华为配置WLAN跨VLAN的三层漫游示例

知孤云出岫2024-11-05 18:32

组网图形

图1配置WLAN跨VLAN的三层漫游示例组网图

  • 业务需求
  • 组网需求
  • 数据规划
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件
业务需求

企业用户通过WLAN接入网络,以满足移动办公的基本需求。在覆盖区域内移动发生跨VLAN漫游时,不影响用户的业务使用。

组网需求
  • AC组网方式:旁挂三层组网。
  • DHCP部署方式:
    • AC作为DHCP服务器为AP分配IP地址。
    • 汇聚交换机SwitchB作为DHCP服务器为STA分配IP地址。
  • 业务数据转发方式:直接转发。
数据规划
配置项 数据
AP管理VLAN VLAN10、VLAN100
STA业务VLAN * area_1:VLAN101 * area_2:VLAN102
DHCP服务器 AC作为DHCP服务器为AP分配IP地址 汇聚交换机作为STA的DHCP服务器,STA的默认网关为10.23.101.2/24和10.23.102.2/24
AP的IP地址池 10.23.10.2~10.23.10.254/24
STA的IP地址池 * area_1:10.23.101.3~10.23.101.254/24 * area_2:10.23.102.3~10.23.102.254/24
AC的源接口IP地址 VLANIF100:10.23.100.1/24
AP组 * 名称:ap-group1 * 引用模板:VAP模板wlan-net1、域管理模板default、2G射频模板wlan-radio2g、5G射频模板wlan-radio5g
AP组 * 名称:ap-group2 * 引用模板:VAP模板wlan-net2、域管理模板default、2G射频模板wlan-radio2g、5G射频模板wlan-radio5g
域管理模板 * 名称:default * 国家码:中国 * 调优信道集合:配置2.4G和5G调优带宽和调优信道
SSID模板 * 名称:wlan-net * SSID名称:wlan-net
安全模板 * 名称:wlan-net * 安全策略:WPA-WPA2+PSK+AES * 密码:a1234567
VAP模板 * 名称:wlan-net1 * 转发模式:直接转发 * 业务VLAN:VLAN101 * 引用模板:SSID模板wlan-net、安全模板wlan-net
VAP模板 * 名称:wlan-net2 * 转发模式:直接转发 * 业务VLAN:VLAN102 * 引用模板:SSID模板wlan-net、安全模板wlan-net
空口扫描模板 * 名称:wlan-airscan * 探测信道集合:调优信道 * 空口扫描间隔时间:60000毫秒 * 空口扫描持续时间:60毫秒
2G射频模板 * 名称:wlan-radio2g * 引用模板:空口扫描模板wlan-airscan
5G射频模板 * 名称:wlan-radio5g * 引用模板:空口扫描模板wlan-airscan
[表1AC数据规划表]
配置思路
  1. 配置AP、AC和周边网络设备之间实现网络互通。
  2. 配置AP上线。
    1. 创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
    2. 配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
    3. 配置AP上线的认证方式并离线导入AP,实现AP正常上线。
  3. 配置WLAN业务参数,实现STA访问WLAN网络功能。

当用户新开局时,对于AP的射频信道的设置,用户可根据网络规划手动指定,也可使用射频调优功能自动选择最佳信道。本例中采用射频调优功能自动选择最佳信道。

配置注意事项

  • 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。

    • 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
    • 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制

  • 建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

  • 隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

  • V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。

  • V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable )让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。

操作步骤

  1. 配置周边设备

    bash 复制代码 
    # 配置接入交换机SwitchA的GE0/0/1接口加入VLAN10和VLAN101、GE0/0/2接口加入VLAN10、VLAN101和VLAN102、GE0/0/3接口加入VLAN10和VLAN102,GE0/0/1和GE0/0/3接口的缺省VLAN为VLAN10。
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 101 102
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 101
[SwitchA-GigabitEthernet0/0/1] port-isolate enable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 101 102
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 102
[SwitchA-GigabitEthernet0/0/3] port-isolate enable
[SwitchA-GigabitEthernet0/0/3] quit
# 配置汇聚交换机SwitchB的接口GE0/0/1加入VLAN10、VLAN101和VLAN102,接口GE0/0/2加入VLAN100,接口GE0/0/3加入VLAN101和VLAN102,并创建接口VLANIF100,地址为10.23.100.2/24。
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 100 101 102
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 101 102
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 101 102
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 10.23.100.2 24
[SwitchB-Vlanif100] quit
# 配置Router的接口GE1/0/0加入VLAN101和VLAN102,创建接口VLANIF101并配置IP地址为10.23.101.2/24,创建接口VLANIF102并配置IP地址为10.23.102.2/24。
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 101 102
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] port link-type trunk
[Router-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 102
[Router-GigabitEthernet1/0/0] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.2 24
[Router-Vlanif101] quit
[Router] interface vlanif 102
[Router-Vlanif102] ip address 10.23.102.2 24
[Router-Vlanif102] quit

  2. 配置AC与其它网络设备互通

    bash 复制代码 
    # 配置AC的接口GE0/0/1加入VLAN100,并创建接口VLANIF100。
<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan 100
[AC-vlan100] quit
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1] quit
# 配置AC到AP的路由,下一跳为SwitchB的VLANIF100。
[AC] ip route-static 10.23.10.0 24 10.23.100.2

  3. 配置DHCP服务为AP和STA分配IP地址

    bash 复制代码 
    # 在SwitchB上配置DHCP中继,代理AC分配IP地址。
[SwitchB] dhcp enable
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.23.10.1 24
[SwitchB-Vlanif10] dhcp select relay
[SwitchB-Vlanif10] dhcp relay server-ip 10.23.100.1
[SwitchB-Vlanif10] quit
# 在SwitchB上创建VLANIF101和VLANIF102接口为STA提供地址,并指定默认网关。​​​​​​​DNS服务器地址请根据实际需要配置。常用配置方法如下:
接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] ip address 10.23.101.1 24
[SwitchB-Vlanif101] dhcp select interface
[SwitchB-Vlanif101] dhcp server gateway-list 10.23.101.2
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 102
[SwitchB-Vlanif102] ip address 10.23.102.1 24
[SwitchB-Vlanif102] dhcp select interface
[SwitchB-Vlanif102] dhcp server gateway-list 10.23.102.2
[SwitchB-Vlanif102] quit
# 在AC上创建全局地址池为AP提供地址。
[AC] dhcp enable
[AC] ip pool huawei
[AC-ip-pool-huawei] network 10.23.10.0 mask 24
[AC-ip-pool-huawei] gateway-list 10.23.10.1
[AC-ip-pool-huawei] option 43 sub-option 3 ascii 10.23.100.1
[AC-ip-pool-huawei] quit
[AC] interface vlanif 100
[AC-Vlanif100] dhcp select global
[AC-Vlanif100] quit

  4. 配置AP上线

    bash 复制代码 
    # 创建AP组,用于将相同配置的AP都加入同一AP组中。
[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view] quit
# 配置AC的源接口。
V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。

[AC] capwap source interface vlanif 100
Set the DTLS PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******

Set the DTLS inter-controller PSK(contains 6-32 plain-text characters, or 48 or 68 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):******

Set the user name for FIT APs(contains 4-31 plain-text characters, which can only include letters, digits and underlines. And the first character must be a letter):admin

Set the password for FIT APs(plain-text password of 8-128 characters or cipher-text password of 48-188 characters that must be a combination of at least three of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********

Set the global temporary-management psk(contains 8-63 plain-text characters, or 48-108 cipher-text characters that must be a combination of at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters):********
# 在AC上离线导入AP,并将area_1和area_2分别加入AP组"ap-group1"和"ap-group2"中。假设AP的MAC地址为60de-4476-e360,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60de-4476-e360的AP部署在1号区域,命名此AP为area_1。​​​​​​​
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。

举例中使用的AP为AP5030DN,具有射频0和射频1两个射频。AP5030DN的射频0为2.4GHz射频,射频1为5GHz射频。

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y  
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-0] quit
[AC-wlan-view] ap-id 1 ap-mac dcd2-fc04-b500
[AC-wlan-ap-1] ap-name area_2
Warning: This operation may cause AP reset. Continue? [Y/N]:y  
[AC-wlan-ap-1] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
# 将AP上电后,当执行命令display ap all查看到AP的"State"字段为"nor"时,表示AP正常上线。
[AC-wlan-view] display ap all
Total AP information:
nor  : normal          [2]
Extra information: P  : insufficient power supply
--------------------------------------------------------------------------------------------------
ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------
0    60de-4476-e360 area_1 ap-group1 10.23.10.254  AP5030DN        nor   0   15S         -
1    dcd2-fc04-b500 area_2 ap-group2 10.23.10.253  AP5030DN        nor   0   10S         -
--------------------------------------------------------------------------------------------------
Total: 2

  5. 配置WLAN业务参数

    bash 复制代码 
    # 创建名为"wlan-net"的安全模板,并配置安全策略。
举例中以配置WPA-WPA2+PSK+AES的安全策略为例,密码为"a1234567",实际配置中请根据实际情况,配置符合实际要求的安全策略。

[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net] quit
# 创建名为"wlan-net"的SSID模板,并配置SSID名称为"wlan-net"。
[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit
# 创建名为"wlan-net1"和"wlan-net2"的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC-wlan-view] vap-profile name wlan-net1
[AC-wlan-vap-prof-wlan-net1] service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net1] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net1] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net1] quit
[AC-wlan-view] vap-profile name wlan-net2
[AC-wlan-vap-prof-wlan-net2] service-vlan vlan-id 102
[AC-wlan-vap-prof-wlan-net2] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net2] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net2] quit
# 配置AP组引用VAP模板,area_1上射频0和射频1都使用VAP模板"wlan-net1"的配置,area_2上射频0和射频1都使用VAP模板"wlan-net2"的配置。
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net1 wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net1 wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] vap-profile wlan-net2 wlan 1 radio 0
[AC-wlan-ap-group-ap-group2] vap-profile wlan-net2 wlan 1 radio 1
[AC-wlan-ap-group-ap-group2] quit

  6. 开启射频调优功能自动选择AP最佳信道和功率

    bash 复制代码 
    # 使能射频的信道和功率自动调优功能。
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] radio 0
[AC-wlan-group-radio-ap-group1/0] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group1/0] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group1/0] quit
[AC-wlan-ap-group-ap-group1] radio 1
[AC-wlan-group-radio-ap-group1/1] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group1/1] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group1/1] quit
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] radio 0
[AC-wlan-group-radio-ap-group2/0] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group2/0] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group2/0] quit
[AC-wlan-ap-group-ap-group2] radio 1
[AC-wlan-group-radio-ap-group2/1] calibrate auto-channel-select enable
[AC-wlan-group-radio-ap-group2/1] calibrate auto-txpower-select enable
[AC-wlan-group-radio-ap-group2/1] quit
[AC-wlan-ap-group-ap-group2] quit
# 在域管理模板下配置调优信道集合。
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] dca-channel 2.4g channel-set 1,6,11
[AC-wlan-regulate-domain-default] dca-channel 5g bandwidth 20mhz
[AC-wlan-regulate-domain-default] dca-channel 5g channel-set 149,153,157,161
[AC-wlan-regulate-domain-default] quit
# 创建空口扫描模板"wlan-airscan",并配置调优信道集合、扫描间隔时间和扫描持续时间。

[AC-wlan-view] air-scan-profile name wlan-airscan
[AC-wlan-air-scan-prof-wlan-airscan] scan-channel-set dca-channel
[AC-wlan-air-scan-prof-wlan-airscan] scan-period 60
[AC-wlan-air-scan-prof-wlan-airscan] scan-interval 60000
[AC-wlan-air-scan-prof-wlan-airscan] quit
# 创建2G射频模板"wlan-radio2g",并在该模板下引用空口扫描模板"wlan-airscan"。

[AC-wlan-view] radio-2g-profile name wlan-radio2g 
[AC-wlan-radio-2g-prof-wlan-radio2g] air-scan-profile wlan-airscan
[AC-wlan-radio-2g-prof-wlan-radio2g] quit
# 创建5G射频模板"wlan-radio5g",并在该模板下引用空口扫描模板"wlan-airscan"。

[AC-wlan-view] radio-5g-profile name wlan-radio5g 
[AC-wlan-radio-5g-prof-wlan-radio5g] air-scan-profile wlan-airscan
[AC-wlan-radio-5g-prof-wlan-radio5g] quit
# 在名为"ap-group1"和"ap-group2"的AP组下引用5G射频模板"wlan-radio5g"和2G射频模板"wlan-radio2g"。

[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group1] radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] radio-5g-profile wlan-radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group2] radio-2g-profile wlan-radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-ap-group-ap-group2] quit
# 配置射频调优模式为手动调优,并手动触发射频调优。

[AC-wlan-view] calibrate enable manual
[AC-wlan-view] calibrate manual startup
# 待执行手动调优一小时后,调优结束。将射频调优模式改为定时调优,并将调优时间定为用户业务空闲时段(如当地时间凌晨00:00-06:00时段)。
[AC-wlan-view] calibrate enable schedule time 03:00:00

  7. 验证配置结果

    bash 复制代码 
    WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid wlan-net查看如下信息,当"Status"项显示为"ON"时,表示AP对应的射频上的VAP已创建成功。

[AC-wlan-view] display vap ssid wlan-net
Info: This operation may take a few seconds, please wait.
WID : WLAN ID
--------------------------------------------------------------------------------
AP ID AP name RfID WID     BSSID          Status  Auth type     STA   SSID
--------------------------------------------------------------------------------
0     area_1  0    1       60DE-4476-E360 ON      WPA/WPA2-PSK  0     wlan-net
0     area_1  1    1       60DE-4476-E370 ON      WPA/WPA2-PSK  0     wlan-net
1     area_2  0    1       60DE-4474-9640 ON      WPA/WPA2-PSK  0     wlan-net
1     area_2  1    1       60DE-4474-9650 ON      WPA/WPA2-PSK  0     wlan-net
-------------------------------------------------------------------------------
Total: 4
STA搜索到名为"wlan-net"的无线网络,输入密码"a1234567"并正常关联后,在AC上执行display station ssid wlan-net命令,可以查看到用户已经接入到无线网络"wlan-net"中。

[AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
---------------------------------------------------------------------------------
STA MAC         AP ID Ap name   Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address
---------------------------------------------------------------------------------
e019-1dc7-1e08  0     area_1    1/1      5G    11n   46/59      -68   101   10.23.101.254
---------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
当STA从AP1的覆盖范围移动到AP2的覆盖范围时,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP2。
[AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID                                                     
Rx/Tx: link receive rate/link transmit rate(Mbps)                             
----------------------------------------------------------------------------------------
STA MAC          AP ID Ap name  Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address     
----------------------------------------------------------------------------------------
e019-1dc7-1e08   1     area_2   1/1      5G    11n   46/59      -58   101   10.23.101.254
----------------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
在AC上执行命令display station roam-track sta-mac e019-1dc7-1e08,可以查看该STA的漫游轨迹。
[AC-wlan-view] display station roam-track sta-mac e019-1dc7-1e08
Access SSID:wlan-net    
Rx/Tx:link receive rate/link transmit rate(Mbps) 
c:PMK Cache Roam r:802.11r Roam s:Same Frequency Network
------------------------------------------------------------------------------
L2/L3           AC IP                  AP name              Radio ID
BSSID           TIME                   In/Out RSSI          Out Rx/Tx
------------------------------------------------------------------------------
--              10.23.100.1            area_1               1
60DE-4476-E370  2016/01/12 16:52:58    -51/-48              46/13
L3              10.23.100.1            area_2               1
60DE-4474-9650  2016/01/12 16:55:45    -58/-                -/-
------------------------------------------------------------------------------
Number: 1
配置文件
bash 复制代码 
SwitchA的配置文件

#
 sysname SwitchA
#
vlan batch 10 101 to 102
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 101
 port-isolate enable
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 101 to 102
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 102
 port-isolate enable
#
return
SwitchB的配置文件

#
sysname SwitchB
#
vlan batch 10 100 to 102
#
dhcp enable
#
interface Vlanif10
 ip address 10.23.10.1 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 10.23.100.1
#
interface Vlanif100
 ip address 10.23.100.2 255.255.255.0
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 10.23.101.2
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 10.23.102.2
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 101 to 102
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 101 to 102
#
return
Router的配置文件

#
sysname Router
#
vlan batch 101 to 102
#
interface Vlanif101
 ip address 10.23.101.2 255.255.255.0
#
interface Vlanif102
 ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 101 to 102
#
return
AC的配置文件

#
sysname AC
#
vlan batch 100 to 102
#
dhcp enable
#
ip pool huawei
 gateway-list 10.23.10.1
 network 10.23.10.0 mask 255.255.255.0
 option 43 sub-option 3 ascii 10.23.100.1
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
ip route-static 10.23.10.0 24 10.23.100.2
#
capwap source interface vlanif100
#
wlan
 calibrate enable schedule time 03:00:00
 security-profile name wlan-net
  security wpa2 psk pass-phrase %^%#]:krYrz_r<ee}|Cq@9V(W{ZD$"\-R-HD_y.4#U4,%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net1
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 vap-profile name wlan-net2
  service-vlan vlan-id 102
  ssid-profile wlan-net
  security-profile wlan-net
 regulatory-domain-profile name default
  dca-channel 5g channel-set 149,153,157,161
 air-scan-profile name wlan-airscan
  scan-channel-set dca-channel
 radio-2g-profile name wlan-radio2g
  air-scan-profile wlan-airscan 
 radio-5g-profile name wlan-radio5g
  air-scan-profile wlan-airscan 
 ap-group name ap-group1
  radio 0
   radio-2g-profile wlan-radio2g
   vap-profile wlan-net1 wlan 1
  radio 1
   radio-5g-profile wlan-radio5g 
   vap-profile wlan-net1 wlan 1
 ap-group name ap-group2
  radio 0
   radio-2g-profile wlan-radio2g
   vap-profile wlan-net2 wlan 1
  radio 1
   radio-5g-profile wlan-radio5g 
   vap-profile wlan-net2 wlan 1
 ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
  ap-name area_1
  ap-group ap-group1
 ap-id 1 type-id 35 ap-mac dcd2-fc04-b500 ap-sn 210235554710CB000078
  ap-name area_2
  ap-group ap-group2
#
return
相关推荐
速盾cdn8 分钟前
速盾:CDN缓存的工作原理是什么?
网络·安全·web安全
网络安全-杰克1 小时前
网络安全概论
网络·web安全·php
怀澈1221 小时前
高性能服务器模型之Reactor(单线程版本)
linux·服务器·网络·c++
耗同学一米八2 小时前
2024 年河北省职业院校技能大赛网络建设与运维赛项样题二
运维·网络·mariadb
skywalk81632 小时前
树莓派2 安装raspberry os 并修改成固定ip
linux·服务器·网络·debian·树莓派·raspberry
C++忠实粉丝2 小时前
计算机网络socket编程(3)_UDP网络编程实现简单聊天室
linux·网络·c++·网络协议·计算机网络·udp
黑客Ela2 小时前
网络安全中常用浏览器插件、拓展
网络·安全·web安全·网络安全·php
qdprobot3 小时前
ESP32桌面天气摆件加文心一言AI大模型对话Mixly图形化编程STEAM创客教育
网络·人工智能·百度·文心一言·arduino
hakesashou4 小时前
Python中常用的函数介绍
java·网络·python
C++忠实粉丝4 小时前
计算机网络socket编程(4)_TCP socket API 详解
网络·数据结构·c++·网络协议·tcp/ip·计算机网络·算法
热门推荐
01(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明02PyTorch机器学习实现液态神经网络03【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总04玄机平台应急响应—webshell查杀05Coze扣子平台完整体验和实践(附国内和国际版对比)06Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO07怎样让音频速度变慢?请跟随以下方法进行操作08Unity中PICO实现 隔空取物 和 接触抓取物体09RAG 实践- Ollama+RagFlow 部署本地知识库10【目标跟踪】相机运动补偿