1.实验拓扑
2.基础配置
[SW1]dis cu
#
sysname SW1
#
vlan batch 10 100 110 120
#
dhcp enable
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.100.1
#
interface Vlanif110
ip address 192.168.110.1 255.255.255.0
dhcp select interface
#
interface Vlanif120
ip address 192.168.120.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 110 120
#
ip route-static 8.8.8.8 255.255.255.255 192.168.10.1
#
[SW2]dis cu
#
sysname SW2
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.2
#
[AC1]dis cu
#
sysname AC1
#
vlan batch 100 110 120
#
vlan pool 1
vlan 110 120
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
capwap source interface vlanif100
#
wlan
security-profile name huawei
security wpa-wpa2 psk pass-phrase %^%#+hOW~@wYj$]V3"In*EC:{%%+9w/N"SS{rHLdV>IT%^%# aes
security-profile name wds-sec
security wpa2 psk pass-phrase %^%#LVE>*]9}2D)gSDUcuSE*Gxkk.'X4)UZtd|'.@cW;%^%# aes
security-profile name wlan-net
ssid-profile name huawei
ssid huawei
ssid-profile name wlan-net
ssid wlan-net
vap-profile name huawei
service-vlan vlan-pool 1
ssid-profile huawei
security-profile huawei
vap-profile name wlan-net
service-vlan vlan-pool 1
ssid-profile wlan-net
security-profile wlan-net
wds-whitelist-profile name wds-list1
peer-ap mac 00e0-fc65-7800
wds-profile name wds-leaf
security-profile wds-sec
vlan tagged 110 120
wds-name wlan-wds
wds-profile name wds-root
security-profile wds-sec
vlan tagged 110 120
wds-name wlan-wds
wds-mode root
ap-group name ap1
radio 0
vap-profile huawei wlan 1
radio 1
vap-profile huawei wlan 1
wds-profile wds-root
wds-whitelist-profile wds-list1
radio 2
vap-profile huawei wlan 1
ap-group name ap2
radio 0
vap-profile wlan-net wlan 1
radio 1
vap-profile wlan-net wlan 1
wds-profile wds-leaf
radio 2
vap-profile wlan-net wlan 1
ap-id 0 type-id 47 ap-mac 00e0-fce0-3dd0 ap-sn 210235448310B80C4479
ap-name AP1
ap-group ap1
radio 1
channel 40mhz-plus 157
coverage distance 4
ap-id 1 type-id 47 ap-mac 00e0-fc65-7800 ap-sn 210235448310555B520A
ap-name AP2
ap-group ap2
radio 1
channel 40mhz-plus 149
coverage distance 4
#3.wds重点配置
(在WDS网络中,建立WDS链路的射频必须为同一信道。)
AC1-wlan-view\]ap-id 1 \[AC1-wlan-ap-1\]di th # ap-name AP2 ap-group ap2 radio 1 channel 40mhz-plus 149 coverage distance 4 # return \[AC1-wlan-view\]ap-id 0 \[AC1-wlan-ap-0\]dis th # ap-name AP1 ap-group ap1 radio 1 channel 40mhz-plus 157 coverage distance 4 # return **#配置WDS链路使用的安全模板"wds-sec","wds-sec"的安全策略为WPA2+PSK+AES。** \[AC1-wlan-view\]security-profile name wds-sec \[AC1-wlan-sec-prof-wds-sec\]di th # security wpa2 psk pass-phrase %\^%#LVE\>\*\]9}2D)gSDUcuSE\*Gxkk.'X4)UZtd\|'.@cW;%\^%# aes # return **# 配置WDS白名单。配置AP_1绑定的WDS白名单"wds-list1",仅允许AP_2接入** \[AC1-wlan-view\]wds-whitelist-profile name wds-list1 \[AC1-wlan-wds-whitelist-wds-list1\]di th # peer-ap mac 00e0-fc65-7800 # return **# 配置WDS模板"wds-root"。网桥标识为"wlan-wds",网桥模式为"root",引用安全模板"wds-sec",以tagged形式允许无线业务VLAN101通过。** \[AC1-wlan-view\]wds-profile name wds-root \[AC1-wlan-wds-prof-wds-root\]di th # security-profile wds-sec vlan tagged 110 120 wds-name wlan-wds wds-mode root # return **# 配置WDS模板"wds-leaf"。网桥标识为"wlan-wds",网桥模式为"leaf",引用安全模板"wds-sec",以tagged形式允许无线业务VLAN101通过。** \[AC1-wlan-view\]wds-profile name wds-leaf \[AC1-wlan-wds-prof-wds-leaf\]di th # security-profile wds-sec vlan tagged 110 120 wds-name wlan-wds # return **# 配置AP组"ap-group1"的射频1引用WDS白名单"wds-list1"。** \[AC1-wlan-ap-group-ap1\]radio 1 \[AC1-wlan-group-radio-ap1/1\]di th # wds-whitelist-profile wds-list1 # return **# 配置AP组"ap-group1",引用WDS模板"wds-root"。** ``` [AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] wds-profile wds-root radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y ``` **# 配置AP组"ap-group2",引用WDS模板"wds-leaf"。** ``` [AC-wlan-view] ap-group name ap-group2 [AC-wlan-ap-group-ap-group2] wds-profile wds-leaf radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y ``` **配置WLAN业务参数** **# 创建名为"wlan-net"的安全模板,并配置安全策略。** ``` [AC-wlan-view] security-profile name wlan-net [AC-wlan-sec-prof-wlan-net] security open #在ensp模拟器里面此处建议设置为开放,否则很难连接无线。 [AC-wlan-sec-prof-wlan-net] quit ``` **# 创建名为"wlan-net"的SSID模板,并配置SSID名称为"wlan-net"。** ``` [AC-wlan-view] ssid-profile name wlan-net [AC-wlan-ssid-prof-wlan-net] ssid wlan-net [AC-wlan-ssid-prof-wlan-net] quit ``` **# 创建名为"wlan-net"的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。** ``` [AC-wlan-view] vap-profile name wlan-net [AC-wlan-vap-prof-wlan-net] forward-mode direct-forward [AC-wlan-vap-prof-wlan-net] service-vlan vlan-pool 1 [AC-wlan-vap-prof-wlan-net] security-profile wlan-net [AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net [AC-wlan-vap-prof-wlan-net] quit ``` \[AC1-wlan-view\]ap-group name ap2 \[AC1-wlan-ap-group-ap2\]di th # radio 0 **vap-profile wlan-net wlan 1** radio 1 **vap-profile wlan-net wlan 1** wds-profile wds-leaf radio 2 **vap-profile wlan-net wlan 1** # return
4.验证
