华为中小型企业网络建设

Neolnfra2025-12-21 8:28

摘要

本文围绕某中小型企业网络拓扑,系统整合多技术栈实现了端到端部署:利用MSTP规划SW1与SW2间的链路冗余与VLAN流量负载;采用VRRP为各业务VLAN提供网关冗余,确保接入层交换机及终端网络的连续性;通过DHCP为有线终端与AP自动分配对应VLAN的IP地址;部署AC+AP实现无线终端的统一接入与管理;基于OSPF完成AR1、FW1与核心设备间的动态路由学习;最后在FW1配置NAT及安全策略,实现内网终端安全访问公网。全方案覆盖网络互联、冗余、无线、路由及安全等维度,全面适配中小型企业对高可用、易管理、高安全的组网需求。

网络拓扑图

有问题私信看主页

配置步骤

核心交换机SW1配置步骤

<SW1>system-view

SW1\]sysname SW1 //设置设备名称为SW1 \[SW1\]vlan batch 10 20 30 40 50 100 to 101 200 //批量创建VLAN \[SW1\]stp instance 1 root primary //设置为实例1的主根桥 \[SW1\]stp instance 2 root secondary //设置为实例2的备份根桥 \[SW1\]dhcp enable //启用DHCP服务 \[SW1\]stp region-configuration //进入MSTP区域配置 \[SW1-mst-region\] region-name huawei //设置区域名称为huawei \[SW1-mst-region\] instance 1 vlan 10 20 //实例1映射VLAN 10,20 \[SW1-mst-region\] instance 2 vlan 30 40 //实例2映射VLAN 30,40 \[SW1-mst-region\] active region-configuration //激活区域配置 \[SW1-mst-region\] quit //退出区域配置 //VLAN接口配置 \[SW1\]interface Vlanif10 //进入VLAN 10接口 \[SW1-Vlanif10\] ip address 192.168.10.1 255.255.255.0 //配置IP地址 \[SW1-Vlanif10\] vrrp vrid 10 virtual-ip 192.168.10.254 //配置VRRP虚拟网关 \[SW1-Vlanif10\] vrrp vrid 10 priority 120 //设置VRRP优先级为120 \[SW1-Vlanif10\] dhcp select relay //启用DHCP中继 \[SW1-Vlanif10\] dhcp relay server-ip 10.1.1.2 //指定DHCP服务器 \[SW1-Vlanif10\] quit \[SW1\]interface Vlanif20 //进入VLAN 20接口 \[SW1-Vlanif20\] ip address 192.168.20.1 255.255.255.0 \[SW1-Vlanif20\] vrrp vrid 20 virtual-ip 192.168.20.254 \[SW1-Vlanif20\] vrrp vrid 20 priority 120 \[SW1-Vlanif20\] dhcp select relay \[SW1-Vlanif20\] dhcp relay server-ip 10.1.1.2 \[SW1-Vlanif20\] quit \[SW1\]interface Vlanif30 //进入VLAN 30接口 \[SW1-Vlanif30\] ip address 192.168.30.1 255.255.255.0 \[SW1-Vlanif30\] vrrp vrid 30 virtual-ip 192.168.30.254 \[SW1-Vlanif30\] dhcp select relay \[SW1-Vlanif30\] dhcp relay server-ip 10.1.1.2 \[SW1-Vlanif30\] quit \[SW1\]interface Vlanif40 //进入VLAN 40接口 \[SW1-Vlanif40\] ip address 192.168.40.1 255.255.255.0 \[SW1-Vlanif40\] vrrp vrid 40 virtual-ip 192.168.40.254 \[SW1-Vlanif40\] dhcp select relay \[SW1-Vlanif40\] dhcp relay server-ip 10.1.1.2 \[SW1-Vlanif40\] qui //互联接口配置 \[SW1\]interface Vlanif100 //进入VLAN 100接口 \[SW1-Vlanif100\] ip address 10.1.1.1 255.255.255.252 //配置互联IP \[SW1-Vlanif100\] quit \[SW1\]interface Vlanif101 //进入VLAN 101接口 \[SW1-Vlanif101\] ip address 10.1.1.9 255.255.255.252 //配置互联IP \[SW1-Vlanif101\] quit \[SW1\]interface Vlanif200 //进入VLAN 200接口 \[SW1-Vlanif200\] ip address 192.168.200.1 255.255.255.0 //管理VLAN \[SW1-Vlanif200\] dhcp select relay \[SW1-Vlanif200\] dhcp relay server-ip 10.1.1.2 \[SW1-Vlanif200\] quit //链路聚合配置 \[SW1\]interface Eth-Trunk1 //进入Eth-Trunk1 \[SW1-Eth-Trunk1\] port link-type trunk //设置为Trunk类型 \[SW1-Eth-Trunk1\] port trunk allow-pass vlan 10 20 30 40 100 to 101 200 //允许VLAN通过 \[SW1-Eth-Trunk1\] mode lacp-static //设置LACP静态模式 \[SW1-Eth-Trunk1\] quit //物理端口配置 \[SW1\]interface GigabitEthernet0/0/1 //进入GE0/0/1 \[SW1-GigabitEthernet0/0/1\] port link-type trunk \[SW1-GigabitEthernet0/0/1\] port trunk allow-pass vlan 10 20 30 40 200 \[SW1-GigabitEthernet0/0/1\] quit \[SW1\]interface GigabitEthernet0/0/2 //进入GE0/0/2 \[SW1-GigabitEthernet0/0/2\] port link-type trunk \[SW1-GigabitEthernet0/0/2\] port trunk allow-pass vlan 10 20 30 40 200 \[SW1-GigabitEthernet0/0/2\] quit \[SW1\]interface GigabitEthernet0/0/3 //进入GE0/0/3 \[SW1-GigabitEthernet0/0/3\] port link-type trunk \[SW1-GigabitEthernet0/0/3\] port trunk allow-pass vlan 10 20 30 40 200 \[SW1-GigabitEthernet0/0/3\] quit \[SW1\]interface GigabitEthernet0/0/4 //进入GE0/0/4 \[SW1-GigabitEthernet0/0/4\] port link-type trunk \[SW1-GigabitEthernet0/0/4\] port trunk allow-pass vlan 10 20 30 40 200 \[SW1-GigabitEthernet0/0/4\] quit \[SW1\]interface GigabitEthernet0/0/5 //进入GE0/0/5 \[SW1-GigabitEthernet0/0/5\] port link-type access //设置为Access类型 \[SW1-GigabitEthernet0/0/5\] port default vlan 100 //默认VLAN 100 \[SW1-GigabitEthernet0/0/5\] quit \[SW1\]interface GigabitEthernet0/0/6 //进入GE0/0/6 \[SW1-GigabitEthernet0/0/6\] eth-trunk 1 //加入Eth-Trunk1聚合组 \[SW1-GigabitEthernet0/0/6\] quit \[SW1\]interface GigabitEthernet0/0/7 //进入GE0/0/7 \[SW1-GigabitEthernet0/0/7\] eth-trunk 1 //加入Eth-Trunk1聚合组 \[SW1-GigabitEthernet0/0/7\] quit \[SW1\]interface GigabitEthernet0/0/8 //进入GE0/0/8 \[SW1-GigabitEthernet0/0/8\] port link-type trunk \[SW1-GigabitEthernet0/0/8\] port trunk allow-pass vlan 10 20 30 40 200 \[SW1-GigabitEthernet0/0/8\] quit \[SW1\]interface GigabitEthernet0/0/9 //进入GE0/0/9 \[SW1-GigabitEthernet0/0/9\] port link-type access //设置为Access类型 \[SW1-GigabitEthernet0/0/9\] port default vlan 101 //默认VLAN 101 \[SW1-GigabitEthernet0/0/9\] quit //OSPF路由配置 \[SW1\]ospf 1 //启动OSPF进程1 \[SW1-ospf-1\] area 0.0.0.0 //进入骨干区域0 \[SW1-ospf-1-area-0.0.0.0\] network 10.1.1.0 0.0.0.3 //宣告互联网络 \[SW1-ospf-1-area-0.0.0.0\] network 10.1.1.8 0.0.0.3 //宣告互联网络 \[SW1-ospf-1-area-0.0.0.0\] area 0.0.0.1 //进入区域1 \[SW1-ospf-1-area-0.0.0.1\] network 192.168.30.0 0.0.0.255 //宣告VLAN网络 \[SW1-ospf-1-area-0.0.0.1\] network 192.168.20.0 0.0.0.255 \[SW1-ospf-1-area-0.0.0.1\] network 192.168.200.0 0.0.0.255 \[SW1-ospf-1-area-0.0.0.1\] network 192.168.10.0 0.0.0.255 \[SW1-ospf-1-area-0.0.0.1\] network 192.168.40.0 0.0.0.255

核心交换机SW2配置步骤

<SW2>system-view

SW2\]sysname SW2 //设置设备名称为SW2 \[SW2\]vlan batch 10 20 30 40 50 100 to 101 //批量创建VLAN \[SW2\]stp instance 1 root secondary //设置为实例1的备份根桥 \[SW2\]stp instance 2 root primary //设置为实例2的主根桥 \[SW2\]dhcp enable //启用DHCP服务 \[SW2\]stp region-configuration //进入MSTP区域配置 \[SW2-mst-region\] region-name huawei //设置区域名称为huawei \[SW2-mst-region\] instance 1 vlan 10 20 //实例1映射VLAN 10,20 \[SW2-mst-region\] instance 2 vlan 30 40 //实例2映射VLAN 30,40 \[SW2-mst-region\] active region-configuration //激活区域配置 \[SW2-mst-region\] quit //退出区域配置 //VLAN接口配置 \[SW2\]interface Vlanif10 //进入VLAN 10接口 \[SW2-Vlanif10\] ip address 192.168.10.2 255.255.254.0 //配置IP地址(/23掩码) \[SW2-Vlanif10\] vrrp vrid 10 virtual-ip 192.168.10.254 //配置VRRP虚拟网关 \[SW2-Vlanif10\] dhcp select relay //启用DHCP中继 \[SW2-Vlanif10\] dhcp relay server-ip 10.1.1.6 //指定DHCP服务器 \[SW2-Vlanif10\] quit \[SW2\]interface Vlanif20 //进入VLAN 20接口 \[SW2-Vlanif20\] ip address 192.168.20.2 255.255.255.0 \[SW2-Vlanif20\] vrrp vrid 20 virtual-ip 192.168.20.254 \[SW2-Vlanif20\] dhcp select relay \[SW2-Vlanif20\] dhcp relay server-ip 10.1.10.9 //主DHCP服务器 \[SW2-Vlanif20\] dhcp relay server-ip 10.1.1.6 //备用DHCP服务器 \[SW2-Vlanif20\] quit \[SW2\]interface Vlanif30 //进入VLAN 30接口 \[SW2-Vlanif30\] ip address 192.168.30.2 255.255.255.0 \[SW2-Vlanif30\] vrrp vrid 30 virtual-ip 192.168.30.254 \[SW2-Vlanif30\] vrrp vrid 30 priority 120 //设置VRRP优先级为120 \[SW2-Vlanif30\] dhcp select relay \[SW2-Vlanif30\] dhcp relay server-ip 10.1.1.6 \[SW2-Vlanif30\] quit \[SW2\]interface Vlanif40 //进入VLAN 40接口 \[SW2-Vlanif40\] ip address 192.168.40.2 255.255.254.0 //配置IP地址(/23掩码) \[SW2-Vlanif40\] vrrp vrid 40 virtual-ip 192.168.40.254 \[SW2-Vlanif40\] vrrp vrid 40 priority 120 //设置VRRP优先级为120 \[SW2-Vlanif40\] dhcp select relay \[SW2-Vlanif40\] dhcp relay server-ip 10.1.1.6 \[SW2-Vlanif40\] quit //互联接口配置 \[SW2\]interface Vlanif100 //进入VLAN 100接口 \[SW2-Vlanif100\] ip address 10.1.1.5 255.255.255.252 //配置互联IP \[SW2-Vlanif100\] quit \[SW2\]interface Vlanif101 //进入VLAN 101接口 \[SW2-Vlanif101\] ip address 10.1.1.14 255.255.255.252 //配置互联IP \[SW2-Vlanif101\] quit //链路聚合配置 \[SW2\]interface Eth-Trunk1 //进入Eth-Trunk1 \[SW2-Eth-Trunk1\] port link-type trunk //设置为Trunk类型 \[SW2-Eth-Trunk1\] port trunk allow-pass vlan 10 20 30 40 50 102 107 //允许VLAN通过 \[SW2-Eth-Trunk1\] mode lacp-static //设置LACP静态模式 \[SW2-Eth-Trunk1\] quit //物理端口配置 \[SW2\]interface GigabitEthernet0/0/1 //进入GE0/0/1 \[SW2-GigabitEthernet0/0/1\] port link-type trunk \[SW2-GigabitEthernet0/0/1\] port trunk allow-pass vlan 10 20 30 40 200 \[SW2-GigabitEthernet0/0/1\] quit \[SW2\]interface GigabitEthernet0/0/2 //进入GE0/0/2 \[SW2-GigabitEthernet0/0/2\] port link-type trunk \[SW2-GigabitEthernet0/0/2\] port trunk allow-pass vlan 10 20 30 40 200 \[SW2-GigabitEthernet0/0/2\] quit \[SW2\]interface GigabitEthernet0/0/3 //进入GE0/0/3 \[SW2-GigabitEthernet0/0/3\] port link-type trunk \[SW2-GigabitEthernet0/0/3\] port trunk allow-pass vlan 10 20 30 40 200 \[SW2-GigabitEthernet0/0/3\] quit \[SW2\]interface GigabitEthernet0/0/4 //进入GE0/0/4 \[SW2-GigabitEthernet0/0/4\] port link-type trunk \[SW2-GigabitEthernet0/0/4\] port trunk allow-pass vlan 10 20 30 40 200 \[SW2-GigabitEthernet0/0/4\] quit \[SW2\]interface GigabitEthernet0/0/5 //进入GE0/0/5 \[SW2-GigabitEthernet0/0/5\] port link-type access //设置为Access类型 \[SW2-GigabitEthernet0/0/5\] port default vlan 100 //默认VLAN 100 \[SW2-GigabitEthernet0/0/5\] quit \[SW2\]interface GigabitEthernet0/0/6 //进入GE0/0/6 \[SW2-GigabitEthernet0/0/6\] eth-trunk 1 //加入Eth-Trunk1聚合组 \[SW2-GigabitEthernet0/0/6\] quit \[SW2\]interface GigabitEthernet0/0/7 //进入GE0/0/7 \[SW2-GigabitEthernet0/0/7\] eth-trunk 1 //加入Eth-Trunk1聚合组 \[SW2-GigabitEthernet0/0/7\] quit \[SW2\]interface GigabitEthernet0/0/8 //进入GE0/0/8 \[SW2-GigabitEthernet0/0/8\] quit //端口未配置 \[SW2\]interface GigabitEthernet0/0/9 //进入GE0/0/9 \[SW2-GigabitEthernet0/0/9\] port link-type access //设置为Access类型 \[SW2-GigabitEthernet0/0/9\] port default vlan 101 //默认VLAN 101 \[SW2-GigabitEthernet0/0/9\] quit //OSPF路由配置 \[SW2\]ospf 1 //启动OSPF进程1 \[SW2-ospf-1\] area 0.0.0.0 //进入骨干区域0 \[SW2-ospf-1-area-0.0.0.0\] network 10.1.1.12 0.0.0.3 //宣告互联网络 \[SW2-ospf-1-area-0.0.0.0\] network 10.1.1.4 0.0.0.3 //宣告互联网络 \[SW2-ospf-1-area-0.0.0.0\] area 0.0.0.1 //进入区域1 \[SW2-ospf-1-area-0.0.0.1\] network 192.168.30.0 0.0.0.255 //宣告VLAN网络 \[SW2-ospf-1-area-0.0.0.1\] network 192.168.20.0 0.0.0.255 \[SW2-ospf-1-area-0.0.0.1\] network 192.168.10.0 0.0.0.255 \[SW2-ospf-1-area-0.0.0.1\] network 192.168.40.0 0.0.0.255

防火墙FW1配置步骤

<Fw1>system-view

Fw1\]sysname Fw1 //设置设备名称为Fw1 \[Fw1\]interface GigabitEthernet0/0/0 //进入GE0/0/0接口 \[Fw1-GigabitEthernet0/0/0\] undo shutdown //启用接口 \[Fw1-GigabitEthernet0/0/0\] ip address 10.1.1.10 255.255.255.252 //配置IP地址 \[Fw1-GigabitEthernet0/0/0\] service-manage ping permit //允许ping管理 \[Fw1-GigabitEthernet0/0/0\] quit \[Fw1\]interface GigabitEthernet1/0/0 //进入GE1/0/0接口 \[Fw1-GigabitEthernet1/0/0\] undo shutdown //启用接口 \[Fw1-GigabitEthernet1/0/0\] ip address 10.1.1.13 255.255.255.252 //配置IP地址 \[Fw1-GigabitEthernet1/0/0\] service-manage ping permit //允许ping管理 \[Fw1-GigabitEthernet1/0/0\] quit \[Fw1\]interface GigabitEthernet1/0/1 //进入GE1/0/1接口 \[Fw1-GigabitEthernet1/0/1\] undo shutdown //启用接口 \[Fw1-GigabitEthernet1/0/1\] ip address 100.1.1.1 255.255.255.252 //配置公网IP地址 \[Fw1-GigabitEthernet1/0/1\] service-manage ping permit //允许ping管理 \[Fw1-GigabitEthernet1/0/1\] quit //安全区域配置 \[Fw1\]firewall zone trust //进入信任区域 \[Fw1-zone-trust\] set priority 85 //设置优先级为85 \[Fw1-zone-trust\] add interface GigabitEthernet0/0/0 //添加GE0/0/0接口到信任区域 \[Fw1-zone-trust\] add interface GigabitEthernet1/0/0 //添加GE1/0/0接口到信任区域 \[Fw1-zone-trust\] quit \[Fw1\]firewall zone untrust //进入非信任区域 \[Fw1-zone-untrust\] set priority 5 //设置优先级为5 \[Fw1-zone-untrust\] add interface GigabitEthernet1/0/1 //添加GE1/0/1接口到非信任区域 \[Fw1-zone-untrust\] quit \[Fw1\]firewall zone dmz //进入DMZ区域 \[Fw1-zone-dmz\] set priority 50 //设置优先级为50 \[Fw1-zone-dmz\] quit //OSPF路由配置 \[Fw1\]ospf 1 //启动OSPF进程1 \[Fw1-ospf-1\] default-route-advertise //向OSPF区域通告默认路由 \[Fw1-ospf-1\] area 0.0.0.0 //进入骨干区域0 \[Fw1-ospf-1-area-0.0.0.0\] network 10.1.1.8 0.0.0.3 //宣告互联网络 \[Fw1-ospf-1-area-0.0.0.0\] network 10.1.1.12 0.0.0.3 //宣告互联网络 \[Fw1-ospf-1-area-0.0.0.0\] quit \[Fw1-ospf-1\] quit \[Fw1\]ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 //配置默认路由指向互联网 //安全策略配置 \[Fw1\]security-policy //进入安全策略视图 \[Fw1-policy-security\] rule name qwe //创建名为qwe的安全规则 \[Fw1-policy-security-rule-qwe\] source-zone trust //设置源安全区域为trust \[Fw1-policy-security-rule-qwe\] destination-zone untrust //设置目的安全区域为untrust \[Fw1-policy-security-rule-qwe\] action permit //设置动作为允许 \[Fw1-policy-security-rule-qwe\] quit \[Fw1-policy-security\] quit //NAT策略配置 \[Fw1\]nat-policy //进入NAT策略视图 \[Fw1-policy-nat\] rule name nat //创建名为nat的NAT规则 \[Fw1-policy-nat-rule-nat\] source-zone trust //设置源区域为trust \[Fw1-policy-nat-rule-nat\] destination-zone untrust //设置目的区域为untrust \[Fw1-policy-nat-rule-nat\] source-address 192.168.10.0 mask 255.255.255.0 //设置源地址 \[Fw1-policy-nat-rule-nat\] source-address 192.168.20.0 mask 255.255.255.0 //设置源地址 \[Fw1-policy-nat-rule-nat\] source-address 192.168.30.0 mask 255.255.255.0 //设置源地址 \[Fw1-policy-nat-rule-nat\] source-address 192.168.40.0 mask 255.255.255.0 //设置源地址 \[Fw1-policy-nat-rule-nat\] action source-nat easy-ip //配置源NAT使用Easy IP方式

路由器AR1配置步骤

<R1>system-view

R1\]sysname R1 //设置设备名称为R1 \[R1\]vlan batch 10 100 //批量创建VLAN 10,100 \[R1\]dhcp enable //启用DHCP服务 //DHCP地址池配置 \[R1\]ip pool vlan10 //创建VLAN10的DHCP地址池 \[R1-ip-pool-vlan10\] gateway-list 192.168.10.254 //设置网关为VRRP虚拟IP \[R1-ip-pool-vlan10\] network 192.168.10.0 mask 255.255.255.0 //设置地址池网段 \[R1-ip-pool-vlan10\] dns-list 192.168.50.2 //设置DNS服务器 \[R1-ip-pool-vlan10\] quit \[R1\]ip pool vlan20 //创建VLAN20的DHCP地址池 \[R1-ip-pool-vlan20\] gateway-list 192.168.20.254 //设置网关为VRRP虚拟IP \[R1-ip-pool-vlan20\] network 192.168.20.0 mask 255.255.255.0 //设置地址池网段 \[R1-ip-pool-vlan20\] dns-list 192.168.50.2 //设置DNS服务器 \[R1-ip-pool-vlan20\] quit \[R1\]ip pool vlan30 //创建VLAN30的DHCP地址池 \[R1-ip-pool-vlan30\] gateway-list 192.168.30.254 //设置网关为VRRP虚拟IP \[R1-ip-pool-vlan30\] network 192.168.30.0 mask 255.255.255.0 //设置地址池网段 \[R1-ip-pool-vlan30\] dns-list 192.168.50.2 //设置DNS服务器 \[R1-ip-pool-vlan30\] quit \[R1\]ip pool vlan40 //创建VLAN40的DHCP地址池 \[R1-ip-pool-vlan40\] gateway-list 192.168.40.254 //设置网关为VRRP虚拟IP \[R1-ip-pool-vlan40\] network 192.168.40.0 mask 255.255.255.0 //设置地址池网段 \[R1-ip-pool-vlan40\] dns-list 192.168.50.2 //设置DNS服务器 \[R1-ip-pool-vlan40\] quit \[R1\]ip pool vlan200 //创建VLAN200的DHCP地址池 \[R1-ip-pool-vlan200\] gateway-list 192.168.200.1 //设置网关为接口IP \[R1-ip-pool-vlan200\] network 192.168.200.0 mask 255.255.255.0 //设置地址池网段 \[R1-ip-pool-vlan200\] option 43 sub-option 3 ascii 192.168.200.100 //设置DHCP选项43,用于AP发现AC \[R1-ip-pool-vlan200\] quit //接口配置 \[R1\]interface GigabitEthernet0/0/0 //进入GE0/0/0接口 \[R1-GigabitEthernet0/0/0\] ip address 10.1.1.2 255.255.255.252 //配置互联IP地址 \[R1-GigabitEthernet0/0/0\] dhcp select global //在该接口启用DHCP全局地址池 \[R1-GigabitEthernet0/0/0\] quit \[R1\]interface GigabitEthernet0/0/1 //进入GE0/0/1接口 \[R1-GigabitEthernet0/0/1\] ip address 10.1.1.6 255.255.255.252 //配置互联IP地址 \[R1-GigabitEthernet0/0/1\] dhcp select global //在该接口启用DHCP全局地址池 \[R1-GigabitEthernet0/0/1\] quit //OSPF路由配置 \[R1\]ospf 1 //启动OSPF进程1 \[R1-ospf-1\] area 0.0.0.0 //进入骨干区域0 \[R1-ospf-1-area-0.0.0.0\] network 10.1.1.0 0.0.0.3 //宣告互联网络10.1.1.0/30 \[R1-ospf-1-area-0.0.0.0\] network 10.1.1.4 0.0.0.3 //宣告互联网络10.1.1.4/30

无线AC1配置步骤

<AC1>system-view

AC1\]sysname AC1 //设置设备名称为AC1 \[AC1\]vlan batch 10 20 30 40 200 //批量创建VLAN 10,20,30,40,200 \[AC1\]interface Vlanif200 //进入VLAN 200虚拟接口 \[AC1-Vlanif200\] ip address 192.168.200.100 255.255.255.0 //配置管理IP地址 \[AC1-Vlanif200\] quit \[AC1\]interface GigabitEthernet0/0/1 //进入GE0/0/1接口 \[AC1-GigabitEthernet0/0/1\] port link-type trunk //设置端口类型为Trunk \[AC1-GigabitEthernet0/0/1\] port trunk allow-pass vlan 10 20 30 40 200 //允许VLAN通过 \[AC1-GigabitEthernet0/0/1\] quit \[AC1\]capwap source interface vlanif200 //设置CAPWAP源接口为Vlanif200 //WLAN无线配置 \[AC1\]wlan //进入WLAN配置模式 \[AC1-wlan-view\] security-profile name sec-wpa2 //创建安全配置文件sec-wpa2 \[AC1-wlan-sec-prof-sec-wpa2\] security wpa-wpa2 psk pass-phrase 12345678 aes //配置WPA2-PSK加密 \[AC1-wlan-sec-prof-sec-wpa2\] quit \[AC1-wlan-view\] ssid-profile name ssid //创建SSID配置文件ssid \[AC1-wlan-ssid-prof-ssid\] ssid HHHH //设置SSID名称为HHHH \[AC1-wlan-ssid-prof-ssid\] quit //VAP配置文件配置 \[AC1-wlan-view\] vap-profile name vap-ap1 //创建AP1的VAP配置文件 \[AC1-wlan-vap-prof-vap-ap1\] forward-mode tunnel //设置转发模式为隧道模式 \[AC1-wlan-vap-prof-vap-ap1\] service-vlan vlan-id 10 //设置业务VLAN为10 \[AC1-wlan-vap-prof-vap-ap1\] ssid-profile ssid //绑定SSID配置文件 \[AC1-wlan-vap-prof-vap-ap1\] security-profile sec-wpa2 //绑定安全配置文件 \[AC1-wlan-vap-prof-vap-ap1\] quit \[AC1-wlan-view\] vap-profile name vap-ap2 //创建AP2的VAP配置文件 \[AC1-wlan-vap-prof-vap-ap2\] forward-mode tunnel //设置转发模式为隧道模式 \[AC1-wlan-vap-prof-vap-ap2\] service-vlan vlan-id 20 //设置业务VLAN为20 \[AC1-wlan-vap-prof-vap-ap2\] ssid-profile ssid //绑定SSID配置文件 \[AC1-wlan-vap-prof-vap-ap2\] security-profile sec-wpa2 //绑定安全配置文件 \[AC1-wlan-vap-prof-vap-ap2\] quit \[AC1-wlan-view\] vap-profile name vap-ap3 //创建AP3的VAP配置文件 \[AC1-wlan-vap-prof-vap-ap3\] forward-mode tunnel //设置转发模式为隧道模式 \[AC1-wlan-vap-prof-vap-ap3\] service-vlan vlan-id 30 //设置业务VLAN为30 \[AC1-wlan-vap-prof-vap-ap3\] ssid-profile ssid //绑定SSID配置文件 \[AC1-wlan-vap-prof-vap-ap3\] security-profile sec-wpa2 //绑定安全配置文件 \[AC1-wlan-vap-prof-vap-ap3\] quit \[AC1-wlan-view\] vap-profile name vap-ap4 //创建AP4的VAP配置文件 \[AC1-wlan-vap-prof-vap-ap4\] forward-mode tunnel //设置转发模式为隧道模式 \[AC1-wlan-vap-prof-vap-ap4\] service-vlan vlan-id 40 //设置业务VLAN为40 \[AC1-wlan-vap-prof-vap-ap4\] ssid-profile ssid //绑定SSID配置文件 \[AC1-wlan-vap-prof-vap-ap4\] security-profile sec-wpa2 //绑定安全配置文件 \[AC1-wlan-vap-prof-vap-ap4\] quit //AP组配置 \[AC1-wlan-view\] ap-group name ap1-group //创建AP组ap1-group \[AC1-wlan-ap-group-ap1-group\] radio 0 //进入radio 0配置 \[AC1-wlan-ap-group-ap1-group-radio-0\] vap-profile vap-ap1 wlan 1 //绑定VAP配置文件到WLAN 1 \[AC1-wlan-ap-group-ap1-group-radio-0\] quit \[AC1-wlan-ap-group-ap1-group\] quit \[AC1-wlan-view\] ap-group name ap2-group //创建AP组ap2-group \[AC1-wlan-ap-group-ap2-group\] radio 0 //进入radio 0配置 \[AC1-wlan-ap-group-ap2-group-radio-0\] vap-profile vap-ap2 wlan 1 //绑定VAP配置文件 \[AC1-wlan-ap-group-ap2-group-radio-0\] quit \[AC1-wlan-ap-group-ap2-group\] quit \[AC1-wlan-view\] ap-group name ap3-group //创建AP组ap3-group \[AC1-wlan-ap-group-ap3-group\] radio 0 //进入radio 0配置 \[AC1-wlan-ap-group-ap3-group-radio-0\] vap-profile vap-ap3 wlan 1 //绑定VAP配置文件 \[AC1-wlan-ap-group-ap3-group-radio-0\] quit \[AC1-wlan-ap-group-ap3-group\] quit \[AC1-wlan-view\] ap-group name ap4-group //创建AP组ap4-group \[AC1-wlan-ap-group-ap4-group\] radio 0 //进入radio 0配置 \[AC1-wlan-ap-group-ap4-group-radio-0\] vap-profile vap-ap4 wlan 1 //绑定VAP配置文件 \[AC1-wlan-ap-group-ap4-group-radio-0\] quit \[AC1-wlan-ap-group-ap4-group\] quit //AP设备注册配置 \[AC1-wlan-view\] ap-id 1 ap-mac 00e0-fc85-5520 //配置AP 1,指定MAC地址 \[AC1-wlan-ap-1\] ap-group ap1-group //将AP加入ap1-group组 \[AC1-wlan-ap-1\] quit \[AC1-wlan-view\] ap-id 2 ap-mac 00e0-fccb-47c0 //配置AP 2,指定MAC地址 \[AC1-wlan-ap-2\] ap-group ap2-group //将AP加入ap2-group组 \[AC1-wlan-ap-2\] quit \[AC1-wlan-view\] ap-id 3 ap-mac 00e0-fc5c-7690 //配置AP 3,指定MAC地址 \[AC1-wlan-ap-3\] ap-group ap3-group //将AP加入ap3-group组 \[AC1-wlan-ap-3\] quit \[AC1-wlan-view\] ap-id 4 ap-mac 00e0-fcf2-4270 //配置AP 4,指定MAC地址 \[AC1-wlan-ap-4\] ap-group ap4-group //将AP加入ap4-group组

相关推荐
皮蛋皮0073 小时前
如何在VMware Workstation Pro安装eNSP Pro?
网络
晚风(●•σ )4 小时前
【华为 ICT & HCIA & eNSP 习题汇总】——题目集26
网络·计算机网络·华为
甲虫机4 小时前
超详细教程--电脑同时使用内网和外网上网
运维·服务器·网络
万粉变现经纪人4 小时前
Python系列Bug修复PyCharm控制台pip install报错:如何解决 pip install 网络报错 企业网关拦截 User-Agent 问题
网络·python·pycharm·beautifulsoup·bug·pandas·pip
4 小时前
鸿蒙——布局——线性布局
华为·harmonyos
羑悻的小杀马特4 小时前
【Linux篇章】再续传输层协议TCP:用技术隐喻重构网络世界的底层逻辑,用算法演绎‘网络因果律’的终极推演(通俗理解TCP协议,这一篇就够了)!
linux·网络·后端·tcp/ip·tcp协议
博语小屋4 小时前
Socket 编程TCP:多线程远程命令执行
linux·网络·c++·网络协议·tcp/ip
汽车通信软件大头兵4 小时前
信息安全--安全XCP方案
网络·安全·汽车·uds
老猿讲编程4 小时前
【车载信息安全系列2】车载控制器中基于HSE的多密钥安全存储和使用
网络·安全
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04BongoCat - 跨平台键盘猫动画工具05在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)06安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)07jdk21下载、安装(Windows、Linux、macOS)08sqli-labs靶场通关笔记:第18-19关 HTTP头部注入09Open-AutoGLM Windows 安装部署教程10RedissonClient的配置解析