华为配置WLAN跨VLAN的三层漫游示例

知孤云出岫2024-11-05 18:32

组网图形

图1配置WLAN跨VLAN的三层漫游示例组网图

  • 业务需求
  • 组网需求
  • 数据规划
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件
业务需求

企业用户通过WLAN接入网络,以满足移动办公的基本需求。在覆盖区域内移动发生跨VLAN漫游时,不影响用户的业务使用。

组网需求
  • AC组网方式:旁挂三层组网。
  • DHCP部署方式:
    • AC作为DHCP服务器为AP分配IP地址。
    • 汇聚交换机SwitchB作为DHCP服务器为STA分配IP地址。
  • 业务数据转发方式:直接转发。
数据规划
配置项 数据
AP管理VLAN VLAN10、VLAN100
STA业务VLAN * area_1:VLAN101 * area_2:VLAN102
DHCP服务器 AC作为DHCP服务器为AP分配IP地址 汇聚交换机作为STA的DHCP服务器,STA的默认网关为10.23.101.2/24和10.23.102.2/24
AP的IP地址池 10.23.10.2~10.23.10.254/24
STA的IP地址池 * area_1:10.23.101.3~10.23.101.254/24 * area_2:10.23.102.3~10.23.102.254/24
AC的源接口IP地址 VLANIF100:10.23.100.1/24
AP组 * 名称:ap-group1 * 引用模板:VAP模板wlan-net1、域管理模板default、2G射频模板wlan-radio2g、5G射频模板wlan-radio5g
AP组 * 名称:ap-group2 * 引用模板:VAP模板wlan-net2、域管理模板default、2G射频模板wlan-radio2g、5G射频模板wlan-radio5g
域管理模板 * 名称:default * 国家码:中国 * 调优信道集合:配置2.4G和5G调优带宽和调优信道
SSID模板 * 名称:wlan-net * SSID名称:wlan-net
安全模板 * 名称:wlan-net * 安全策略:WPA-WPA2+PSK+AES * 密码:a1234567
VAP模板 * 名称:wlan-net1 * 转发模式:直接转发 * 业务VLAN:VLAN101 * 引用模板:SSID模板wlan-net、安全模板wlan-net
VAP模板 * 名称:wlan-net2 * 转发模式:直接转发 * 业务VLAN:VLAN102 * 引用模板:SSID模板wlan-net、安全模板wlan-net
空口扫描模板 * 名称:wlan-airscan * 探测信道集合:调优信道 * 空口扫描间隔时间:60000毫秒 * 空口扫描持续时间:60毫秒
2G射频模板 * 名称:wlan-radio2g * 引用模板:空口扫描模板wlan-airscan
5G射频模板 * 名称:wlan-radio5g * 引用模板:空口扫描模板wlan-airscan
[表1AC数据规划表]
配置思路
  1. 配置AP、AC和周边网络设备之间实现网络互通。
  2. 配置AP上线。
    1. 创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
    2. 配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
    3. 配置AP上线的认证方式并离线导入AP,实现AP正常上线。
  3. 配置WLAN业务参数,实现STA访问WLAN网络功能。

当用户新开局时,对于AP的射频信道的设置,用户可根据网络规划手动指定,也可使用射频调优功能自动选择最佳信道。本例中采用射频调优功能自动选择最佳信道。

配置注意事项

  • 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。

    • 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
    • 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制

  • 建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

  • 隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

  • V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。

  • V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable )让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。

操作步骤

  1. 配置周边设备

    bash 复制代码 
    # 配置接入交换机SwitchA的GE0/0/1接口加入VLAN10和VLAN101、GE0/0/2接口加入VLAN10、VLAN101和VLAN102、GE0/0/3接口加入VLAN10和VLAN102,GE0/0/1和GE0/0/3接口的缺省VLAN为VLAN10。
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 101 102
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 101
[SwitchA-GigabitEthernet0/0/1] port-isolate enable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 101 102
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 102
[SwitchA-GigabitEthernet0/0/3] port-isolate enable
[SwitchA-GigabitEthernet0/0/3] quit
# 配置汇聚交换机SwitchB的接口GE0/0/1加入VLAN10、VLAN101和VLAN102,接口GE0/0/2加入VLAN100,接口GE0/0/3加入VLAN101和VLAN102,并创建接口VLANIF100,地址为10.23.100.2/24。
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 100 101 102
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 101 102
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 101 102
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 10.23.100.2 24
[SwitchB-Vlanif100] quit
# 配置Router的接口GE1/0/0加入VLAN101和VLAN102,创建接口VLANIF101并配置IP地址为10.23.101.2/24,创建接口VLANIF102并配置IP地址为10.23.102.2/24。
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 101 102
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] port link-type trunk
[Router-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 102
[Router-GigabitEthernet1/0/0] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.2 24
[Router-Vlanif101] quit
[Router] interface vlanif 102
[Router-Vlanif102] ip address 10.23.102.2 24
[Router-Vlanif102] quit

  2. 配置AC与其它网络设备互通

    bash 复制代码 
    # 配置AC的接口GE0/0/1加入VLAN100,并创建接口VLANIF100。
<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan 100
[AC-vlan100] quit
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1] quit
# 配置AC到AP的路由,下一跳为SwitchB的VLANIF100。
[AC] ip route-static 10.23.10.0 24 10.23.100.2

  3. 配置DHCP服务为AP和STA分配IP地址

    bash 复制代码 
    # 在SwitchB上配置DHCP中继,代理AC分配IP地址。
[SwitchB] dhcp enable
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.23.10.1 24
[SwitchB-Vlanif10] dhcp select relay
[SwitchB-Vlanif10] dhcp relay server-ip 10.23.100.1
[SwitchB-Vlanif10] quit
# 在SwitchB上创建VLANIF101和VLANIF102接口为STA提供地址,并指定默认网关。​​​​​​​DNS服务器地址请根据实际需要配置。常用配置方法如下:
接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] ip address 10.23.101.1 24
[SwitchB-Vlanif101] dhcp select interface
[SwitchB-Vlanif101] dhcp server gateway-list 10.23.101.2
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 102
[SwitchB-Vlanif102] ip address 10.23.102.1 24
[SwitchB-Vlanif102] dhcp select interface
[SwitchB-Vlanif102] dhcp server gateway-list 10.23.102.2
[SwitchB-Vlanif102] quit
# 在AC上创建全局地址池为AP提供地址。
[AC] dhcp enable
[AC] ip pool huawei
[AC-ip-pool-huawei] network 10.23.10.0 mask 24
[AC-ip-pool-huawei] gateway-list 10.23.10.1
[AC-ip-pool-huawei] option 43 sub-option 3 ascii 10.23.100.1
[AC-ip-pool-huawei] quit
[AC] interface vlanif 100
[AC-Vlanif100] dhcp select global
[AC-Vlanif100] quit

  4. 配置AP上线

    bash 复制代码 
    # 创建AP组,用于将相同配置的AP都加入同一AP组中。
[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view] quit
# 配置AC的源接口。
V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。

[AC] capwap source interface vlanif 100
Set the DTLS PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******

Set the DTLS inter-controller PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******

Set the user name for FIT APs(contains 4-31 plain-text characters, which can only include letters, digits and underlines. And the first character must be a letter):admin

Set the password for FIT APs(plain-text password of 8-128 characters or cipher-text password of 48-188 characters that must be a combination of at least three of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********

Set the global temporary-management psk(contains 8-63 plain-text characters, or 48-108 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********
# 在AC上离线导入AP,并将area_1和area_2分别加入AP组"ap-group1"和"ap-group2"中。假设AP的MAC地址为60de-4476-e360,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60de-4476-e360的AP部署在1号区域,命名此AP为area_1。​​​​​​​
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。

举例中使用的AP为AP5030DN,具有射频0和射频1两个射频。AP5030DN的射频0为2.4GHz射频,射频1为5GHz射频。

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y  
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-0] quit
[AC-wlan-view] ap-id 1 ap-mac dcd2-fc04-b500
[AC-wlan-ap-1] ap-name area_2
Warning: This operation may cause AP reset. Continue? [Y/N]:y  
[AC-wlan-ap-1] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
# 将AP上电后,当执行命令display ap all查看到AP的"State"字段为"nor"时,表示AP正常上线。
[AC-wlan-view] display ap all
Total AP information:
nor  : normal          [2]
Extra information: P  : insufficient power supply
--------------------------------------------------------------------------------------------------
ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------
0    60de-4476-e360 area_1 ap-group1 10.23.10.254  AP5030DN        nor   0   15S         -
1    dcd2-fc04-b500 area_2 ap-group2 10.23.10.253  AP5030DN        nor   0   10S         -
--------------------------------------------------------------------------------------------------
Total: 2

  5. 配置WLAN业务参数

    bash 复制代码 
    # 创建名为"wlan-net"的安全模板,并配置安全策略。
举例中以配置WPA-WPA2+PSK+AES的安全策略为例,密码为"a1234567",实际配置中请根据实际情况,配置符合实际要求的安全策略。

[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net] quit
# 创建名为"wlan-net"的SSID模板,并配置SSID名称为"wlan-net"。
[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit
# 创建名为"wlan-net1"和"wlan-net2"的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC-wlan-view] vap-profile name wlan-net1
[AC-wlan-vap-prof-wlan-net1] service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net1] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net1] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net1] quit
[AC-wlan-view] vap-profile name wlan-net2
[AC-wlan-vap-prof-wlan-net2] service-vlan vlan-id 102
[AC-wlan-vap-prof-wlan-net2] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net2] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net2] quit
# 配置AP组引用VAP模板,area_1上射频0和射频1都使用VAP模板"wlan-net1"的配置,area_2上射频0和射频1都使用VAP模板"wlan-net2"的配置。
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net1 wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net1 wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] vap-profile wlan-net2 wlan 1 radio 0
[AC-wlan-ap-group-ap-group2] vap-profile wlan-net2 wlan 1 radio 1
[AC-wlan-ap-group-ap-group2] quit

  6. 开启射频调优功能自动选择AP最佳信道和功率

    bash 复制代码 
    # 使能射频的信道和功率自动调优功能。
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] radio 0
[AC-wlan-group-radio-ap-group1/0] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group1/0] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group1/0] quit
[AC-wlan-ap-group-ap-group1] radio 1
[AC-wlan-group-radio-ap-group1/1] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group1/1] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group1/1] quit
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] radio 0
[AC-wlan-group-radio-ap-group2/0] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group2/0] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group2/0] quit
[AC-wlan-ap-group-ap-group2] radio 1
[AC-wlan-group-radio-ap-group2/1] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group2/1] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group2/1] quit
[AC-wlan-ap-group-ap-group2] quit
# 在域管理模板下配置调优信道集合。
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] dca-channel 2.4g channel-set 1,6,11
[AC-wlan-regulate-domain-default] dca-channel 5g bandwidth 20mhz
[AC-wlan-regulate-domain-default] dca-channel 5g channel-set 149,153,157,161
[AC-wlan-regulate-domain-default] quit
# 创建空口扫描模板"wlan-airscan",并配置调优信道集合、扫描间隔时间和扫描持续时间。

[AC-wlan-view] air-scan-profile name wlan-airscan
[AC-wlan-air-scan-prof-wlan-airscan] scan-channel-set dca-channel
[AC-wlan-air-scan-prof-wlan-airscan] scan-period 60
[AC-wlan-air-scan-prof-wlan-airscan] scan-interval 60000
[AC-wlan-air-scan-prof-wlan-airscan] quit
# 创建2G射频模板"wlan-radio2g",并在该模板下引用空口扫描模板"wlan-airscan"。

[AC-wlan-view] radio-2g-profile name wlan-radio2g 
[AC-wlan-radio-2g-prof-wlan-radio2g] air-scan-profile wlan-airscan
[AC-wlan-radio-2g-prof-wlan-radio2g] quit
# 创建5G射频模板"wlan-radio5g",并在该模板下引用空口扫描模板"wlan-airscan"。

[AC-wlan-view] radio-5g-profile name wlan-radio5g 
[AC-wlan-radio-5g-prof-wlan-radio5g] air-scan-profile wlan-airscan
[AC-wlan-radio-5g-prof-wlan-radio5g] quit
# 在名为"ap-group1"和"ap-group2"的AP组下引用5G射频模板"wlan-radio5g"和2G射频模板"wlan-radio2g"。

[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group1] radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group2] radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group2] quit
# 配置射频调优模式为手动调优,并手动触发射频调优。

[AC-wlan-view] calibrate enable manual
[AC-wlan-view] calibrate manual startup
# 待执行手动调优一小时后,调优结束。将射频调优模式改为定时调优,并将调优时间定为用户业务空闲时段(如当地时间凌晨00:00-06:00时段)。
[AC-wlan-view] calibrate enable schedule time 03:00:00

  7. 验证配置结果

    bash 复制代码 
    WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid wlan-net查看如下信息,当"Status"项显示为"ON"时,表示AP对应的射频上的VAP已创建成功。

[AC-wlan-view] display vap ssid wlan-net
Info: This operation may take a few seconds, please wait.
WID : WLAN ID
--------------------------------------------------------------------------------
AP ID AP name RfID WID     BSSID          Status  Auth type     STA   SSID
--------------------------------------------------------------------------------
0     area_1  0    1       60DE-4476-E360 ON      WPA/WPA2-PSK  0     wlan-net
0     area_1  1    1       60DE-4476-E370 ON      WPA/WPA2-PSK  0     wlan-net
1     area_2  0    1       60DE-4474-9640 ON      WPA/WPA2-PSK  0     wlan-net
1     area_2  1    1       60DE-4474-9650 ON      WPA/WPA2-PSK  0     wlan-net
-------------------------------------------------------------------------------
Total: 4
STA搜索到名为"wlan-net"的无线网络,输入密码"a1234567"并正常关联后,在AC上执行display station ssid wlan-net命令,可以查看到用户已经接入到无线网络"wlan-net"中。

[AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
---------------------------------------------------------------------------------
STA MAC         AP ID Ap name   Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address
---------------------------------------------------------------------------------
e019-1dc7-1e08  0     area_1    1/1      5G    11n   46/59      -68   101   10.23.101.254
---------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
当STA从AP1的覆盖范围移动到AP2的覆盖范围时,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP2。
[AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID                                                     
Rx/Tx: link receive rate/link transmit rate(Mbps)                             
----------------------------------------------------------------------------------------
STA MAC          AP ID Ap name  Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address     
----------------------------------------------------------------------------------------
e019-1dc7-1e08   1     area_2   1/1      5G    11n   46/59      -58   101   10.23.101.254
----------------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
在AC上执行命令display station roam-track sta-mac e019-1dc7-1e08,可以查看该STA的漫游轨迹。
[AC-wlan-view] display station roam-track sta-mac e019-1dc7-1e08
Access SSID:wlan-net    
Rx/Tx:link receive rate/link transmit rate(Mbps) 
c:PMK Cache Roam r:802.11r Roam s:Same Frequency Network
------------------------------------------------------------------------------
L2/L3           AC IP                  AP name              Radio ID
BSSID           TIME                   In/Out RSSI          Out Rx/Tx
------------------------------------------------------------------------------
--              10.23.100.1            area_1               1
60DE-4476-E370  2016/01/12 16:52:58    -51/-48              46/13
L3              10.23.100.1            area_2               1
60DE-4474-9650  2016/01/12 16:55:45    -58/-                -/-
------------------------------------------------------------------------------
Number: 1
配置文件
bash 复制代码 
SwitchA的配置文件

#
 sysname SwitchA
#
vlan batch 10 101 to 102
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 101
 port-isolate enable
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 101 to 102
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 102
 port-isolate enable
#
return
SwitchB的配置文件

#
sysname SwitchB
#
vlan batch 10 100 to 102
#
dhcp enable
#
interface Vlanif10
 ip address 10.23.10.1 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 10.23.100.1
#
interface Vlanif100
 ip address 10.23.100.2 255.255.255.0
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 10.23.101.2
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 10.23.102.2
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 101 to 102
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 101 to 102
#
return
Router的配置文件

#
sysname Router
#
vlan batch 101 to 102
#
interface Vlanif101
 ip address 10.23.101.2 255.255.255.0
#
interface Vlanif102
 ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 101 to 102
#
return
AC的配置文件

#
sysname AC
#
vlan batch 100 to 102
#
dhcp enable
#
ip pool huawei
 gateway-list 10.23.10.1
 network 10.23.10.0 mask 255.255.255.0
 option 43 sub-option 3 ascii 10.23.100.1
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ip route-static 10.23.10.0 24 10.23.100.2
#
capwap source interface vlanif100
#
wlan
 calibrate enable schedule time 03:00:00
 security-profile name wlan-net
  security wpa2 psk pass-phrase %^%#]:krYrz_r<ee}|Cq@9V(W{ZD$"\-R-HD_y.4#U4,%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net1
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 vap-profile name wlan-net2
  service-vlan vlan-id 102
  ssid-profile wlan-net
  security-profile wlan-net
 regulatory-domain-profile name default
  dca-channel 5g channel-set 149,153,157,161
 air-scan-profile name wlan-airscan
  scan-channel-set dca-channel
 radio-2g-profile name wlan-radio2g
  air-scan-profile wlan-airscan 
 radio-5g-profile name wlan-radio5g
  air-scan-profile wlan-airscan 
 ap-group name ap-group1
  radio 0
   radio-2g-profile wlan-radio2g
   vap-profile wlan-net1 wlan 1
  radio 1
   radio-5g-profile wlan-radio5g 
   vap-profile wlan-net1 wlan 1
 ap-group name ap-group2
  radio 0
   radio-2g-profile wlan-radio2g
   vap-profile wlan-net2 wlan 1
  radio 1
   radio-5g-profile wlan-radio5g 
   vap-profile wlan-net2 wlan 1
 ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
  ap-name area_1
  ap-group ap-group1
 ap-id 1 type-id 35 ap-mac dcd2-fc04-b500 ap-sn 210235554710CB000078
  ap-name area_2
  ap-group ap-group2
#
return
相关推荐
大鹏说大话3 小时前
SSL证书自动化的未来:ACME协议与Let’s Encrypt实践
网络·安全
被摘下的星星4 小时前
网际协议(IP协议)
网络·tcp/ip
Huanzhi_Lin5 小时前
Laya导出的鸿蒙NEXT工程目录说明
华为·harmonyos·鸿蒙·laya·deveco·devecostudio·layaair
积水成渊,蛟龙生焉5 小时前
鸿蒙手势处理篇(滑动冲突、基础手势、组合手势)
华为·arkts·鸿蒙·滑动冲突·手势冲突·基础手势·组合手势
爱学习的小囧5 小时前
ESXi VMkernel 端口 MTU 最佳设置详解
运维·服务器·网络·php·虚拟化
TechubNews7 小时前
Base 发布首个独立 OP Stack 框架的网络升级 Azul,将是 L2 自主迭代的开端?
大数据·网络·人工智能·区块链·能源
多年小白8 小时前
中科院 Ouroboros 晶圆级存算一体芯片深度解析
大数据·网络·人工智能·科技·ai
发光小北8 小时前
IEC104 转 Modbus TCP 网关如何应用?
网络·网络协议·tcp/ip
山栀shanzhi9 小时前
在做直播时,I帧的间隔(GOP)一般是多少?
网络·c++·面试·ffmpeg
SPC的存折10 小时前
Cisco Packet Tracer 静态路由全网互通实验及详细教学文档,包括基础常识、实验信息、IP 地址规划和分步操作流程
网络·tcp/ip·智能路由器
热门推荐
012026年4月技术前沿:AI大模型爆发、智能体革命与量子安全新纪元02GitHub 镜像站点032026年4月AI大事件深度解读:大模型竞争进入“深水区“04近期有什么ai的新消息,新动态? 2026.4月052026 年 AI 编程助手全面对比评测:Cursor vs Copilot vs Claude Code vs GitHub Copilot Free06codex app每次打开重连5次Reconnecting问题解决07AI Weekly | 2026年4月第二周 · GitHub热门项目与AI发展趋势深度解析08CC-Switch & Claude 基于 Linux 服务器安装使用指南09从限购到畅通:GLM-5.1 Coding Plan接入攻略10LLM Wiki:让大模型替你打理知识库的完整指南