华为ACAP.docx

华为ACAP.docx

《华为ACAP.docx》由会员分享，可在线阅读，更多相关《华为ACAP.docx（23页珍藏版）》请在冰豆网上搜索。

华为ACAP

WLAN基本业务组网图

表1数据规划表

配置项

数据

WLAN服务

不认证，不加密。

AC的源接口

VLANIF200：

172.16.100.2/24

ACCarrierID/ACID

Other/1

AP域

10

服务集

∙SSID：

test、test1

∙数据转发模式：

直接转发

DHCP服务器

Router作为DHCP服务器，为AP和STA分配地址

AP的网关

VLANIF100：

192.168.10.1/24

AP的IP地址池

192.168.10.2～192.168.10.254/24

STA1的网关

VLANIF101：

192.168.11.1/24

STA1的IP地址池

192.168.11.2～192.168.11.254/24

STA2的网关

VLANIF102：

192.168.12.1/24

STA2的IP地址池

192.168.12.2～192.168.12.254/24

配置思路

采用如下的思路配置大型网络WLAN基本业务：

1.配置SwitchA和SwitchB，实现二层网络互通；配置SwitchB、Router和AC，实现三层网络互通。

2.在Router上配置基于全局的DHCP服务器为AP和STA分配IP地址。

3.配置WLAN基本业务，保证用户能够通过WLAN网络接入Internet。

说明：

本配置中的SwitchA采用的是华为盒式交换机，SwitchB采用的是框式交换机。

操作步骤

1.配置网络互通

2.

#配置SwitchA。

将接口GE0/0/1加入VLAN100（管理VLAN），允许VLAN101（业务VLAN）的报文通过；将接口GE0/0/2加入VLAN100（管理VLAN），允许VLAN102（业务VLAN）的报文通过；将接口GE0/0/3允许VLAN100、VLAN101和VLAN102的报文通过。

3.

说明：

4.

建议在SwitchA连接AP的接口GE0/0/1和GE0/0/2上配置端口隔离，如果不配置端口隔离，可能会在VLAN内存在不必要的广播报文，或者导致不同AP间的WLAN用户二层互通的问题。

5.

system-view

[Quidway]sysnameSwitchA

[SwitchA]vlanbatch100101102

[SwitchA]interfacegigabitethernet0/0/1

[SwitchA-GigabitEthernet0/0/1]portlink-typetrunk

[SwitchA-GigabitEthernet0/0/1]porttrunkpvidvlan100

[SwitchA-GigabitEthernet0/0/1]porttrunkallow-passvlan100101

[SwitchA-GigabitEthernet0/0/1]port-isolateenable

[SwitchA-GigabitEthernet0/0/1]quit

[SwitchA]interfacegigabitethernet0/0/2

[SwitchA-GigabitEthernet0/0/2]portlink-typetrunk

[SwitchA-GigabitEthernet0/0/2]porttrunkpvidvlan100

[SwitchA-GigabitEthernet0/0/2]porttrunkallow-passvlan100102

[SwitchA-GigabitEthernet0/0/2]port-isolateenable

[SwitchA-GigabitEthernet0/0/2]quit

[SwitchA]interfacegigabitethernet0/0/3

[SwitchA-GigabitEthernet0/0/3]portlink-typetrunk

[SwitchA-GigabitEthernet0/0/3]porttrunkallow-passvlan100to102

[SwitchA-GigabitEthernet0/0/3]quit

6.

#配置SwitchB。

配置接口GE1/0/1允许VLAN100、VLAN101和VLAN102的报文通过，GE1/0/2允许VLAN200的报文通过，GE1/0/3允许VLAN201的报文通过。

7.

system-view

[Quidway]sysnameSwitchB

[SwitchB]vlanbatch100101102200201

[SwitchB]interfacegigabitethernet1/0/1

[SwitchB-GigabitEthernet1/0/1]portlink-typetrunk

[SwitchB-GigabitEthernet1/0/1]porttrunkallow-passvlan100to102

[SwitchB-GigabitEthernet1/0/1]quit

[SwitchB]interfacegigabitethernet1/0/2

[SwitchB-GigabitEthernet1/0/2]portlink-typetrunk

[SwitchB-GigabitEthernet1/0/2]porttrunkallow-passvlan200

[SwitchB-GigabitEthernet1/0/2]quit

[SwitchB]interfacegigabitethernet1/0/3

[SwitchB-GigabitEthernet1/0/3]portlink-typetrunk

[SwitchB-GigabitEthernet1/0/3]porttrunkallow-passvlan201

[SwitchB-GigabitEthernet1/0/3]quit

[SwitchB]interfacevlanif100

[SwitchB-Vlanif100]ipaddress192.168.10.124

[SwitchB-Vlanif100]quit

[SwitchB]interfacevlanif101

[SwitchB-Vlanif101]ipaddress192.168.11.124

[SwitchB-Vlanif101]quit

[SwitchB]interfacevlanif102

[SwitchB-Vlanif102]ipaddress192.168.12.124

[SwitchB-Vlanif102]quit

[SwitchB]interfacevlanif200

[SwitchB-Vlanif200]ipaddress172.16.100.1024

[SwitchB-Vlanif200]quit

[SwitchB]interfacevlanif201

[SwitchB-Vlanif201]ipaddress172.16.101.1024

[SwitchB-Vlanif201]quit

8.

#配置AC连接SwitchB的接口Gigabitethernet0/0/1允许VLAN200的报文通过。

9.

system-view

[AC6605]sysnameAC

[AC]vlanbatch101102200

[AC]interfacevlanif200

[AC-Vlanif200]ipaddress172.16.100.224

[AC-Vlanif200]quit

[AC]interfacegigabitethernet0/0/1

[AC-GigabitEthernet0/0/1]portlink-typetrunk

[AC-GigabitEthernet0/0/1]porttrunkallow-passvlan200

[AC-GigabitEthernet0/0/1]quit

10.

#配置Router允许VLAN201的报文通过。

11.

system-view

[Huawei]sysnameRouter

[Router]vlanbatch201

[Router]interfacevlanif201

[Router-Vlanif201]ipaddress172.16.101.124

[Router-Vlanif201]quit

[Router]interfacegigabitethernet2/0/0

[Router-GigabitEthernet2/0/0]portlink-typetrunk

[Router-GigabitEthernet2/0/0]porttrunkallow-passvlan201

[Router-GigabitEthernet2/0/0]quit

12.

#配置Router到SwitchB的路由。

13.

[Router]iproute-static192.168.10.024172.16.101.10

[Router]iproute-static192.168.11.024172.16.101.10

[Router]iproute-static192.168.12.024172.16.101.10

14.

#配置SwitchB的缺省路由，下一跳为Router的VLANIF201。

15.

[SwitchB]iproute-static0.0.0.00.0.0.0172.16.101.1

16.

#配置AC到AP的路由，下一跳为SwitchB的VLANIF200。

17.

[AC]iproute-static192.168.10.024172.16.100.10

18.

19.

20.配置DHCP服务，为AP和STA分配IP地址

21.

#配置SwitchB作为DHCP中继。

22.

[SwitchB]dhcpenable

[SwitchB]interfacevlanif100

[SwitchB-Vlanif100]dhcpselectrelay

[SwitchB-Vlanif100]dhcprelayserver-ip172.16.101.1

[SwitchB-Vlanif100]quit

[SwitchB]interfacevlanif101

[SwitchB-Vlanif101]dhcpselectrelay

[SwitchB-Vlanif101]dhcprelayserver-ip172.16.101.1

[SwitchB-Vlanif101]quit

[SwitchB]interfacevlanif102

[SwitchB-Vlanif102]dhcpselectrelay

[SwitchB-Vlanif102]dhcprelayserver-ip172.16.101.1

[SwitchB-Vlanif102]quit

23.

#配置由Router作为DHCP服务器给AP和STA分配IP地址。

24.

[Router]dhcpenable

[Router]ippoolap

[Router-ip-pool-ap]network192.168.10.0mask24

[Router-ip-pool-ap]gateway-list192.168.10.1

[Router-ip-pool-ap]option43sub-option3ascii172.16.100.2

[Router-ip-pool-ap]quit

[Router]ippoolsta1

[Router-ip-pool-sta1]network192.168.11.0mask24

[Router-ip-pool-sta1]gateway-list192.168.11.1

[Router-ip-pool-sta1]quit

[Router]ippoolsta2

[Router-ip-pool-sta2]network192.168.12.0mask24

[Router-ip-pool-sta2]gateway-list192.168.12.1

[Router-ip-pool-sta2]quit

[Router]interfacevlanif201

[Router-Vlanif201]dhcpselectglobal

[Router-Vlanif201]quit

25.

26.

27.配置AC的系统参数

28.

#配置AC的国家码。

29.

[AC]wlanac-globalcountry-codecnWarning:

ModifyingthecountrycodewillclearchannelconfigurationsoftheAP

radiousingthecountrycodeandresettheAP.Ifthenewcountrycodedoesnot

supporttheradio,allconfigurationsoftheradioarecleared.Continue?

[Y/N]:

y

30.

#配置ACID和运营商标识。

31.

[AC]wlanac-globalacid1carrieridotherWarning:

ModifythecarrierIDorACIDmaycausealloftheAPoffline,continu

e?

[Y/N]:

y

32.

#配置AC的源接口。

33.

[AC]capwapsourceinterfacevlanif200

[AC]wlan

34.

说明：

35.

V200R005C00版本设备配置AC的源接口方式为：

36.

[AC]wlan

[AC-wlan-view]wlanacsourceinterfacevlanif200

37.

38.

39.在AC上管理AP

40.

#现场获取AP的MAC地址后，查看AP的设备类型ID。

41.

[AC-wlan-view]displayap-typeallAllAPtypesinformation:

------------------------------------------------------------------------------

IDType

------------------------------------------------------------------------------

17AP6010SN-GN

19AP6010DN-AGN

21AP6310SN-GN

23AP6510DN-AGN

25AP6610DN-AGN

27AP7110SN-GN

28AP7110DN-AGN

29AP5010SN-GN

30AP5010DN-AGN

31AP3010DN-AGN

33AP6510DN-AGN-US

34AP6610DN-AGN-US35AP5030DN

36AP5130DN37AP7030DE38AP2010DN39AP8130DN

40AP8030DN

42AP9330DN------------------------------------------------------------------------------

Totalnumber:

19

42.

#根据查询到的AP设备类型ID，离线添加AP。

假设AP的类型为AP6010DN-AGN，其MAC地址分别为60de-4476-e360和dcd2-fc04-b500。

43.

[AC-wlan-view]ap-auth-modemac-auth

[AC-wlan-view]apid0type-id19mac60de-4476-e360

[AC-wlan-ap-0]quit

[AC-wlan-view]apid1type-id19macdcd2-fc04-b500

[AC-wlan-ap-1]quit

44.

说明：

45.

ap-auth-mode命令缺省情况下为MAC认证，如果之前没有修改其缺省配置，可以不用执行ap-auth-modemac-auth。

46.

#配置AP域并将AP加入到AP域。

47.

[AC-wlan-view]ap-regionid10

[AC-wlan-ap-region-10]quit

[AC-wlan-view]apid0

[AC-wlan-ap-0]region-id10

[AC-wlan-ap-0]quit

[AC-wlan-view]apid1

[AC-wlan-ap-1]region-id10

[AC-wlan-ap-1]quit

48.

#将AP上电后，可以查看到AP的“APState”字段为“normal”。

49.

[AC-wlan-view]displayapallAllAPinformation:

Normal[2],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0]

Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]------------------------------------------------------------------------------

APAPAPProfileAPAP

/Region

IDTypeMACIDStateSysname

------------------------------------------------------------------------------

0AP6010DN-AGN60de-4476-e3600/10normalap-0

1AP6010DN-AGNdcd2-fc04-b5000/10normalap-1

------------------------------------------------------------------------------

Totalnumber:

2,printed:

2

50.

51.

52.配置WLAN业务参数

53.

#创建名为“wmm”的WMM模板，参数采用默认配置。

54.

[AC-wlan-view]wmm-profilenamewmmid1

[AC-wlan-wmm-prof-wmm]quit

55.

#创建名为“radio”的射频模板，绑定WMM模板“wmm”。

56.

[AC-wlan-view]radio-profilenameradioid1

[AC-wlan-radio-prof-radio]wmm-profilenamewmm

[AC-wlan-radio-prof-radio]quit

[AC-wlan-view]quit

57.

#创建WLAN-ESS接口。

58.

[AC]interfacewlan-ess0

[AC-WLAN-ESS0]porthybridpvidvlan101

[AC-WLAN-ESS0]porthybriduntaggedvlan101

[AC-WLAN-ESS0]quit

[AC]interfacewlan-ess1

[AC-WLAN-ESS1]porthybridpvidvlan102

[AC-WLAN-ESS1]porthybriduntaggedvlan102

[AC-WLAN-ESS1]quit

59.

#创建名为“security”的安全模板，参数采用默认配置，即开放认证、不加密。

60.

[AC]wlan

[AC-wlan-view]security-profilenamesecurityid1

[AC-wlan-sec-prof-security]quit

61.

#创建名为“traffic”的流量模板，参数采用默认配置。

62.

[AC-wlan-view]traffic-profilenametrafficid1

[AC-wlan-traffic-prof-traffic]quit

63.

#创建名为“test”和“test1”的服务集并绑定WLAN-ESS接口、安全模板和流量模板。

64.

[AC-wlan-view]service-setnametestid1

[AC-wlan-service-set-test]ssidtest

[AC-wlan-service-set-test]wlan-ess0

[AC-wlan-service-set-test]security-profilenamesecurity

[AC-wlan-service-set-test]traffic-profilenametraffic

[AC-wlan-service-set-test]service-vlan101

[AC-wlan-service-set-test]forward-modedirect

[AC-wlan-service-set-test]quit

[AC-wlan-view]service-setnametest1id2

[AC-wlan-service-set-test1]ssidtest1

[AC-wlan-service-set-test1]wlan-ess1

[AC-wlan-service-set-test1]security-profilenamesecurity

[AC-wlan-service-set-test1]traffic-profilenametraffic

[AC-wlan-service-set-test1]service-vlan102

[AC-wlan-service-set-test1]forward-modedirect

[AC-wlan-s