cjh 4.5 华为无线:Lab_华为模拟器:配置小型网络WLAN基本业务示例(IPv4网络)
4.5 华为无线:Lab_华为模拟器:配置小型网络WLAN基本业务示例(IPv4网络)
两个AP的MAC地址:
[SW1]display mac-address
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
00e0-fc27-30d0 100 - - GE0/0/12 dynamic 0/-
00e0-fcd6-2df0 100 - - GE0/0/11 dynamic 0/-
00e0-fc70-2a40 100 - - GE0/0/1 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 3
[SW1]
配置AC,使AP与AC之间能够传输CAPWAP报文
AC6005:
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
#
vlan batch 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
SW1:
vlan batch 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 100
#
配置AC作为DHCP服务器,为STA和AP分配IP地址
#
dhcp enable
#
dhcp server database enable
#
#
ip pool vlan100
gateway-list 10.23.100.1
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.2 10.23.100.100
excluded-ip-address 10.23.100.200 10.23.100.254
lease day 0 hour 1 minute 0
dns-list 223.5.5.5 119.29.29.29
#
ip pool vlan101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.100
excluded-ip-address 10.23.101.200 10.23.101.254
lease day 0 hour 1 minute 0
dns-list 223.5.5.5 119.29.29.29
#
interface Vlanif100
dhcp select global
#
interface Vlanif101
dhcp select global
#
配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中。
wlan
ap-group name ap-group1
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
wlan
regulatory-domain-profile name domain1
country-code cn
ap-group name ap-group1
regulatory-domain-profile domain1
# 配置AC的源接口。
[AC6005]capwap source interface Vlanif 100
# 在AC上离线导入AP,并将AP加入AP组“ap-group1”中。
假设AP的MAC地址为60de-4476-e360,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。
例如MAC地址为60de-4476-e360的AP部署在1号区域,命名此AP为area_1。
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth命令。
[AC6005-wlan-view]ap auth-mode ?
mac-auth MAC authenticated mode, default authenticated mode
no-auth No authenticated mode
sn-auth SN authenticated mode
[AC6005-wlan-view]
举例中使用的AP为AP6050DN,具有射频0和射频1两个射频。AP5030DN的射频0为2.4GHz射频,射频1为5GHz射频。
[AC6005] wlan
[AC6005-wlan-view] ap auth-mode mac-auth
[AC6005-wlan-view] ap-id 0 ap-mac 00e0-fcd6-2df0
[AC6005-wlan-ap-0] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC6005-wlan-ap-0] ap-group ap-group1
Warning:
This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configuration s of the radio,
Whether to continue? [Y/N]:y
[AC6005-wlan-ap-0] quit
# 将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。
需要点时间ap才会正常:
配置WLAN业务参数
# 创建名为“wlan-security”的安全模板,并配置安全策略。
举例中以配置WPA2+PSK+AES的安全策略为例,密码为“a1234567”
[AC6005]wlan
[AC6005-wlan-view] security-profile name wlan-security
[AC6005-wlan-sec-prof-wlan-security]security wpa2 psk pass-phrase a1234567 aes
[AC6005-wlan-sec-prof-wlan-security]quit
[AC6005-wlan-view]
wlan
security-profile name wlan-security
security wpa2 psk pass-phrase a1234567 aes
# 创建名为“wlan-ssid”的SSID模板,并配置SSID名称为“wlan-net”。
wlan
ssid-profile name wlan-ssid
ssid wlan-net
# 创建名为“wlan-vap”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
wlan
vap-profile name wlan-vap
forward-mode tunnel
service-vlan vlan-id 101
ssid-profile wlan-ssid
security-profile wlan-security
# 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-vap”的配置。
[AC6005-wlan-view] ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
[AC6005-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
配置AP射频的信道和功率(eNSP模拟器不支持此步)
射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效。举例中AP射频的信道和功率仅为示例,实际配置中请根据AP的国家码和网规结果进行配置。
# 关闭AP射频0的信道和功率自动调优功能,并配置AP射频0的信道和功率。
# 关闭AP射频0的信道和功率自动调优功能,并配置AP射频0的信道和功率。
[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio 0
[AC-wlan-radio-0/0] calibrate auto-channel-select disable
[AC-wlan-radio-0/0] calibrate auto-txpower-select disable
[AC-wlan-radio-0/0] channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0] eirp 127
[AC-wlan-radio-0/0] quit
# 关闭AP射频1的信道和功率自动调优功能,并配置AP射频1的信道和功率。
[AC-wlan-ap-0] radio 1
[AC-wlan-radio-0/1] calibrate auto-channel-select disable
[AC-wlan-radio-0/1] calibrate auto-txpower-select disable
[AC-wlan-radio-0/1] channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1] eirp 127
[AC-wlan-radio-0/1] quit
[AC-wlan-ap-0] quit
证配置结果
WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid wlan-net查看如下信息,当“Status”项显示为“ON”时,表示AP对应的射频上的VAP已创建成功。
[AC6005]display vap ssid wlan-net
STA搜索到名为“wlan-net”的无线网络,输入密码“a1234567”并正常关联后,在AC上执行display station ssid wlan-net命令,可以查看到用户已经接入到无线网络“wlan-net”中。
[AC6005]display station ssid wlan-net
配置文件:
[AC6005]display current-configuration
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 100 to 101
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
lldp enable
#
dhcp enable
#
dhcp server database enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool vlan100
gateway-list 10.23.100.1
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.2 10.23.100.100
excluded-ip-address 10.23.100.200 10.23.100.254
lease day 0 hour 1 minute 0
dns-list 223.5.5.5 119.29.29.29
#
ip pool vlan101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.100
excluded-ip-address 10.23.101.200 10.23.101.254
lease day 0 hour 1 minute 0
dns-list 223.5.5.5 119.29.29.29
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$J-=)F7$w&;$=re9E>huc:g+e[W$[.PI'qS*3SwtKK>VRy1cyEWM$
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select global
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo negotiation auto
duplex half
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
capwap source interface vlanif100
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security-profile name default-mesh
security-profile name wlan-security
security wpa2 psk pass-phrase %^%#{\yY+~^v_~&%p5;4I<@.InLgD@|*DR@cd~.FzLKI%^%# aes
ssid-profile name default
ssid-profile name wlan-ssid
ssid wlan-net
vap-profile name default
vap-profile name wlan-vap
forward-mode tunnel
service-vlan vlan-id 101
ssid-profile wlan-ssid
security-profile wlan-security
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile wlan-vap wlan 1
radio 1
vap-profile wlan-vap wlan 1
ap-id 0 type-id 56 ap-mac 00e0-fcd6-2df0 ap-sn 2102354483109E78CA6F
ap-name area_1
ap-group ap-group1
ap-id 1 type-id 56 ap-mac 00e0-fc27-30d0 ap-sn 210235448310C43C1A72
ap-name area_2
ap-group ap-group1
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return
[AC6005]
无线(列表、list、全)wlanlist、无线list
http://www.zh-cjh.com/wenzhangguilei/223.html
2、本资源基本为原创,部分来源其他付费资源平台或互联网收集,如有侵权请联系及时处理。
3、本站大部分文章的截图来源实验测试环境,请不要在生产环境中随意模仿,以免带来灾难性后果。
转载请保留出处: www.zh-cjh.com珠海陈坚浩博客 » 4.5 华为无线:Lab_华为模拟器:配置小型网络WLAN基本业务示例(IPv4网络)
作者: cjh
| 手机扫一扫,手机上查看此文章: |
一切源于价值!
其他 模板文件不存在: ./template/plugins/comment/pc/index.htm