华为---企业WLAN组网基本配置示例---AC+AP组网

AC+AP组网所需的物理条件

1、无线AP---收发无线信号；
2、无线控制器(AC)---用来控制管理多个AP；
3、PoE交换机---能给AP实现网络连接和供电的交换机；
4、授权：默认AC管理的AP数量有限，买授权才能管控更多AP。

WLAN创建步骤

一、AP上线

二、WLAN业务配置下发

三、无线网络终端接入WLAN

四、WLAN业务数据转发

WLAN网络中的数据包括控制报文（管理报文）和数据报文。控制报文是通过CAPWAP的控制隧道转发的，用户的数据报文分为隧道转发方式、直接转发方式。

**隧道转发方式：**用户数据报文-->AP（CAPWAP数据隧道封装后）-->AC-->转发到上层网络。

**直接转发方式：**用户数据报文-->AP（不经过AC）-->直接转发到上层网络。

网络拓扑图

代码段

复制代码

system-view 
 sysname R
interface GigabitEthernet 0/0/0 
 ip address 192.168.11.253 24


system-view 
 sysname SW
 dhcp enable
 vlan batch 10 11
interface GigabitEthernet 0/0/1
 port link-type access
 port default vlan 11
 quit
interface GigabitEthernet 0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface GigabitEthernet 0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10
 quit
interface Vlan 11
 ip address 192.168.11.254 24
 dhcp select interface
 quit


system-view 
sysname SW1
 vlan batch 10 11
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/2
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit


system-view 
 sysname AC
 dhcp enable
 vlan 10
 quit
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10
 quit
interface Vlan 10
 ip address 192.168.10.254 24
 dhcp select interface
 quit
wlan
 regulatory-domain-profile name test-d
 country-code CN
 quit
 ap-group name test-g
 regulatory-domain-profile test-d
 y
 quit
 ap auth-mode mac-auth
 ap-id 1 ap-mac 00e0-fcee-6470
 ap-name test-ap1
 ap-group test-g
 y
 ap-id 2 ap-mac 00e0-fc90-2b60
 ap-name test-ap2
 ap-group test-g
 y
 quit
 security-profile name test-s
 security wpa-wpa2 psk pass-phrase test@123 aes
 quit
 ssid-profile name test-w
 ssid test-wifi
 quit
 vap-profile name test-vap
 forward-mode direct-forward 
 service-vlan vlan-id 11
 security-profile test-s
 ssid-profile test-w
 quit
 ap-group name test-g
 vap-profile test-vap wlan 1 radio all
 quit
capwap source interface Vlanif 10
quit

配置步骤及代码---代码解析

配基础有线网络配置

<Huawei>system-view

Huawei\] sysname R \[R-GigabitEthernet0/0/0\] ip address 192.168.11.253 24 \system-view Enter system view, return user view with Ctrl+Z. \[Huawei\] sysname SW \[SW\] dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[SW\] vlan batch 10 11 Info: This operation may take a few seconds. Please wait for a moment...done. \[SW\]interface GigabitEthernet 0/0/1 \[SW-GigabitEthernet0/0/1\] port link-type access \[SW-GigabitEthernet0/0/1\] port default vlan 11 \[SW-GigabitEthernet0/0/1\] quit \[SW\]interface GigabitEthernet 0/0/2 \[SW-GigabitEthernet0/0/2\] port link-type trunk \[SW-GigabitEthernet0/0/2\] port trunk allow-pass vlan 10 11 \[SW-GigabitEthernet0/0/2\] quit \[SW\]interface GigabitEthernet 0/0/3 \[SW-GigabitEthernet0/0/3\] port link-type trunk \[SW-GigabitEthernet0/0/3\] port trunk allow-pass vlan 10 \[SW-GigabitEthernet0/0/3\] quit \[SW\]interface Vlan 11 \[SW-Vlanif11\] ip address 192.168.11.254 24 \[SW-Vlanif11\] dhcp select interface \[SW-Vlanif11\] quit \system-view Enter system view, return user view with Ctrl+Z. \[SW1\]sysname SW1 \[SW1\] vlan batch 10 11 Info: This operation may take a few seconds. Please wait for a moment...done. \[SW1\]interface GigabitEthernet 0/0/1 \[SW1-GigabitEthernet0/0/1\] port link-type trunk \[SW1-GigabitEthernet0/0/1\] port trunk allow-pass vlan 10 11 \[SW1-GigabitEthernet0/0/1\] quit \[SW1\]interface Ethernet 0/0/1 \[SW1-Ethernet0/0/1\] port link-type trunk \[SW1-Ethernet0/0/1\] port trunk pvid vlan 10 \[SW1-Ethernet0/0/1\] port trunk allow-pass vlan 10 11 \[SW1-Ethernet0/0/1\] quit \[SW1\]interface Ethernet 0/0/2 \[SW1-Ethernet0/0/2\] port link-type trunk \[SW1-Ethernet0/0/2\] port trunk pvid vlan 10 \[SW1-Ethernet0/0/2\] port trunk allow-pass vlan 10 11 \[SW1-Ethernet0/0/2\] quit \system-view Enter system view, return user view with Ctrl+Z. \[AC6605\] sysname AC \[AC\] dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. \[AC\] vlan 10 Info: This operation may take a few seconds. Please wait for a moment...done. \[AC-vlan10\] quit \[AC\]interface GigabitEthernet 0/0/1 \[AC-GigabitEthernet0/0/1\] port link-type trunk \[AC-GigabitEthernet0/0/1\] port trunk pvid vlan 10 \[AC-GigabitEthernet0/0/1\] port trunk allow-pass vlan 10 \[AC-GigabitEthernet0/0/1\] quit \[AC\]interface Vlan 10 \[AC-Vlanif10\] ip address 192.168.10.254 24 \[AC-Vlanif10\] dhcp select interface \[AC-Vlanif10\] quit #### AP上线和业务配置 \[AC\]wlan \[AC-wlan-view\] regulatory-domain-profile name test-d //创建域管理模板test-d \[AC-wlan-regulate-domain-test-d\] country-code CN //国家代码选择中国 Info: The current country code is same with the input country code. \[AC-wlan-regulate-domain-test-d\] quit \[AC-wlan-view\] ap-group name test-g //创建AP组test-g Info: This operation may take a few seconds. Please wait for a moment.done. \[AC-wlan-ap-group-test-g\] regulatory-domain-profile test-d //AP组的域管理模板是test-d Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?\[Y/N\]:y \[AC-wlan-ap-group-test-g\]quit \[AC-wlan-view\] ap auth-mode mac-auth //AP的认证模式为MAC认证 AP离线加入 \[AC-wlan-view\] ap-id 1 ap-mac 00e0-fcee-6470 //AP的编号和MAC地址 \[AC-wlan-ap-1\] ap-name test-ap1 //AP的名字为test-ap1 \[AC-wlan-ap-1\] ap-group test-g //AP属于AP组test-g Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? \[Y/N\]:y Info: This operation may take a few seconds. Please wait for a moment.. done. \[AC-wlan-ap-1\]ap-id 2 ap-mac 00e0-fc90-2b60 \[AC-wlan-ap-2\] ap-name test-ap2 \[AC-wlan-ap-2\] ap-group test-g Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? \[Y/N\]:y Info: This operation may take a few seconds. Please wait for a moment.. done. \[AC-wlan-ap-2\]quit \[AC-wlan-view\] security-profile name test-s //安全模板的名字为test-s \[AC-wlan-sec-prof-test-s\] security wpa-wpa2 psk pass-phrase test@123 aes //无线网密码是test@123，用AES加密。 \[AC-wlan-sec-prof-test-s\] quit \[AC-wlan-view\] ssid-profile name test-w //ssid的模板名字为test-w \[AC-wlan-ssid-prof-test-w\] ssid test-wifi //ssid的名称为test-wifi Info: This operation may take a few seconds, please wait.done. \[AC-wlan-ssid-prof-test-w\] quit \[AC-wlan-view\] vap-profile name test-vap //vap模板的名字叫test-vap \[AC-wlan-vap-prof-test-vap\] forward-mode direct-forward //转发模式为直接转发 \[AC-wlan-vap-prof-test-vap\] service-vlan vlan-id 11 //服务VLAN的ID为11 Info: This operation may take a few seconds, please wait.done. \[AC-wlan-vap-prof-test-vap\] security-profile test-s //调用安全模板test-s Info: This operation may take a few seconds, please wait.done. \[AC-wlan-vap-prof-test-vap\] ssid-profile test-w //调用SSID模板test-w Info: This operation may take a few seconds, please wait.done. \[AC-wlan-vap-prof-test-vap\] quit \[AC-wlan-view\] ap-group name test-g \[AC-wlan-ap-group-test-g\] vap-profile test-vap wlan 1 radio all //调用VAP模板test-vap，wlan所有频道 Info: This operation may take a few seconds, please wait...done. \[AC-wlan-ap-group-test-g\] quit \[AC-wlan-view\]capwap source interface Vlanif 10 //AC的capwap隧道源接口为vlan 10 \[AC\]quit #### STA接入 ![](https://file.jishuzhan.net/article/1714563145554464770/196bd6180ee3f7aaaef324439398ca47.webp) ### 测试验证 ![](https://file.jishuzhan.net/article/1714563145554464770/0a179f1f37f8728467f144b6498cc399.webp) ![](https://file.jishuzhan.net/article/1714563145554464770/469132086bf349c9536c5e7c1f7c3397.webp) ![](https://file.jishuzhan.net/article/1714563145554464770/6b399aea06403041e89f56f0fbc61a5d.webp) ![](https://file.jishuzhan.net/article/1714563145554464770/d6ef7dcc911b0e4e1ce802ead9b3d139.webp) ![](https://file.jishuzhan.net/article/1714563145554464770/6dd5119808810323989964859001bcee.webp) 管理vlan和业务vlan通信正常。