华为配置中心AP内漫游示例
组网图形
图1配置中心AP内漫游组网图
- 配置流程
- 组网需求
- 配置思路
- 数据规划
- 配置注意事项
- 操作步骤
- 配置文件
配置流程
WLAN不同的特性和功能需要在不同类型的模板下进行配置和维护,这些模板统称为WLAN模板,如域管理模板、射频模板、VAP模板、AP系统模板、AP有线口模板、WIDS模板。当用户在配置WLAN业务功能时,需要在对应功能的WLAN模板中进行参数配置,配置完成后,须将此模板引用到AP组或AP中,配置才会自动下发到RU,进而配置的功能在RU上生效。由于模板之间是存在相互引用关系的,因此在用户配置过程中,需要提前了解各个模板之间存在的逻辑关系。模板的逻辑关系和基本配置流程请参见WLAN业务配置流程。
组网需求
某小型企业为员工提供WLAN网络业务,由于场所面积不大,可以通过一台中心AP对RU进行管理。同时为了区分部门进行管理,不同部门的员工在不同的子网。企业希望员工在企业内部移动办公的同时网络业务不中断。
如图1所示,中心AP为企业员工提供业务服务,中心AP分别通过Switch_1和Switch_2连接area_1和area_2。
配置思路
采用如下的思路配置中心AP内漫游:
- 配置网络互通,使RU与中心AP之间能够传输CAPWAP报文。
- 配置中心AP作为DHCP服务器,为STA和RU分配IP地址。
- 配置WLAN基本业务,保证用户能够连接到无线网络。
数据规划
| 配置项 | 数据 |
|---|---|
| DHCP服务器 | 中心AP作为DHCP服务器为STA和RU分配IP地址 |
| RU的IP地址池 | 10.23.100.2~10.23.100.254/24 |
| STA的IP地址池 | 10.23.101.2~10.23.101.254/24 |
| 中心AP的源接口IP地址 | VLANIF100:10.23.100.1/24 |
| AP组 | * 名称:ap-group1 * 引用模板:VAP模板wlan-vap1、域管理模板domain |
| 域管理模板 | * 名称:domain * 国家码:CN |
| SSID模板 | * 名称:wlan-ssid * SSID名称:wlan-net |
| 安全模板 | * 名称:wlan-security * 安全策略:WPA2+PSK+AES * 密码:a1234567 |
| VAP模板 | * 名称:wlan-vap1 * 业务VLAN:VLAN101 * 引用模板:SSID模板wlan-ssid、安全模板wlan-security |
配置注意事项
建议在与RU直连的设备接口上配置端口隔离,如果不配置端口隔离,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
操作步骤
-
配置Switch和中心AP,使RU和中心AP互通。
javascript# 在接入交换机Switch_1上创建VLAN100(管理VLAN)。Switch_1连接RU_1的接口GE0/0/1和连接中心AP的接口GE0/0/2加入VLAN100。 <HUAWEI> system-view [HUAWEI] sysname Switch_1 [Switch_1] vlan batch 100 [Switch_1] interface gigabitethernet 0/0/1 [Switch_1-GigabitEthernet0/0/1] port link-type trunk [Switch_1-GigabitEthernet0/0/1] port trunk pvid vlan 100 [Switch_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch_1-GigabitEthernet0/0/1] quit [Switch_1] interface gigabitethernet 0/0/2 [Switch_1-GigabitEthernet0/0/2] port link-type trunk [Switch_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [Switch_1-GigabitEthernet0/0/2] quit # 在接入交换机Switch_2上创建VLAN100(管理VLAN)。Switch_2连接RU_2的接口GE0/0/1和连接中心AP的接口GE0/0/2加入VLAN100。 <HUAWEI> system-view [HUAWEI] sysname Switch_2 [Switch_2] vlan batch 100 [Switch_2] interface gigabitethernet 0/0/1 [Switch_2-GigabitEthernet0/0/1] port link-type trunk [Switch_2-GigabitEthernet0/0/1] port trunk pvid vlan 100 [Switch_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch_2-GigabitEthernet0/0/1] quit [Switch_2] interface gigabitethernet 0/0/2 [Switch_2-GigabitEthernet0/0/2] port link-type trunk [Switch_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [Switch_2-GigabitEthernet0/0/2] quit # 配置中心AP连接Switch_1的接口GE0/0/1和连接Switch_2的接口GE0/0/2加入VLAN100。 <HUAWEI> system-view [HUAWEI] sysname AP [AP] vlan batch 100 to 101 [AP] interface gigabitethernet 0/0/1 [AP-GigabitEthernet0/0/1] port link-type trunk [AP-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AP-GigabitEthernet0/0/1] quit [AP] interface gigabitethernet 0/0/2 [AP-GigabitEthernet0/0/2] port link-type trunk [AP-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [AP-GigabitEthernet0/0/2] quit -
配置中心AP作为DHCP服务器,为STA和RU分配IP地址
javascript# 配置基于接口地址池的DHCP服务器,其中,VLANIF100接口为RU提供IP地址,VLANIF101为STA提供IP地址。 DNS服务器地址请根据实际需要配置。常用配置方法如下: 接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。 全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。 [AP] dhcp enable [AP] interface vlanif 100 [AP-Vlanif100] ip address 10.23.100.1 255.255.255.0 [AP-Vlanif100] dhcp select interface [AP-Vlanif100] quit [AP] interface vlanif 101 [AP-Vlanif101] ip address 10.23.101.1 255.255.255.0 [AP-Vlanif101] dhcp select interface [AP-Vlanif101] quit -
配置RU上线
javascript# 创建AP组"ap-group1"。 [AP] wlan [AP-wlan-view] ap-group name ap-group1 [AP-wlan-ap-group-ap-group1] quit # 创建域管理模板,在域管理模板下配置中心AP的国家码并在AP组下引用域管理模板。 [AP-wlan-view] regulatory-domain-profile name domain [AP-wlan-regulatory-domain-domain] country-code cn [AP-wlan-regulatory-domain-domain] quit [AP-wlan-view] ap-group name ap-group1 [AP-wlan-ap-group-ap-group1] regulatory-domain-profile domain Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AP-wlan-ap-group-ap-group1] quit # 配置中心AP上RU的管理VLAN。javascript[AP] management-vlan 100 # 在中心AP上离线导入RU,并将RU加入AP组"ap-group1"中。假设RU的MAC地址为60de-4476-e360,并且根据RU的部署位置为RU配置名称,便于从名称上就能够了解RU的部署位置。例如MAC地址为60de-4476-e360的RU部署在1号区域,命名此RU为area_1。 ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。 举例中使用的RU为R240D,具有射频0和射频1两个射频。R240D的射频0为2.4GHz射频,射频1为5GHz射频。 [AP] wlan [AP-wlan-view] ap auth-mode mac-auth [AP-wlan-view] ap-id 1 ap-mac 60de-4476-e360 [AP-wlan-ap-1] ap-name area_1 Warning: This operation may cause AP reset. Continue? [Y/N]:y [AP-wlan-ap-1] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AP-wlan-ap-1] quit [AP-wlan-view] ap-id 2 ap-mac dcd2-fc04-b500 [AP-wlan-ap-2] ap-name area_2 Warning: This operation may cause AP reset. Continue? [Y/N]:y [AP-wlan-ap-2] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AP-wlan-ap-2] quit # 将RU上电后,当执行命令display ap all查看到RU的"State"字段为"nor"时,表示RU正常上线。 [AP-wlan-view] display ap all Total AP information: nor : normal [2] ExtraInfo : Extra information P : insufficient power supply ---------------------------------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime ExtraInfo ---------------------------------------------------------------------------------------------------------- 1 60de-4476-e360 area_1 ap-group1 10.23.100.254 R240D nor 0 15S - 2 dcd2-fc04-b500 area_2 ap-group1 10.23.100.253 R240D nor 0 10S - ---------------------------------------------------------------------------------------------------------- Total: 2 -
配置WLAN业务参数
javascript# 创建名为"wlan-security"的安全模板,并配置安全策略。 举例中以配置WPA2+PSK+AES的安全策略为例,密码为a1234567,实际配置时请根据实际情况,配置符合实际要求的安全策略。 [AP-wlan-view] security-profile name wlan-security [AP-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes [AP-wlan-sec-prof-wlan-security] quit # 创建名为"wlan-ssid"的SSID模板,并配置SSID名称为"wlan-net"。 [AP-wlan-view] ssid-profile name wlan-ssid [AP-wlan-ssid-prof-wlan-ssid] ssid wlan-net Warning: This action may cause service interruption. Continue?[Y/N]y [AP-wlan-ssid-prof-wlan-ssid] quit # 创建名为"wlan-vap1"的VAP模板,配置业务VLAN,并引用安全模板"wlan-security"和SSID模板"wlan-ssid"。 [AP-wlan-view] vap-profile name wlan-vap1 [AP-wlan-vap-prof-wlan-vap1] service-vlan vlan-id 101 [AP-wlan-vap-prof-wlan-vap1] security-profile wlan-security [AP-wlan-vap-prof-wlan-vap1] ssid-profile wlan-ssid [AP-wlan-vap-prof-wlan-vap1] quit # 配置AP组引用VAP模板,RU上射频0和射频1都使用VAP模板"wlan-vap"的配置。 [AP-wlan-view] ap-group name ap-group1 [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 0 [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 1 [AP-wlan-ap-group-ap-group1] quit -
配置RU射频的信道和功率
javascript射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效。举例中RU射频的信道和功率仅为示例,实际配置中请根据RU的国家码和网规结果进行配置。 # 关闭RU射频0的信道和功率自动调优功能,并配置RU射频0的信道和功率。 [AP-wlan-view] ap-id 1 [AP-wlan-ap-1] radio 0 [AP-wlan-radio-1/0] calibrate auto-channel-select disable [AP-wlan-radio-1/0] calibrate auto-txpower-select disable [AP-wlan-radio-1/0] channel 20mhz 6 Warning: This action may cause service interruption. Continue?[Y/N]y [AP-wlan-radio-1/0] eirp 127 [AP-wlan-radio-1/0] quit # 关闭RU射频1的信道和功率自动调优功能,并配置RU射频1的信道和功率。 [AP-wlan-ap-1] radio 1 [AP-wlan-radio-1/1] calibrate auto-channel-select disable [AP-wlan-radio-1/1] calibrate auto-txpower-select disable [AP-wlan-radio-1/1] channel 20mhz 149 Warning: This action may cause service interruption. Continue?[Y/N]y [AP-wlan-radio-1/1] eirp 127 [AP-wlan-radio-1/1] quit [AP-wlan-ap-1] quit -
验证配置结果
javascriptWLAN业务配置会自动下发给RU,配置完成后,执行命令display vap ssid wlan-net查看VAP信息,当"Status"显示为"ON"时,表示RU对应射频上的VAP已创建成功。 [AP-wlan-view] display vap ssid wlan-net WID : WLAN ID -------------------------------------------------------------------------------------- AP ID AP name RfID WID BSSID Status Auth type STA SSID -------------------------------------------------------------------------------------- 1 area_1 0 1 60DE-4476-E360 ON WPA2-PSK 0 wlan-net 1 area_1 1 1 60DE-4476-E370 ON WPA2-PSK 0 wlan-net 2 area_2 0 1 DCD2-FC04-B500 ON WPA2-PSK 0 wlan-net 2 area_2 1 1 DCD2-FC04-B510 ON WPA2-PSK 0 wlan-net --------------------------------------------------------------------------------------- Total: 2 STA在RU_1的覆盖范围内搜索到SSID为"wlan-net"的无线网络,输入密码"a1234567"并正常关联后,在中心AP上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了RU_1,STA的MAC地址为"e019-1dc7-1e08"。 [AP-wlan-view] display station ssid wlan-net Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------ e019-1dc7-1e08 1 area_1 1/1 5G 11n 46/59 -57 101 10.23.101.254 ------------------------------------------------------------------------------------ Total: 1 2.4G: 0 5G: 1 当STA从RU_1的覆盖范围移动到RU_2的覆盖范围时,在中心AP上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了RU_2。 [AP-wlan-view] display station ssid wlan-net Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------ e019-1dc7-1e08 2 area_2 1/1 5G 11n 46/59 -58 101 10.23.101.254 ------------------------------------------------------------------------------------ Total: 1 2.4G: 0 5G: 1 在中心AP上执行命令display station roam-track sta-mac e019-1dc7-1e08,可以查看该STA的漫游轨迹。 [AP-wlan-view] display station roam-track sta-mac e019-1dc7-1e08 Access SSID:wlan-net Rx/Tx: link receive rate/link transmit rate(Mbps) s:Same Frequency Network c:PMK Cache Roam r:802.11r Roam ------------------------------------------------------------------------------ L2/L3 AC IP AP name Radio ID BSSID TIME In/Out RSSI Out Rx/Tx ------------------------------------------------------------------------------ -- - area_1 1 60de-4476-e360 2015/02/07 17:48:30 -57/-58 46/65 L2 - area_2 1 dcd2-fc04-b500 2015/02/07 17:54:50 -58/- -/- ------------------------------------------------------------------------------ Number: 1
配置文件
javascript
Switch_1的配置文件
#
sysname Switch_1
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return
Switch_2的配置文件
#
sysname Switch_2
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
return
中心AP的配置文件
#
sysname AP
#
vlan batch 100 to 101
#
dhcp enable
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
management-vlan 100
#
wlan
security-profile name wlan-security
security wpa2 psk pass-phrase %^%#]:krYrz_r<ee}|Cq@9V(W{ZD$"\-R-HD_y.4#U4,%^%# aes
ssid-profile name wlan-ssid
ssid wlan-net
vap-profile name wlan-vap1
service-vlan vlan-id 101
ssid-profile wlan-ssid
security-profile wlan-security
regulatory-domain-profile name domain
ap-group name ap-group1
regulatory-domain-profile domain
radio 0
vap-profile wlan-vap1 wlan 1
radio 1
vap-profile wlan-vap1 wlan 1
ap-id 1 type-id 55 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
ap-name area_1
ap-group ap-group1
radio 0
channel 20mhz 6
eirp 127
radio 1
channel 20mhz 149
eirp 127
ap-id 2 type-id 55 ap-mac dcd2-fc04-b500 ap-sn 210235554710CB000078
ap-name area_2
ap-group ap-group1
#
return