6

常见大中型网络WLAN基本业务实例

 3 years ago
source link: https://www.daqianduan.com/17564.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

组网图形

jMRN7n.png

大中型WLAN网络简介

  • 本文介绍的WLAN网络是指利用频率为2.4GHz或5GHz的射频信号作为传输介质的无线局域网,相对于有线网络的铺设成本高,不便于网络调整和扩展、位置固定,移动性差等缺点,WLAN网络以其低廉的铺设成本、便捷的网络调整和扩展、灵活的可移动性获得了越来越广泛的应用。

组网需求

  • 图1 ,AC连接园区出口网关Router,并通过PoE交换机与AP连接,PoE交换机为AP供电。
  • 用户希望通过WLAN部署,提供名为“test”的无线网络方便用户随时随地接入。同时,用户希望通过路由器Router来做DHCP Server为用户提供10.10.10.0/24网段的IP地址,并在AC上对用户进行集中控制和管理。

配置思路

  • 1.配置AP、AC和上层网络设备之间实现网络互通。
  • 2.在AC上配置基于接口的DHCP服务器为AP分配IP地址,同时配置AC作为DHCP中继,由AC连接的路由器为STA分配IP地址。
  • 3.配置WLAN基本业务,保证用户能够通过WLAN网络接入Internet。

操作步骤

  • 1. 在AC上配置NAC模式为统一模式(缺省值,不需配置)。配置SwitchA和AC,使AP与AC之间能够传输CAPWAP报文

# 配置SwitchA连接AP的接口GE0/0/1加入VLAN100(管理VLAN),SwitchA连接AC的接口GE0/0/2加入VLAN100。

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchA-GigabitEthernet0/0/2] quit

# 配置AC连接SwitchA的接口GE1/0/1加入VLAN100。

[HUAWEI] sysname AC
[AC] vlan batch 100
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet1/0/1] quit
  •  2. 配置AC与上层网络设备互通

# 配置VLANIF101(业务VLAN)和VLANIF102。

[AC] vlan batch 101 102
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.10.10.1 24
[AC-Vlanif101] quit
[AC] interface vlanif 102
[AC-Vlanif102] ip address 10.11.10.2 24
[AC-Vlanif102] quit

# 配置AC的缺省路由。

[AC] ip route-static 0.0.0.0 0.0.0.0 10.11.10.1  //配置缺省路由指向Router

# 配置AC连接Router的接口GE1/0/2加入VLAN102。

[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] port link-type trunk
[AC-GigabitEthernet1/0/2] port trunk allow-pass vlan 102
[AC-GigabitEthernet1/0/2] quit
  •  3. 配置AC给AP分配IP地址,Router给STA分配IP地址。

# 配置AC通过接口地址池为AP分配IP地址。

[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 192.168.10.1 24
[AC-Vlanif100] dhcp select interface  //配置基于接口的地址池
[AC-Vlanif100] quit

# 配置AC作为DHCP中继并使能DHCP中继探测用户表项功能。

[AC] interface vlanif 101
[AC-Vlanif101] dhcp select relay  //配置DHCP中继功能
[AC-Vlanif101] dhcp relay server-ip 10.11.10.1  //配置DHCP中继所代理的DHCP服务器地址为Router上的IP地址10.11.10.1
[AC-Vlanif101] quit

# 配置Router作为DHCP服务器为STA分配IP地址。

<Huawei> system-view
[Huawei] sysname Router
[Router] dhcp enable
[Router] ip pool sta  //配置地址池为STA分配IP地址
[Router-ip-pool-sta] gateway-list 10.10.10.1
[Router-ip-pool-sta] network 10.10.10.0 mask 24
[Router-ip-pool-sta] quit
[Router] vlan batch 102
[Router] interface vlanif 102
[Router-Vlanif102] ip address 10.11.10.1 24
[Router-Vlanif102] dhcp select global  //配置全局的地址池
[Router-Vlanif102] quit
[Router] interface gigabitethernet 2/0/0
[Router-GigabitEthernet2/0/0] port link-type trunk
[Router-GigabitEthernet2/0/0] port trunk allow-pass vlan 102
[Router-GigabitEthernet2/0/0] quit
[Router] ip route-static 10.10.10.0 24 10.11.10.2  //配置Router到达10.10.10.0/24网段的路由
  •  4.配置AC的系统参数

# 配置AC的国家码。

[AC] wlan ac-global country-code cn
Warning: Modify the country code may delete configuration on those AP which use 
the global country code and reset them, continue?[Y/N]:y

# 配置AC ID和运营商标识。

[AC] wlan ac-global ac id 1 carrier id other  //AC ID缺省为0,修改为1

# 配置AC的源接口。

[AC] wlan
[AC-wlan-view] wlan ac source interface vlanif 100
  •  5.在AC上管理AP

# 现场获取AP的MAC地址后,查看AP的设备类型ID。

[AC-wlan-view] display ap-type all
  All AP types information:     
  ------------------------------------------------------------------------------
  ID     Type                   
  ------------------------------------------------------------------------------
  17     AP6010SN-GN            
  19     AP6010DN-AGN           
  21     AP6310SN-GN            
  23     AP6510DN-AGN           
  25     AP6610DN-AGN           
  27     AP7110SN-GN            
  28     AP7110DN-AGN           
  29     AP5010SN-GN            
  30     AP5010DN-AGN           
  31     AP3010DN-AGN           
  33     AP6510DN-AGN-US        
  34     AP6610DN-AGN-US        
  35     AP5030DN               
  36     AP5130DN               
  37     AP7030DE                                                               
  38     AP2010DN                                                               
  39     AP8130DN                                                               
  40     AP8030DN                                                               
  42     AP9330DN                                                               
  43     AP4030DN                                                               
  44     AP4130DN                                                               
  45     AP3030DN                                                               
  46     AP2030DN                                                               
  ------------------------------------------------------------------------------
  Total number: 23

# 配置AP认证模式为MAC地址认证(缺省值,不需配置)。根据查询到的AP设备类型ID,离线添加AP。假设AP的类型为AP6010DN-AGN,其MAC地址为60de-4476-e360。

[AC-wlan-view] ap id 0 type-id 19 mac 60de-4476-e360
[AC-wlan-ap-0] quit

# 配置AP域并将AP加入到AP域。

[AC-wlan-view] ap-region id 10  //新建AP域10
[AC-wlan-ap-region-10] quit
[AC-wlan-view] ap id 0
[AC-wlan-ap-0] region-id 10  //将AP加入域10
[AC-wlan-ap-0] quit

# 将AP上电后,可以查看到AP的“AP State”字段为“normal”。

[AC-wlan-view] display ap all 
  All AP information:           
  Normal[1],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0]       
  Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]            
  ------------------------------------------------------------------------------
  AP    AP               AP              Profile   AP              AP           
                                         /Region                                
  ID    Type             MAC             ID        State           Sysname      
  ------------------------------------------------------------------------------
  0     AP6010DN-AGN     60de-4476-e360  0/10      normal          ap-0         
  ------------------------------------------------------------------------------
  Total number: 1,printed: 1
  •  6.配置WLAN业务参数

# 创建名为“wmm”的WMM模板。

[AC-wlan-view] wmm-profile name wmm id 1
[AC-wlan-wmm-prof-wmm] quit

# 创建名为“radio”的射频模板,绑定WMM模板“wmm”。

[AC-wlan-view] radio-profile name radio id 1 
[AC-wlan-radio-prof-radio] wmm-profile name wmm 
[AC-wlan-radio-prof-radio] quit
[AC-wlan-view] quit

# 创建WLAN-ESS接口1。

[AC] interface wlan-ess 1
[AC-Wlan-Ess1] port trunk allow-pass vlan 101
[AC-Wlan-Ess1] quit

# 创建名为“security”的安全模板。

[AC] wlan
[AC-wlan-view] security-profile name security id 1
[AC-wlan-sec-prof-security] security-policy wpa2  //配置安全策略为WPA2
[AC-wlan-sec-prof-security] wpa2 authentication-method psk pass-phrase cipher huawei123 encryption-method ccmp  //配置加密方式为PSK+CCMP
[AC-wlan-sec-prof-security] quit

# 创建名为“traffic”的流量模板。

[AC-wlan-view] traffic-profile name traffic id 1
[AC-wlan-traffic-prof-traffic] quit

# 创建名为“test”的服务集并绑定WLAN-ESS接口、安全模板和流量模板。

[AC-wlan-view] service-set name test id 1
[AC-wlan-service-set-test] ssid test  //配置SSID名称为test
[AC-wlan-service-set-test] wlan-ess 1 
[AC-wlan-service-set-test] security-profile name security
[AC-wlan-service-set-test] traffic-profile name traffic
[AC-wlan-service-set-test] service-vlan 101  //缺省情况下服务集的VLAN ID为1,修改服务集的VLAN ID为101
[AC-wlan-service-set-test] forward-mode tunnel  //配置业务转发模式为隧道转发
[AC-wlan-service-set-test] quit
  •  7.配置VAP并下发

# 配置VAP。

[AC-wlan-view] ap 0 radio 0
[AC-wlan-radio-0/0] radio-profile name radio  //配置射频模板绑定到射频上
[AC-wlan-radio-0/0] service-set name test  //配置服务集绑定到射频上
[AC-wlan-radio-0/0] quit

# 提交配置。

[AC-wlan-view] commit ap 0
Warning: Committing configuration may cause service interruption, continue?[Y/N]
:y
  •  8.验证配置结果

配置完成后,通过 display vap ap 0 radio 0 命令,可以查看到VAP已创建成功。 

[AC-wlan-view] display vap ap 0 radio 0
  All VAP Information(Total-1):                                                 
  SS: Service-set     BP: Bridge-profile     MP: Mesh-profile                   
  ----------------------------------------------------------------------        
  AP ID  Radio ID  SS ID  BP ID  MP ID  WLAN ID  BSSID           Type           
  ----------------------------------------------------------------------
  0      0         1      -      -      1        60DE-4476-E360  service        
  ----------------------------------------------------------------------
  Total: 1

STA搜索到名为“test”的无线网络并关联后,无线PC能够被分配相应的IP地址,用户输入预共享密钥可以访问无线网络,在AC上执行 display station assoc-info 命令,可以查看到用户已经接入到无线网络“test”中。 

[AC-wlan-view] display station assoc-info ap 0 radio 0
  ------------------------------------------------------------------------------
  STA MAC          AP ID   RADIO ID  SS ID    SSID 
  ------------------------------------------------------------------------------
  9021-55dc-3e17   0       0         1        test
  ------------------------------------------------------------------------------
  Total stations: 1
#感谢您访问本站#
#本文转载自互联网,若侵权,请联系删除,谢谢!657271#qq.com#

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK