AC控制器理解配置步骤:
capwap source interface Vlanif 100 //源IP回包地址
wlan
ssid-profile name test //新建个模版名称为test
ssid test //wifi名称
wlan
security-profile name test //建立安全模版也叫test
security wpa-wpa2 psk pass-phrase admin123 aes //wifi密钥为admin123,数据包加密方式为aes
wlan
vap-profile name test //建立vap模版
ssid test //关联ssid模版
security-profile test //关联安全模版
service-vlan vlan-id 10 //关联业务vlan名称
forward-mode direct-forward //设备为本地直接转发(本地转发)
wlan
ap-group name test //建立ap组名称
vap-profile test wlan 1 radio all //关联vap模版
wlan
ap-mac 00e0-fc6e-6990 //添加ap的mac地址绑定,用sn号也可以
ap-name 1-lay-01 //ap改个位置名字
ap-group test //ap关联组进行信息发射
接入交换机配置:
dis current-configuration
sysname Huawei
undo info-center enable
vlan batch 10 100
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
interface Vlanif1
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 10 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 100
核心交换机配置:
dis cu
dis current-configuration
sysname Huawei
undo info-center enable
vlan batch 10 100
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
dhcp enable
diffserv domain default
drop-profile default
ip pool vlan10 //业务vlan
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 8.8.8.8
interface Vlanif1
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select global
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
AC控制器:
dis current-configuration
set memory-usage threshold 0
ssl renegotiation-rate 1
vlan batch 100
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
dhcp enable
diffserv domain default
radius-server template default
pki realm default
rsa local-key-pair default
enrollment self-signed
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
free-rule-template name default_free_rule
portal-access-profile name portal_access_profile
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface
capwap source interface vlanif100
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
wlan
traffic-profile name default
security-profile name test
security wpa-wpa2 psk pass-phrase %^%#AfJX#b\wyH#hH"YN~;|'n@AcNMd|Z"</2vWAJWvW
%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test
service-vlan vlan-id 10
ssid-profile test
security-profile test
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap-group name test
radio 0
vap-profile test wlan 1
radio 1
vap-profile test wlan 1
radio 2
vap-profile test wlan 1
ap-group name default
ap-id 0 type-id 69 ap-mac 00e0-fc6e-6990 ap-sn 2102354483104175B31C
ap-name 1-lay-01
ap-group test
provision-ap
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
return