(eNSP）配置WDS手拉手业务

1.实验拓扑

2.基础配置

复制代码

[SW1]dis cu
#
sysname SW1
#
vlan batch 10 100 110 120
#
dhcp enable
#
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
#
interface Vlanif100
 ip address 192.168.100.2 255.255.255.0
 dhcp select interface
 dhcp server excluded-ip-address 192.168.100.1
#
interface Vlanif110
 ip address 192.168.110.1 255.255.255.0
 dhcp select interface
#
interface Vlanif120
 ip address 192.168.120.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 100
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 110 120
#
ip route-static 8.8.8.8 255.255.255.255 192.168.10.1
#

[SW2]dis cu
#
sysname SW2
#
vlan batch 10
#
interface Vlanif10
 ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.2
#

[AC1]dis cu
#
 sysname AC1
#
vlan batch 100 110 120
#
vlan pool 1
 vlan 110 120
#
interface Vlanif100
 ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
capwap source interface vlanif100
#
wlan
 security-profile name huawei
  security wpa-wpa2 psk pass-phrase %^%#+hOW~@wYj$]V3"In*EC:{%%+9w/N"SS{rHLdV>IT%^%# aes
 security-profile name wds-sec
  security wpa2 psk pass-phrase %^%#LVE>*]9}2D)gSDUcuSE*Gxkk.'X4)UZtd|'.@cW;%^%# aes
 security-profile name wlan-net
 ssid-profile name huawei
  ssid huawei
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name huawei
  service-vlan vlan-pool 1
  ssid-profile huawei
  security-profile huawei
 vap-profile name wlan-net
  service-vlan vlan-pool 1
  ssid-profile wlan-net
  security-profile wlan-net
 wds-whitelist-profile name wds-list1
  peer-ap mac 00e0-fc65-7800
 wds-profile name wds-leaf
  security-profile wds-sec
  vlan tagged 110 120
  wds-name wlan-wds
 wds-profile name wds-root
  security-profile wds-sec
  vlan tagged 110 120
  wds-name wlan-wds
  wds-mode root
 ap-group name ap1
  radio 0
   vap-profile huawei wlan 1
  radio 1
   vap-profile huawei wlan 1
   wds-profile wds-root
   wds-whitelist-profile wds-list1
  radio 2
   vap-profile huawei wlan 1
 ap-group name ap2
  radio 0
   vap-profile wlan-net wlan 1
  radio 1
   vap-profile wlan-net wlan 1
   wds-profile wds-leaf
  radio 2
   vap-profile wlan-net wlan 1
 ap-id 0 type-id 47 ap-mac 00e0-fce0-3dd0 ap-sn 210235448310B80C4479
  ap-name AP1
  ap-group ap1
  radio 1
   channel 40mhz-plus 157
   coverage distance 4
 ap-id 1 type-id 47 ap-mac 00e0-fc65-7800 ap-sn 210235448310555B520A
  ap-name AP2
  ap-group ap2
  radio 1
   channel 40mhz-plus 149
   coverage distance 4
#

3.wds重点配置

（在WDS网络中，建立WDS链路的射频必须为同一信道。）

$AC1-wlan-view$ ap-id 1

$AC1-wlan-ap-1$ di th

ap-name AP2

ap-group ap2

radio 1

channel 40mhz-plus 149

coverage distance 4

return

$AC1-wlan-view$ ap-id 0

$AC1-wlan-ap-0$ dis th

ap-name AP1

ap-group ap1

radio 1

channel 40mhz-plus 157

coverage distance 4

return

#配置WDS链路使用的安全模板"wds-sec"，"wds-sec"的安全策略为WPA2+PSK+AES。

$AC1-wlan-view$ security-profile name wds-sec

$AC1-wlan-sec-prof-wds-sec$ di th

security wpa2 psk pass-phrase %^%#LVE>*]9}2D)gSDUcuSE*Gxkk.'X4)UZtd|'.@cW;%^%# aes

return

# 配置WDS白名单。配置AP_1绑定的WDS白名单"wds-list1"，仅允许AP_2接入

$AC1-wlan-view$ wds-whitelist-profile name wds-list1

$AC1-wlan-wds-whitelist-wds-list1$ di th

peer-ap mac 00e0-fc65-7800

return

# 配置WDS模板"wds-root"。网桥标识为"wlan-wds"，网桥模式为"root"，引用安全模板"wds-sec"，以tagged形式允许无线业务VLAN101通过。

$AC1-wlan-view$ wds-profile name wds-root

$AC1-wlan-wds-prof-wds-root$ di th

security-profile wds-sec

vlan tagged 110 120

wds-name wlan-wds

wds-mode root

return

# 配置WDS模板"wds-leaf"。网桥标识为"wlan-wds"，网桥模式为"leaf"，引用安全模板"wds-sec"，以tagged形式允许无线业务VLAN101通过。

$AC1-wlan-view$ wds-profile name wds-leaf

$AC1-wlan-wds-prof-wds-leaf$ di th

security-profile wds-sec

vlan tagged 110 120

wds-name wlan-wds

return

# 配置AP组"ap-group1"的射频1引用WDS白名单"wds-list1"。

$AC1-wlan-ap-group-ap1$ radio 1

$AC1-wlan-group-radio-ap1/1$ di th

wds-whitelist-profile wds-list1

return

# 配置AP组"ap-group1"，引用WDS模板"wds-root"。
复制代码
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] wds-profile wds-root radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
# 配置AP组"ap-group2"，引用WDS模板"wds-leaf"。
复制代码
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] wds-profile wds-leaf radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
配置WLAN业务参数

# 创建名为"wlan-net"的安全模板，并配置安全策略。
复制代码
[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security open  #在ensp模拟器里面此处建议设置为开放，否则很难连接无线。
[AC-wlan-sec-prof-wlan-net] quit
# 创建名为"wlan-net"的SSID模板，并配置SSID名称为"wlan-net"。
复制代码
[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit
# 创建名为"wlan-net"的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板。
复制代码
[AC-wlan-view] vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net] forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-pool 1
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit
$AC1-wlan-view$ ap-group name ap2

$AC1-wlan-ap-group-ap2$ di th

radio 0
vap-profile wlan-net wlan 1

radio 1

vap-profile wlan-net wlan 1

wds-profile wds-leaf

radio 2

vap-profile wlan-net wlan 1

return

(eNSP）配置WDS手拉手业务

1.实验拓扑

2.基础配置

3.wds重点配置

4.验证