【网工】华为配置专题进阶篇⑤

■无线WLAN配置

需求

实验

■无线WLAN配置

需求

1、配置隧道转发模式，完成AP上线，内部办公用户（VLAN101）能通过无线上网。

2、访客（VLAN102）能通过无线上网，配置为直接转发模式。隧道转发与直接转发过程如下图所示：

3、管理VLAN100，业务VAN101和102，VLAN101为内部用户提供上网服务（SSID：work),VLAN 102为访客提供上网服务(SSTD:guest)。AP通过AC DHCP自动获取 IP 192.168.100.0/24地址段的地址，用户通过SW1 DHCP自动分配对应网段的地址。

实验

SW1

<Huawei>system-view

$Huawei$ sysname SW1

$SW1$ vlan batch 101 102 200

$SW1$ interface Gigabitethernet 0/0/3

$SW1-GigabitEthernet0/0/3$ port link-type access

$SW1-GigabitEthernet0/0/3$ port default vlan 200

$SW1-GigabitEthernet0/0/3$ quit

$SW1$ interface GigabitEthernet 0/0/2

$SW1-GigabitEthernet0/0/2$ port link-type trunk

$SW1-G1gabitEthernet0/0/2$ port trunk allow-pass vlan all

$SW1-G1gabitEthernet0/0/2$ quit

$SW1$ interface GigabitEthernet 0/0/1

$SW1-GigabitEthernet0/0/1$ port link-type trunk

$SW1-GigabitEthernet0/0/1$ port trunk allow-pass vlan 100

$SW1-Gigabitethernet0/0/1$ quit

$SW1$ dhcp enable

$SW1$ interface vlanif 101

$SW1-vlanif101$ ip add 192.168.101.254 24

$SW1-vlanif101$ quit

$SW1$ interface vlanif 102

$SW1-vlanif102$ ip add 192.168.102.254 24

$SW1-vlanif102$ quit

$SW1$ interface vlanif 200

$SW1-vlanif200$ ip add 192.168.200.1 30

$SW1-vlanif200$ quit

$SW1$ dhcp enable

$SW1$ interface vlanif 101

$SW1-vlanif101$ dhcp select interface

$SW1-vlanif101$ quit

$SW1$ interface vlanif 102

$SW1-vlanif102$ dhcp select interface

$SW1-vlanif102$ quit
$SW1$
$SW1$ vlan 100

$SW1-vlan100$ quit

$SW1$ interface g0/0/1

$SW1-GigabitEthernet0/0/1$ port trunk allow-pass vlan 102 100

$SW1-GigabitEthernet0/0/1$ quit
$SW1$

Router

<Huawei>system-view

$Huawei$ sysname Router

$Router$ interface GigabitEthernet 0/0/0

$Router-GigabitEthernet0/0/0$ ip add 192.168.200.2 30

$Router-GigabitEthernet0/0/0$ quit

$Router$ ip route-static 192.168.101.0 24 192.168.200.1

$Router$ ip route-static 192.168.102.0 24 192.168.200.1

SW2

<Huawei>system-view

$Huawei$ sysname SW2

$SW2$ vlan 100

$SW2-vlan100$ quit

$SW2$ interface GigabitEthernet 0/0/3

$SW2-GigabitEthernet0/0/3$ port link-type trunk

$SW2-GigabitEthernet0/0/3$ port trunk allow-pass vlan 100

$SW2-GigabitEthernet0/0/3$ quit

$SW2$ interface GigabitEthernet 0/0/1

$SW2-GigabitEthernet0/0/1$ port link-type trunk

$SW2-GigabitEthernet0/0/1$ port trunk allow-pass vlan 100

$SW2-GigabitEthernet0/0/1$ port trunk pvid vlan 100

$SW2-GigabitEthernet0/0/1$ quit
$SW2$
$SW2$ vlan 102

$SW2-vlan102$ quit

$SW2$ interface g0/0/1

$SW2-GigabitEthernet0/0/1$ port trunk allow-pass vlan 100 102

$SW2-GigabitEthernet0/0/1$ int g0/0/3

$SW2-GigabitEthernet0/0/3$ port trunk allow-pass vlan 100 102

$SW2-GigabitEthernet0/0/3$ quit
$SW2$

AC6605

<Huawei>system-view

$Huawei$ sysname AC6605

$AC6605$ vlan batch 100 101 102

$AC6605$ interface GigabitEthernet 0/0/1

$AC6605-GigabitEthernet0/0/1$ port link-type trunk

$AC6605-GigabitEthernet0/0/1$ port trunk allow-pass vlan all

$AC6605-GigabitEthernet0/0/1$ quit

$AC6605$ interface vlanif 100

$AC6605-vlanif100$ ip add 192.168.100.254 24

$AC6605-vlanif100$ quit

$AC6605$ dhcp enable

$AC6605$ interface vlanif 100

$AC6605-vlanif100$ dhcp select interface

$AC6605-vlanif100$ quit

$AC6605$ wlan

$AC6605-wlan-view$ regulatory-domain-profile name china

$AC6605-wlan-regulate-domain-china$ country-code CN

$AC6605-wlan-regulate-domain-china$ quit

$AC6605-wlan-view$ ap-group name jiaoxue

$AC6605-wlan-ap-group-jiaoxue$ regulatory-domain-profile china

$AC6605-wlan-ap-group-jiaoxue$ quit

$AC6605-wlan-view$ quit

$AC6605$ capwap source interface vlanif 100

$AC6605$ wlan

$AC6605-wlan-view$ ap auth-mode mac-auth

$AC6605-wlan-view$ ap-id 1 ap-mac 00e0-fc3f-7500

$AC6605-wlan-ap-1$ ap-name JX001

$AC6605-wlan-ap-1$ ap-group jiaoxue

$AC6605-wlan-ap-1$ quit

$AC6605-wlan-view$ quit

$AC6605$ display ap all

进行 $SW1$ vlan 100操作后。

$AC6605$ display ap all

$AC6605$ wlan

$AC6605-wlan-view$ security-profile name sec_work

$AC6605-wlan-sec-prof-sec_work$ security wpa-wpa2 psk pass-phrase a1234567 aes

$AC6605-wlan-sec-prof-sec_work$ quit

$AC6605-wlan-view$ quit

配置SSID

$AC6605$ wlan

$AC6605-wlan-view$ ssid-profile name profile_work

$AC6605-wlan-ssid-prof-profile_work$ ssid work

$AC6605-wlan-ssid-prof-profile_work$ quit

$AC6605-wlan-view$ vap-profile name vap_work

$AC6605-wlan-vap-prof-vap_work$ ssid-profile profile_work

$AC6605-wlan-vap-prof-vap_work$ forward-mode tunnel

$AC6605-wlan-vap-prof-vap_work$ service-vlan vlan-id 101

$AC6605-wlan-vap-prof-vap_work$ security-profile sec_work

$AC6605-wlan-vap-prof-vap_work$ quit

$AC6605-wlan-view$ ap-group name jiaoxue

$AC6605-wlan-ap-group-jiaoxue$ vap-profile vap_work wlan 1 radio 0

$AC6605-wlan-ap-group-jiaoxue$ quit

$AC6605-wlan-view$ quit

访客

$AC6605$ wlan

$AC6605-wlan-view$ ssid-profile name profile_guest

$AC6605-wlan-ssid-prof-profile_guest$ ssid guest

$AC6605-wlan-ssid-prof-profile_guest$ quit

$AC6605-wlan-view$ vap-profile name vap_guest

$AC6605-wlan-vap-prof-vap_guest$ forward-mode direct-forward

$AC6605-wlan-vap-prof-vap_guest$ service-vlan vlan-id 102

$AC6605-wlan-vap-prof-vap_guest$ security-profile sec_work

$AC6605-wlan-vap-prof-vap_guest$ ssid-profile profile_guest

$AC6605-wlan-vap-prof-vap_guest$ quit

$AC6605-wlan-view$ ap-group name jiaoxue

$AC6605-wlan-ap-group-jiaoxue$ vap-profile vap_guest wlan 2 radio all

至此，本文分享的内容就结束了。