华为配置Hotspot2.0无线网络示例

配置Hotspot2.0无线网络示例

组网图形

图1配置Hotspot2.0无线网络组网图

  • 组网需求
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件
组网需求

某网络服务商在原有移动网络业务的基础上,新增部署WLAN网络接入业务,为用户提供更好的网络体验。但传统的WLAN网络业务需要用户手动选择SSID,手动接入网络并设置认证信息,用户体验较差。为了提升用户体验,部署Hotspot2.0业务,使用SIM作为用户的身份凭证,让用户无感知的自动接入正确的网络。

配置思路

采用如下的思路配置Hotspot2.0业务:

  1. 配置网络互通和WLAN基本业务,WLAN基本业务的配置可以参考配置FAT AP二层组网示例
  2. 根据服务商的AAA服务器信息,配置WPA2-802.1X认证。
  3. 配置禁止AP下行的广播/组播报文。
  4. 根据服务商的网络信息,配置Hotspot2.0业务。
配置项 数据
DHCP服务器 AP作为DHCP服务器为STA分配IP地址
AP的IP地址 10.23.101.1/24
STA的IP地址池 10.23.101.3~10.23.101.254/24
SSID模板 * 名称:wlan-ssid * SSID名称:wlan-net
安全模板 * 名称:wlan-security * 安全策略:WPA2+802.1X+AES
认证模板 * 名称:wlan-dot1x * 引用模板:802.1X接入模板wlan-dot1x * 认证方案:wlan-authen
流量模板 * 名称:wlan-traffic * 功能:ARP代理和ND代理,禁止下行广播/组播报文
Hotspot2.0模板 * 名称:wlan-hs2 * 网络类型:公共免费网络 * P2P交叉连接功能:不禁止 * 场所类型:咖啡馆(对应的组类型和子类型编码为1和13) * HESSID:60de-4476-e360 * IP地址支持状态:IPv4和IPv6可用 * 网络认证类型:需要接收使用条款及条件。 * 蜂窝网络信息:46000 * 网络连接能力:允许SSH * 热点运营商友好名称:mobileA * 频段指示编号:81 * 热点运营商域名:www.mobileA.com * NAI域:www.mobileA.com * 场所名称:Coffee * 漫游联盟标识:50-6f-9a
VAP模板 * 名称:wlan-vap * 业务VLAN:101 * 引用模板:SSID模板wlan-ssid、安全模板wlan-security、流量模板wlan-traffic、Hotspot2.0模板wlan-hs2、认证模板wlan-dot1x
AAA服务器 * AAA类型:RADIUS * 认证服务器IP地址:10.24.100.1 * 认证服务器端口号:1812 * RADIUS服务器共享密钥:Huawei@123 * 重传次数:2 * RADIUS认证模式为:先进行Radius认证,后进行本地认证
[表1数据规划表]
配置注意事项

纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议在直连AP的交换机接口上配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。

操作步骤
  1. 配置网络互通和WLAN基本业务,WLAN基本业务的配置可以参见配置FAT AP二层组网示例,AP上行的对端地址为10.23.101.2/24。

  2. 配置WPA2-802.1X认证

    javascript 复制代码
    # 配置RADIUS服务器模板。
    <AP> system-view
    [AP] radius-server template wlan-radius
    [AP-radius-wlan-radius] radius-server authentication 10.24.100.1 1812
    [AP-radius-wlan-radius] radius-server shared-key cipher Huawei@123
    [AP-radius-wlan-radius] radius-server retransmit 2
    [AP-radius-wlan-radius] undo radius-server user-name domain-included
    [AP-radius-wlan-radius] quit
    # 配置AAA认证方案,优先进行RADIUS认证。
    [AP] aaa
    [AP-aaa] authentication-scheme wlan-authen
    [AP-aaa-authen-wlan-authen] authentication-mode radius local
    [AP-aaa-authen-wlan-authen] quit
    [AP-aaa] quit
    # 配置802.1X接入模板,使用eap中继方式。
    [AP] dot1x-access-profile name wlan-dot1x
    [AP-dot1x-access-profile-wlan-dot1x] dot1x authentication-method eap
    [AP-dot1x-access-profile-wlan-dot1x] quit
    # 配置认证模板,引用已配置的AAA认证方案、RADIUS服务器模板和802.1X接入模板。
    [AP] authentication-profile name wlan-dot1x
    [AP-authentication-profile-wlan-dot1x] dot1x-access-profile wlan-dot1x
    [AP-authentication-profile-wlan-dot1x] authentication-scheme wlan-authen
    [AP-authentication-profile-wlan-dot1x] radius-server wlan-radius
    [AP-authentication-profile-wlan-dot1x] quit
    # 配置WPA2-802.1X-AES安全策略。
    [AP] wlan
    [AP-wlan-view] security-profile name wlan-security
    [AP-wlan-sec-prof-wlan-security] security wpa2 dot1x aes
    [AP-wlan-sec-prof-wlan-security] quit
    # 配置到RADIUS服务器的静态路由。
    [AP] ip route-static 10.24.100.1 32 10.23.101.2
  3. 配置流量模板,禁止AP转发下行的广播/组播报文

    javascript 复制代码
    [AP-wlan-view] traffic-profile name wlan-traffic
    [AP-wlan-traffic-prof-wlan-traffic] traffic-optimize arp-proxy enable
    [AP-wlan-traffic-prof-wlan-traffic] traffic-optimize bcmc deny all
    [AP-wlan-traffic-prof-wlan-traffic] quit
  4. 配置Hotspot2.0业务

    javascript 复制代码
    # 根据服务商提供的网络信息参数配置模板,创建名为"wlan-hs2"的Hotspot2.0模板,引用前请确保VAP模板已引用了WPA2-802.1X的安全模板。
    
    [AP-wlan-view] cellular-network-profile name wlan-hs2
    [AP-wlan-cellular-network-prof-wlan-hs2] plmn-id 46000
    [AP-wlan-cellular-network-prof-wlan-hs2] quit
    [AP-wlan-view] connection-capability-profile name wlan-hs2
    [AP-wlan-co-cap-prof-wlan-hs2] connection-capability tcp-ssh on
    [AP-wlan-co-cap-prof-wlan-hs2] quit
    [AP-wlan-view] operator-name-profile name wlan-hs2
    [AP-wlan-wlan-op-name-prof-wlan-hs2] operator-friendly-name language-code eng name mobileA
    [AP-wlan-wlan-op-name-prof-wlan-hs2] quit
    [AP-wlan-view] operating-class-profile name wlan-hs2
    [AP-wlan-op-class-prof-wlan-hs2] operating-class-indication 81
    [AP-wlan-op-class-prof-wlan-hs2] quit
    [AP-wlan-view] operator-domain-profile name wlan-hs2
    [AP-wlan-op-domain-prof-wlan-hs2] domain-name www.mobileA.com
    [AP-wlan-op-domain-prof-wlan-hs2] quit
    [AP-wlan-view] nai-realm-profile name wlan-hs2
    [AP-wlan-nai-realm-prof-wlan-hs2]  nai-realm realm-name www.mobileA.com
    [AP-wlan-nai-realm-prof-wlan-hs2] quit
    [AP-wlan-view] venue-name-profile name wlan-hs2
    [AP-wlan-ve-na-prof-wlan-hs2] venue-name language-code eng name Coffee
    [AP-wlan-ve-na-prof-wlan-hs2] quit
    [AP-wlan-view] roaming-consortium-profile name wlan-hs2
    [AP-wlan-ro-co-prof-wlan-hs2] roaming-consortium-oi 50-6f-9a in-beacon
    [AP-wlan-ro-co-prof-wlan-hs2] quit
    [AP-wlan-view] hotspot2-profile name wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] network-type public-free internet-access
    [AP-wlan-hotspot2-prof-wlan-hs2] undo p2p-cross-connect disable
    [AP-wlan-hotspot2-prof-wlan-hs2] venue-type group-code 1 type-code 13
    [AP-wlan-hotspot2-prof-wlan-hs2] hessid 60de-4476-e360
    [AP-wlan-hotspot2-prof-wlan-hs2] ipv4-address-avail available
    [AP-wlan-hotspot2-prof-wlan-hs2] network-authen-type acceptance
    [AP-wlan-hotspot2-prof-wlan-hs2] cellular-network-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] connection-capability-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] operator-name-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] operating-class-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] operator-domain-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] nai-realm-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] venue-name-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] roaming-consortium-profile wlan-hs2
    [AP-wlan-hotspot2-prof-wlan-hs2] quit
  5. 将认证模板、流量模板和Hotspot2.0模板应用到VAP模板。

    javascript 复制代码
    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] authentication-profile wlan-dot1x
     Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-vap-prof-wlan-vap] traffic-profile wlan-traffic
     Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-vap-prof-wlan-vap] hotspot2-profile wlan-hs2
    [AP-wlan-vap-prof-wlan-vap] quit
    [AP-wlan-view] quit
  6. 验证配置结果

    javascript 复制代码
    配置完成后,通过执行命令display vap ssid wlan-net查看如下信息,当"Status"项显示为"ON"时,表示AP对应的射频上的VAP已创建成功。
    
    [AP] display vap ssid wlan-net
    WID : WLAN ID
    --------------------------------------------------------------------------------
    AP MAC         RfID WID  SSID     BSSID          Status  Auth type   STA
    --------------------------------------------------------------------------------
    00bc-da3f-e900 0    1    wlan-net 00BC-DA3F-E900 ON  WPA2-802.1X 0
    -------------------------------------------------------------------------------
    Total: 1
    STA进入AP的覆盖范围后,自动接入WLAN网络,其接入的SSID为"wlan-net"。
    
    [AP] display station all
    Rf/WLAN: Radio ID/WLAN ID
    Rx/Tx: link receive rate/link transmit rate(Mbps)
    ------------------------------------------------------------------------------
    STA MAC          Ap name        Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address    SSID
    ------------------------------------------------------------------------------
    14cf-9202-13dc   00bc-da3f-e900 0/2      2.4G  11n   19/13      -63   101   10.23.101.254 wlan-net
    ------------------------------------------------------------------------------
    Total: 1 2.4G: 1 5G: 0
配置文件
javascript 复制代码
AP的配置文件

#
 sysname AP
#
vlan batch 101
#
authentication-profile name wlan-dot1x
 dot1x-access-profile wlan-dot1x
 authentication-scheme wlan-authen
 radius-server wlan-radius
#
dot1x-access-profile name wlan-dot1x
#
dhcp enable
#
radius-server template wlan-radius
 radius-server shared-key cipher %^%#3|_'15Yp[3cBVN4*3lB3o&@0%pll(XJ:9@Yw'`(!%^%#
 radius-server authentication 10.24.100.1 1812 weight 80
 radius-server retransmit 2
 undo radius-server user-name domain-included
#
aaa
 authentication-scheme wlan-authen
  authentication-mode radius local
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
 dhcp server excluded-ip-address 10.23.101.2
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 101
#
wlan
 traffic-profile name wlan-traffic
  traffic-optimize bcmc deny all
  traffic-optimize arp-proxy enable
 security-profile name wlan-security
  security wpa2 dot1x aes
 ssid-profile name wlan-ssid
  ssid wlan-net
 operating-class-profile name wlan-hs2
  operating-class-indication 81
 roaming-consortium-profile name wlan-hs2
  roaming-consortium-oi 50-6f-9a in-beacon
 cellular-network-profile name wlan-hs2
  plmn-id 46000
 connection-capability-profile name wlan-hs2
  connection-capability tcp-ssh on
 operator-domain-profile name wlan-hs2
  domain-name www.mobileA.com
 operator-name-profile name wlan-hs2
  operator-friendly-name language-code eng name mobileA
 venue-name-profile name wlan-hs2
  venue-name language-code eng name Coffee
 nai-realm-profile name wlan-hs2
  nai-realm realm-name www.mobileA.com
 hotspot2-profile name wlan-hs2
  hessid 60de-4476-e360
  network-type public-free internet-access
  venue-type group-code 1 type-code 13 
  ipv4-address-avail available
  network-authen-type acceptance
  cellular-network-profile wlan-hs2
  connection-capability-profile wlan-hs2
  operator-name-profile wlan-hs2
  operator-domain-profile wlan-hs2
  venue-name-profile wlan-hs2
  nai-realm-profile wlan-hs2
  operating-class-profile wlan-hs2
  roaming-consortium-profile wlan-hs2
 vap-profile name wlan-vap
  authentication-profile wlan-dot1x
  service-vlan vlan-id 101
  ssid-profile wlan-ssid
  security-profile wlan-security
  traffic-profile wlan-traffic
  hotspot2-profile wlan-hs2
#
interface Wlan-Radio0/0/0
 vap-profile wlan-vap wlan 2
 channel 20mhz 6
#
ip route-static 10.24.100.1 255.255.255.0 10.23.101.2
#
return
相关推荐
又蓝1 分钟前
使用 Python 操作 Excel 表格
开发语言·python·excel
余~~1853816280014 分钟前
稳定的碰一碰发视频、碰一碰矩阵源码技术开发,支持OEM
开发语言·人工智能·python·音视频
Am心若依旧4091 小时前
[c++11(二)]Lambda表达式和Function包装器及bind函数
开发语言·c++
明月看潮生1 小时前
青少年编程与数学 02-004 Go语言Web编程 20课题、单元测试
开发语言·青少年编程·单元测试·编程与数学·goweb
大G哥1 小时前
java提高正则处理效率
java·开发语言
VBA63371 小时前
VBA技术资料MF243:利用第三方软件复制PDF数据到EXCEL
开发语言
轩辰~1 小时前
网络协议入门
linux·服务器·开发语言·网络·arm开发·c++·网络协议
小_太_阳1 小时前
Scala_【1】概述
开发语言·后端·scala·intellij-idea
向宇it1 小时前
【从零开始入门unity游戏开发之——unity篇02】unity6基础入门——软件下载安装、Unity Hub配置、安装unity编辑器、许可证管理
开发语言·unity·c#·编辑器·游戏引擎
古希腊掌管学习的神2 小时前
[LeetCode-Python版]相向双指针——611. 有效三角形的个数
开发语言·python·leetcode