0-FC96-3C70 ON      WPA/WPA2-PSK  1     wlan-net   
0     area_1  1    1    00E0-FC96-3C80 ON      WPA/WPA2-PSK  0     wlan-net   
1     area_2  0    1    00E0-FCF3-1000 ON      WPA/WPA2-PSK  1     wlan-public
1     area_2  1    1    00E0-FCF3-1010 ON      WPA/WPA2-PSK  1     wlan-public
--------------------------------------------------------------------------------

Total: 4