【网工】华为配置专题进阶篇⑤

■无线WLAN配置

需求

实验

■无线WLAN配置

需求

1、配置隧道转发模式，完成AP上线，内部办公用户（VLAN101）能通过无线上网。

2、访客（VLAN102）能通过无线上网，配置为直接转发模式。隧道转发与直接转发过程如下图所示：

3、管理VLAN100，业务VAN101和102，VLAN101为内部用户提供上网服务（SSID：work),VLAN 102为访客提供上网服务(SSTD:guest)。AP通过AC DHCP自动获取 IP 192.168.100.0/24地址段的地址，用户通过SW1 DHCP自动分配对应网段的地址。

实验

SW1

<Huawei>system-view
$Huawei\]****sysname**** SW1 \[SW1\]****vlan batch**** 101 102 200 \[SW1\]****interface**** Gigabitethernet 0/0/3 \[SW1-GigabitEthernet0/0/3\] ****port link-type access**** \[SW1-GigabitEthernet0/0/3\] ****port default vlan 200**** \[SW1-GigabitEthernet0/0/3\]quit \[SW1\]****interface**** GigabitEthernet 0/0/2 \[SW1-GigabitEthernet0/0/2\] ****port link-type trunk**** \[SW1-G1gabitEthernet0/0/2\]****port trunk allow-pass vlan all**** \[SW1-G1gabitEthernet0/0/2\]****quit**** \[SW1\]****interface**** GigabitEthernet 0/0/1 \[SW1-GigabitEthernet0/0/1\]****port link-type trunk**** \[SW1-GigabitEthernet0/0/1\]****port trunk allow-pass vlan 100**** \[SW1-Gigabitethernet0/0/1\]quit \[SW1\]dhcp enable \[SW1\]****interface**** vlanif 101 \[SW1-vlanif101\]ip add 192.168.101.254 24 \[SW1-vlanif101\]quit \[SW1\]****interface**** vlanif 102 \[SW1-vlanif102\]ip add 192.168.102.254 24 \[SW1-vlanif102\]quit \[SW1\]****interface**** vlanif 200 \[SW1-vlanif200\]ip add 192.168.200.1 30 \[SW1-vlanif200\]quit \[SW1\]dhcp enable \[SW1\]interface vlanif 101 \[SW1-vlanif101\]****dhcp select interface**** \[SW1-vlanif101\]quit \[SW1\]interface vlanif 102 \[SW1-vlanif102\]****dhcp select interface**** \[SW1-vlanif102\]quit \[SW1$ $SW1\]vlan 100 \[SW1-vlan100\]quit \[SW1\]interface g0/0/1 \[SW1-GigabitEthernet0/0/1\]port trunk allow-pass vlan 102 100 \[SW1-GigabitEthernet0/0/1\]quit \[SW1$

Router

<Huawei>system-view
$Huawei\]****sysname**** Router \[Router\]****interface**** GigabitEthernet 0/0/0 \[Router-GigabitEthernet0/0/0\]****ip add**** 192.168.200.2 30 \[Router-GigabitEthernet0/0/0\]****quit**** \[Router\]ip route-static 192.168.101.0 24 192.168.200.1 \[Router\]ip route-static 192.168.102.0 24 192.168.200.1$

SW2

<Huawei>system-view
$Huawei\]****sysname**** SW2 \[SW2\]vlan 100 \[SW2-vlan100\]quit \[SW2\]****interface**** GigabitEthernet 0/0/3 \[SW2-GigabitEthernet0/0/3\]port link-type trunk \[SW2-GigabitEthernet0/0/3\]port trunk allow-pass vlan 100 \[SW2-GigabitEthernet0/0/3\]quit \[SW2\]****interface**** GigabitEthernet 0/0/1 \[SW2-GigabitEthernet0/0/1\]port link-type trunk \[SW2-GigabitEthernet0/0/1\]port trunk allow-pass vlan 100 \[SW2-GigabitEthernet0/0/1\]port trunk pvid vlan 100 \[SW2-GigabitEthernet0/0/1\]quit \[SW2$ $SW2\]vlan 102 \[SW2-vlan102\]quit \[SW2\]interface g0/0/1 \[SW2-GigabitEthernet0/0/1\]port trunk allow-pass vlan 100 102 \[SW2-GigabitEthernet0/0/1\]int g0/0/3 \[SW2-GigabitEthernet0/0/3\]port trunk allow-pass vlan 100 102 \[SW2-GigabitEthernet0/0/3\]quit \[SW2$

AC6605

<Huawei>system-view
$Huawei\]sysname AC6605 \[AC6605\]vlan batch 100 101 102 \[AC6605\]****interface**** GigabitEthernet 0/0/1 \[AC6605-GigabitEthernet0/0/1\]port link-type trunk \[AC6605-GigabitEthernet0/0/1\]port trunk allow-pass vlan all \[AC6605-GigabitEthernet0/0/1\]quit \[AC6605\]interface vlanif 100 \[AC6605-vlanif100\]ip add 192.168.100.254 24 \[AC6605-vlanif100\]quit \[AC6605\]dhcp enable \[AC6605\]interface vlanif 100 \[AC6605-vlanif100\]dhcp select interface \[AC6605-vlanif100\]quit \[AC6605\]wlan \[AC6605-wlan-view\]regulatory-domain-profile name china \[AC6605-wlan-regulate-domain-china\]country-code CN \[AC6605-wlan-regulate-domain-china\]quit \[AC6605-wlan-view\]ap-group name jiaoxue \[AC6605-wlan-ap-group-jiaoxue\]regulatory-domain-profile china \[AC6605-wlan-ap-group-jiaoxue\]quit \[AC6605-wlan-view\]quit \[AC6605\]capwap source interface vlanif 100 \[AC6605\]wlan \[AC6605-wlan-view\]ap auth-mode mac-auth \[AC6605-wlan-view\]ap-id 1 ap-mac 00e0-fc3f-7500 \[AC6605-wlan-ap-1\]ap-name JX001 \[AC6605-wlan-ap-1\]ap-group jiaoxue \[AC6605-wlan-ap-1\]****quit**** \[AC6605-wlan-view\]****quit**** \[AC6605\]****display ap all****$

进行[SW1]vlan 100操作后。
$AC6605\]****display ap all****$

$AC6605\]wlan \[AC6605-wlan-view\]security-profile name sec_work \[AC6605-wlan-sec-prof-sec_work\]****security wpa-wpa2 psk pass-phrase a1234567 aes**** \[AC6605-wlan-sec-prof-sec_work\]quit \[AC6605-wlan-view\]quit # 配置SSID \[AC6605\]wlan \[AC6605-wlan-view\]****ssid-profile**** name profile_work \[AC6605-wlan-ssid-prof-profile_work\]****ssid**** work \[AC6605-wlan-ssid-prof-profile_work\]quit \[AC6605-wlan-view\]vap-profile name vap_work \[AC6605-wlan-vap-prof-vap_work\]ssid-profile profile_work \[AC6605-wlan-vap-prof-vap_work\]****forward-mode**** ****tunnel**** \[AC6605-wlan-vap-prof-vap_work\]service-vlan vlan-id 101 \[AC6605-wlan-vap-prof-vap_work\]security-profile sec_work \[AC6605-wlan-vap-prof-vap_work\]quit \[AC6605-wlan-view\]ap-group name jiaoxue \[AC6605-wlan-ap-group-jiaoxue\]****vap-profile vap_work wlan 1 radio 0**** \[AC6605-wlan-ap-group-jiaoxue\]quit \[AC6605-wlan-view\]quit # 访客 \[AC6605\]wlan \[AC6605-wlan-view\]ssid-profile name profile_guest \[AC6605-wlan-ssid-prof-profile_guest\]ssid guest \[AC6605-wlan-ssid-prof-profile_guest\]quit \[AC6605-wlan-view\]vap-profile name vap_guest \[AC6605-wlan-vap-prof-vap_guest\]****forward-mode**** ****direct-forward**** \[AC6605-wlan-vap-prof-vap_guest\]service-vlan vlan-id 102 \[AC6605-wlan-vap-prof-vap_guest\]security-profile sec_work \[AC6605-wlan-vap-prof-vap_guest\]ssid-profile profile_guest \[AC6605-wlan-vap-prof-vap_guest\]quit \[AC6605-wlan-view\]ap-group name jiaoxue \[AC6605-wlan-ap-group-jiaoxue\]****vap-profile vap_guest wlan 2 radio all****$

至此，本文分享的内容就结束了。