华为FAT AP配置 真机

ax一号街阿楠2025-05-13 8:33

FAT AP 的主要特点

特性 说明
独立工作 不需要AC(无线控制器),自己处理认证、加密、漫游等功能。
内置完整功能 支持SSID、安全策略(WPA/WPA2)、VLAN、QoS、DHCP等。
适合小型网络 适用于家庭、小企业、分支机构等少量AP的场景。
成本较高(相比FIT AP) 功能集成度高,硬件成本通常比FIT AP高。
配置复杂(大规模部署) 每个AP需要单独配置,管理维护麻烦。

简单组网示例

AP相关规划

设备:

AP:4050DN-HD

POE交换机 :S2700-9TP-PWR-EI

项目 说明
终端的业务VLAN 10
DHCP服务器 AP作为终端的DHCP服务器
终端地址池 10.23.10.2~10.23.10.254 / 24
SSID模板 名称 : anan_test SSID名称: anan_wlan
安全模板 名称:anan_sec 安全策略:WPA-WPA2+PSK+AES 密码:anan123456@
VAP模板 名称:anan_vap 业务VLAN : vlan10 引用模板:SSID模板anan_test ,安全模板anan_sec
NAT Outbound 私网ip地址网段:10.23.10.0/24映射到私网网关

1.配置AP和上层接口网络互通

复制代码 
[AP]int Vlanif 100
[AP-Vlanif100]ip address 192.168.1.193 255.255.255.0
[AP-Vlanif100]quit
[AP]int GigabitEthernet 0/0/0
#如果上行直连路由器,那么上行口可以配置为access
[AP-GigabitEthernet0/0/0]port link-type trunk 
[AP-GigabitEthernet0/0/0]port trunk allow-pass vlan 100
[AP-GigabitEthernet0/0/0]port trunk pvid vlan 100
[AP-GigabitEthernet0/0/0]quit
#配置缺省路由
[AP]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#完成后可以找一个外网ip  ping一下试试

配置后看能不能访问外网ip

配置DHCP

复制代码 
[AP]dhcp enable 
[AP]vlan batch 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[AP]int vlan 10
[AP-Vlanif10]ip address 10.23.10.1 24
#开启接口采用接口地址池的DHCP server功能
[AP-Vlanif10]dhcp select interface 
[AP-Vlanif10]quit

配置国家码

复制代码 
[AP]wlan 
#CN表示中国 ,不同国家射频特性不同
[AP-wlan-view]country-code CN

配置安全模板-创建名为anan_sec的安全模板,并配置安全策略WPA-WPA2+PSK+AES

复制代码 
[AP-wlan-view]security-profile name anan_sec
[AP-wlan-sec-prof-anan_sec]security wpa-wpa2 psk pass-phrase anan123456@ aes
[AP-wlan-sec-prof-anan_sec]quit

配置SSID模板,模板名为anan_test , SSID名称(WIFI名称)为anan_wlan

复制代码 
[AP-wlan-view]ssid-profile name anan_test
[AP-wlan-ssid-prof-anan_test]ssid anan_wlan
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-ssid-prof-anan_test]quit

创建名为VAP模板,配置业务vlan,并引用安全模板和SSID模板

复制代码 
[AP-wlan-view]vap-profile name anan_vap
[AP-wlan-vap-prof-anan_vap]service-vlan vlan-id 10
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]security-profile anan_sec
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]ssid-profile anan_test
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]quit

关闭AP射频的信道和功率自动调优功能 , 配置ap射频的信道和功率

复制代码 
[AP]interface Wlan-Radio 0/0/0
[AP-Wlan-Radio0/0/0]vap-profile anan_vap wlan 2
Info: This operation may take a few seconds, please wait.done.

[AP-Wlan-Radio0/0/0]calibrate auto-channel-select disable 
Info: This operation will recover the redundant radio.

[AP-Wlan-Radio0/0/0]calibrate auto-txpower-select disable 

[AP-Wlan-Radio0/0/0]channel 20mhz 1
Warning: This action may cause service interruption. Continue?[Y/N]Y
Info: The channel value and bandwidth value take effect only when automatic channel selection is disabled, and the value depends on the AP specifications and local laws and regulations.

[AP-Wlan-Radio0/0/0]eirp 127
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.

[AP-Wlan-Radio0/0/0]quit 
[AP]int Wlan-Radio 0/0/1
[AP-Wlan-Radio0/0/1]vap-profile anan_vap wlan  2
Info: This operation may take a few seconds, please wait.done.
[AP-Wlan-Radio0/0/1]calibrate auto-txpower-select disable 
[AP-Wlan-Radio0/0/1]calibrate auto-channel-select disable 
Info: This operation will recover the redundant radio.
[AP-Wlan-Radio0/0/1]channel 20mhz 165
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: The channel value and bandwidth value take effect only when automatic channel selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AP-Wlan-Radio0/0/1]eirp 127
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AP-Wlan-Radio0/0/1]quit

配置NAT地址转换(这步配置完终端连上就能用了)

复制代码 
[AP]acl 2000
[AP-acl-basic-nat]ru
[AP-acl-basic-nat]rule 5 pe
[AP-acl-basic-nat]rule 5 permit s
[AP-acl-basic-nat]rule 5 permit source 10.23.10.0 0.0.0.255
[AP-acl-basic-nat]quit
[AP]int Vlanif 100
[AP-Vlanif100]nat outbound 2000
[AP-Vlanif100]quit

配置完成后验证下

关闭SSID广播 (隐藏wifi名称)

复制代码 
[AP-wlan-ssid-prof-anan_test]ssid-hide enable

配置DNS

复制代码 
[AP]dns proxy enable 
[AP]dns resolve
[AP]dns server source-ip 192.168.1.193
Info: The source IP address used to exchange packets with the DNS server must belong to the same VPN as the DNS server IP address or the two IP addresses belong to a public network, and this source IP address must be the local device IP address. Otherwise, this function does not take effect.
[AP]dns server 61.139.2.69
#查看配置是否正确
[AP]dis current-configuration | include dns
portal pass dns enable
dns resolve
dns server 61.139.2.69
dns server source-ip 192.168.1.193
dns proxy enable

验证访问域名

相关推荐
achene_ql1 小时前
WebRTC:去中心化网络P2P框架解析
网络·去中心化·webrtc·p2p
s_little_monster1 小时前
【Linux】socket网络编程之TCP
linux·运维·网络·笔记·学习·tcp/ip·学习方法
煤灰2421 小时前
Linux上的网络编程-初探
linux·网络
啊QQQQQ2 小时前
网络IP分片
网络·网络协议·tcp/ip
✿ ༺ ོIT技术༻2 小时前
Linux:深入理解网络层
运维·服务器·网络
枫叶丹42 小时前
【HarmonyOS Next之旅】DevEco Studio使用指南(二十二)
华为·harmonyos·deveco studio·harmonyos next
网络空间小黑3 小时前
WEB渗透测试----信息收集
服务器·前端·网络·安全·web安全·网络安全
航Hang*4 小时前
实战项目3(04)
网络·计算机网络·ensp
liulilittle4 小时前
MAC-OS X 命令行设置IP、掩码、网关、DNS服务器地址
linux·网络·macos
热门推荐
01【分布式】Hadoop完全分布式的搭建(零基础)02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03KGG转MP3工具|非KGM文件|解密音频04YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】05【SpeedAI科研小助手】2分钟极速解决知网维普重复率、AIGC率过高,一键全文降!文件格式不变,公式都保留的!06Coze扣子平台完整体验和实践(附国内和国际版对比)07DeepSeek各版本说明与优缺点分析08苍穹外卖面试总结09西电B测-计算机网络综合实验(含验收问题)10组基轨迹建模 GBTM的介绍与实现(Stata 或 R)