华为---企业WLAN组网基本配置示例---AC+AP组网

AC+AP组网所需的物理条件

1、无线AP---收发无线信号；
2、无线控制器(AC)---用来控制管理多个AP；
3、PoE交换机---能给AP实现网络连接和供电的交换机；
4、授权：默认AC管理的AP数量有限，买授权才能管控更多AP。

WLAN创建步骤

一、AP上线

二、WLAN业务配置下发

三、无线网络终端接入WLAN

四、WLAN业务数据转发

WLAN网络中的数据包括控制报文（管理报文）和数据报文。控制报文是通过CAPWAP的控制隧道转发的，用户的数据报文分为隧道转发方式、直接转发方式。

**隧道转发方式：**用户数据报文-->AP（CAPWAP数据隧道封装后）-->AC-->转发到上层网络。

**直接转发方式：**用户数据报文-->AP（不经过AC）-->直接转发到上层网络。

网络拓扑图

代码段

复制代码

system-view 
 sysname R
interface GigabitEthernet 0/0/0 
 ip address 192.168.11.253 24


system-view 
 sysname SW
 dhcp enable
 vlan batch 10 11
interface GigabitEthernet 0/0/1
 port link-type access
 port default vlan 11
 quit
interface GigabitEthernet 0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface GigabitEthernet 0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10
 quit
interface Vlan 11
 ip address 192.168.11.254 24
 dhcp select interface
 quit


system-view 
sysname SW1
 vlan batch 10 11
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/2
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit


system-view 
 sysname AC
 dhcp enable
 vlan 10
 quit
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10
 quit
interface Vlan 10
 ip address 192.168.10.254 24
 dhcp select interface
 quit
wlan
 regulatory-domain-profile name test-d
 country-code CN
 quit
 ap-group name test-g
 regulatory-domain-profile test-d
 y
 quit
 ap auth-mode mac-auth
 ap-id 1 ap-mac 00e0-fcee-6470
 ap-name test-ap1
 ap-group test-g
 y
 ap-id 2 ap-mac 00e0-fc90-2b60
 ap-name test-ap2
 ap-group test-g
 y
 quit
 security-profile name test-s
 security wpa-wpa2 psk pass-phrase test@123 aes
 quit
 ssid-profile name test-w
 ssid test-wifi
 quit
 vap-profile name test-vap
 forward-mode direct-forward 
 service-vlan vlan-id 11
 security-profile test-s
 ssid-profile test-w
 quit
 ap-group name test-g
 vap-profile test-vap wlan 1 radio all
 quit
capwap source interface Vlanif 10
quit

配置步骤及代码---代码解析

配基础有线网络配置

<Huawei>system-view
$Huawei$ sysname R
$R-GigabitEthernet0/0/0$ ip address 192.168.11.253 24

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
$Huawei$ sysname SW
$SW$ dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
$SW$ vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
$SW$ interface GigabitEthernet 0/0/1
$SW-GigabitEthernet0/0/1$ port link-type access
$SW-GigabitEthernet0/0/1$ port default vlan 11
$SW-GigabitEthernet0/0/1$ quit
$SW$ interface GigabitEthernet 0/0/2
$SW-GigabitEthernet0/0/2$ port link-type trunk
$SW-GigabitEthernet0/0/2$ port trunk allow-pass vlan 10 11
$SW-GigabitEthernet0/0/2$ quit
$SW$ interface GigabitEthernet 0/0/3
$SW-GigabitEthernet0/0/3$ port link-type trunk
$SW-GigabitEthernet0/0/3$ port trunk allow-pass vlan 10
$SW-GigabitEthernet0/0/3$ quit
$SW$ interface Vlan 11
$SW-Vlanif11$ ip address 192.168.11.254 24
$SW-Vlanif11$ dhcp select interface
$SW-Vlanif11$ quit

<SW1>system-view
Enter system view, return user view with Ctrl+Z.
$SW1$ sysname SW1
$SW1$ vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
$SW1$ interface GigabitEthernet 0/0/1
$SW1-GigabitEthernet0/0/1$ port link-type trunk
$SW1-GigabitEthernet0/0/1$ port trunk allow-pass vlan 10 11
$SW1-GigabitEthernet0/0/1$ quit
$SW1$ interface Ethernet 0/0/1
$SW1-Ethernet0/0/1$ port link-type trunk
$SW1-Ethernet0/0/1$ port trunk pvid vlan 10
$SW1-Ethernet0/0/1$ port trunk allow-pass vlan 10 11
$SW1-Ethernet0/0/1$ quit
$SW1$ interface Ethernet 0/0/2
$SW1-Ethernet0/0/2$ port link-type trunk
$SW1-Ethernet0/0/2$ port trunk pvid vlan 10
$SW1-Ethernet0/0/2$ port trunk allow-pass vlan 10 11
$SW1-Ethernet0/0/2$ quit

<AC6605>system-view
Enter system view, return user view with Ctrl+Z.
$AC6605$ sysname AC
$AC$ dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
$AC$ vlan 10
Info: This operation may take a few seconds. Please wait for a moment...done.
$AC-vlan10$ quit
$AC$ interface GigabitEthernet 0/0/1
$AC-GigabitEthernet0/0/1$ port link-type trunk
$AC-GigabitEthernet0/0/1$ port trunk pvid vlan 10
$AC-GigabitEthernet0/0/1$ port trunk allow-pass vlan 10
$AC-GigabitEthernet0/0/1$ quit
$AC$ interface Vlan 10
$AC-Vlanif10$ ip address 192.168.10.254 24
$AC-Vlanif10$ dhcp select interface
$AC-Vlanif10$ quit

AP上线和业务配置

$AC$ wlan
$AC-wlan-view$ regulatory-domain-profile name test-d //创建域管理模板test-d
$AC-wlan-regulate-domain-test-d$ country-code CN //国家代码选择中国
Info: The current country code is same with the input country code.
$AC-wlan-regulate-domain-test-d$ quit
$AC-wlan-view$ ap-group name test-g //创建AP组test-g
Info: This operation may take a few seconds. Please wait for a moment.done.
$AC-wlan-ap-group-test-g$ regulatory-domain-profile test-d //AP组的域管理模板是test-d
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue? $Y/N$ :y
$AC-wlan-ap-group-test-g$ quit
$AC-wlan-view$ ap auth-mode mac-auth //AP的认证模式为MAC认证

AP离线加入

$AC-wlan-view$ ap-id 1 ap-mac 00e0-fcee-6470 //AP的编号和MAC地址
$AC-wlan-ap-1$ ap-name test-ap1 //AP的名字为test-ap1
$AC-wlan-ap-1$ ap-group test-g //AP属于AP组test-g
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? $Y/N$ :y
Info: This operation may take a few seconds. Please wait for a moment.. done.
$AC-wlan-ap-1$ ap-id 2 ap-mac 00e0-fc90-2b60
$AC-wlan-ap-2$ ap-name test-ap2
$AC-wlan-ap-2$ ap-group test-g
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? $Y/N$ :y
Info: This operation may take a few seconds. Please wait for a moment.. done.
$AC-wlan-ap-2$ quit
$AC-wlan-view$ security-profile name test-s //安全模板的名字为test-s
$AC-wlan-sec-prof-test-s$ security wpa-wpa2 psk pass-phrase test@123 aes //无线网密码是test@123，用AES加密。
$AC-wlan-sec-prof-test-s$ quit
$AC-wlan-view$ ssid-profile name test-w //ssid的模板名字为test-w
$AC-wlan-ssid-prof-test-w$ ssid test-wifi //ssid的名称为test-wifi
Info: This operation may take a few seconds, please wait.done.
$AC-wlan-ssid-prof-test-w$ quit
$AC-wlan-view$ vap-profile name test-vap //vap模板的名字叫test-vap
$AC-wlan-vap-prof-test-vap$ forward-mode direct-forward //转发模式为直接转发
$AC-wlan-vap-prof-test-vap$ service-vlan vlan-id 11 //服务VLAN的ID为11
Info: This operation may take a few seconds, please wait.done.
$AC-wlan-vap-prof-test-vap$ security-profile test-s //调用安全模板test-s
Info: This operation may take a few seconds, please wait.done.
$AC-wlan-vap-prof-test-vap$ ssid-profile test-w //调用SSID模板test-w
Info: This operation may take a few seconds, please wait.done.
$AC-wlan-vap-prof-test-vap$ quit
$AC-wlan-view$ ap-group name test-g
$AC-wlan-ap-group-test-g$ vap-profile test-vap wlan 1 radio all //调用VAP模板test-vap，wlan所有频道
Info: This operation may take a few seconds, please wait...done.
$AC-wlan-ap-group-test-g$ quit
$AC-wlan-view$ capwap source interface Vlanif 10 //AC的capwap隧道源接口为vlan 10
$AC$ quit

STA接入

测试验证

管理vlan和业务vlan通信正常。