华为FAT AP配置 真机

ax一号街阿楠2025-05-13 8:33

FAT AP 的主要特点

特性 说明
独立工作 不需要AC(无线控制器),自己处理认证、加密、漫游等功能。
内置完整功能 支持SSID、安全策略(WPA/WPA2)、VLAN、QoS、DHCP等。
适合小型网络 适用于家庭、小企业、分支机构等少量AP的场景。
成本较高(相比FIT AP) 功能集成度高,硬件成本通常比FIT AP高。
配置复杂(大规模部署) 每个AP需要单独配置,管理维护麻烦。

简单组网示例

AP相关规划

设备:

AP:4050DN-HD

POE交换机 :S2700-9TP-PWR-EI

项目 说明
终端的业务VLAN 10
DHCP服务器 AP作为终端的DHCP服务器
终端地址池 10.23.10.2~10.23.10.254 / 24
SSID模板 名称 : anan_test SSID名称: anan_wlan
安全模板 名称:anan_sec 安全策略:WPA-WPA2+PSK+AES 密码:anan123456@
VAP模板 名称:anan_vap 业务VLAN : vlan10 引用模板:SSID模板anan_test ,安全模板anan_sec
NAT Outbound 私网ip地址网段:10.23.10.0/24映射到私网网关

1.配置AP和上层接口网络互通

复制代码 
[AP]int Vlanif 100
[AP-Vlanif100]ip address 192.168.1.193 255.255.255.0
[AP-Vlanif100]quit
[AP]int GigabitEthernet 0/0/0
#如果上行直连路由器,那么上行口可以配置为access
[AP-GigabitEthernet0/0/0]port link-type trunk 
[AP-GigabitEthernet0/0/0]port trunk allow-pass vlan 100
[AP-GigabitEthernet0/0/0]port trunk pvid vlan 100
[AP-GigabitEthernet0/0/0]quit
#配置缺省路由
[AP]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#完成后可以找一个外网ip  ping一下试试

配置后看能不能访问外网ip

配置DHCP

复制代码 
[AP]dhcp enable 
[AP]vlan batch 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[AP]int vlan 10
[AP-Vlanif10]ip address 10.23.10.1 24
#开启接口采用接口地址池的DHCP server功能
[AP-Vlanif10]dhcp select interface 
[AP-Vlanif10]quit

配置国家码

复制代码 
[AP]wlan 
#CN表示中国 ,不同国家射频特性不同
[AP-wlan-view]country-code CN

配置安全模板-创建名为anan_sec的安全模板,并配置安全策略WPA-WPA2+PSK+AES

复制代码 
[AP-wlan-view]security-profile name anan_sec
[AP-wlan-sec-prof-anan_sec]security wpa-wpa2 psk pass-phrase anan123456@ aes
[AP-wlan-sec-prof-anan_sec]quit

配置SSID模板,模板名为anan_test , SSID名称(WIFI名称)为anan_wlan

复制代码 
[AP-wlan-view]ssid-profile name anan_test
[AP-wlan-ssid-prof-anan_test]ssid anan_wlan
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-ssid-prof-anan_test]quit

创建名为VAP模板,配置业务vlan,并引用安全模板和SSID模板

复制代码 
[AP-wlan-view]vap-profile name anan_vap
[AP-wlan-vap-prof-anan_vap]service-vlan vlan-id 10
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]security-profile anan_sec
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]ssid-profile anan_test
Info: This operation may take a few seconds, please wait.done.
[AP-wlan-vap-prof-anan_vap]quit

关闭AP射频的信道和功率自动调优功能 , 配置ap射频的信道和功率

复制代码 
[AP]interface Wlan-Radio 0/0/0
[AP-Wlan-Radio0/0/0]vap-profile anan_vap wlan 2
Info: This operation may take a few seconds, please wait.done.

[AP-Wlan-Radio0/0/0]calibrate auto-channel-select disable 
Info: This operation will recover the redundant radio.

[AP-Wlan-Radio0/0/0]calibrate auto-txpower-select disable 

[AP-Wlan-Radio0/0/0]channel 20mhz 1
Warning: This action may cause service interruption. Continue?[Y/N]Y
Info: The channel value and bandwidth value take effect only when automatic channel selection is disabled, and the value depends on the AP specifications and local laws and regulations.

[AP-Wlan-Radio0/0/0]eirp 127
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.

[AP-Wlan-Radio0/0/0]quit 
[AP]int Wlan-Radio 0/0/1
[AP-Wlan-Radio0/0/1]vap-profile anan_vap wlan  2
Info: This operation may take a few seconds, please wait.done.
[AP-Wlan-Radio0/0/1]calibrate auto-txpower-select disable 
[AP-Wlan-Radio0/0/1]calibrate auto-channel-select disable 
Info: This operation will recover the redundant radio.
[AP-Wlan-Radio0/0/1]channel 20mhz 165
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: The channel value and bandwidth value take effect only when automatic channel selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AP-Wlan-Radio0/0/1]eirp 127
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AP-Wlan-Radio0/0/1]quit

配置NAT地址转换(这步配置完终端连上就能用了)

复制代码 
[AP]acl 2000
[AP-acl-basic-nat]ru
[AP-acl-basic-nat]rule 5 pe
[AP-acl-basic-nat]rule 5 permit s
[AP-acl-basic-nat]rule 5 permit source 10.23.10.0 0.0.0.255
[AP-acl-basic-nat]quit
[AP]int Vlanif 100
[AP-Vlanif100]nat outbound 2000
[AP-Vlanif100]quit

配置完成后验证下

关闭SSID广播 (隐藏wifi名称)

复制代码 
[AP-wlan-ssid-prof-anan_test]ssid-hide enable

配置DNS

复制代码 
[AP]dns proxy enable 
[AP]dns resolve
[AP]dns server source-ip 192.168.1.193
Info: The source IP address used to exchange packets with the DNS server must belong to the same VPN as the DNS server IP address or the two IP addresses belong to a public network, and this source IP address must be the local device IP address. Otherwise, this function does not take effect.
[AP]dns server 61.139.2.69
#查看配置是否正确
[AP]dis current-configuration | include dns
portal pass dns enable
dns resolve
dns server 61.139.2.69
dns server source-ip 192.168.1.193
dns proxy enable

验证访问域名

相关推荐
海特伟业16 小时前
医院数字IP广播系统:基于内部局域网的分布式数字化医院IP广播
网络·音频
代码哈士奇16 小时前
使用仓颉开发一个简单的http服务
网络·网络协议·http·仓颉
Jayyih17 小时前
OSI七层模型和TCP/IP四层模型
网络·tcp/ip·php
C嘎嘎嵌入式开发17 小时前
(22)100天python从入门到拿捏《【网络爬虫】网络基础与HTTP协议》
网络·爬虫·python
多测师_王sir17 小时前
鸿蒙hdc命令【杭州多测师】
华为·harmonyos
黑岚樱梦18 小时前
计算机网络第四章学习
网络·学习·计算机网络
微小冷18 小时前
ARP协议详解及其Wireshark抓包测试
网络·测试工具·wireshark·抓包·tcp/ip协议·arp协议·地址解析协议
RTC老炮18 小时前
webrtc弱网-RembThrottler类源码分析及算法原理
网络·算法·webrtc
嫄码18 小时前
HTTPS的四次握手过程
服务器·网络·https
一点七加一18 小时前
Harmony鸿蒙开发0基础入门到精通Day01--JavaScript篇
开发语言·javascript·华为·typescript·ecmascript·harmonyos
热门推荐
01GitHub 镜像站点02BongoCat - 跨平台键盘猫动画工具03UV安装并设置国内源04GitLab 零基础入门指南:从安装到项目管理全流程05Linux下V2Ray安装配置指南06NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南07在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)082025软件测试面试八股文(含答案+文档)09Labelme从安装到标注:零基础完整指南10【vue篇】Vue 项目中的静态资源管理:assets vs static 终极指南