【华为】AC直连二层组网隧道转发实验配置
- 实验需求
- 拓扑
- 配置
- AC数据规划表
- AC的配置顺序
- AC1
- 基本配置(二层通信)
- AP上线
- VAP组关联--WLAN业务流量
- LSW1
- AR1
- STA获取AP的业务流量
- 配置文档
实验需求
AC组网方式:直连二层组网。
业务数据转发方式:隧道转发。
DHCP部署方式:AC作为DHCP服务器为AP和STA分配IP地址。
AP管理:VLAN 100,网段为192.168.100.0/24。
网关为AC上的VLANIF100接口IP。
无线业务:VLAN 110,SSID为baixi,密码为baixi123,网段为192.168.110.0/24。
网关为AC上的VLANIF110接口IP。
AC与AP建立管理隧道的源接口:AC上的VLANIF100。
AC与出口网关三层互联的接口:VLANIF10,网段为192.168.10.0/24。
拓扑
配置
AC数据规划表
AC的配置顺序
① AP上线
- 实现二层通信
- 为业务VLAN 110 配置DHCP
- 创建管理域“domain”
- 创建AP组“ap1”,并引用管理域“domain”
- 配置与AP建立CAPWAP隧道的源接口
- 配置AP认证模式
② 业务流量上线
- 创建安全模板“test”
- 创建SSID模板“test_ssid”
- 创建VAP模板“test_vap”,关联安全模板“test”和SSID模板“test_ssid”
- 进入AP组,引用VAP模板“test_vap”
AC1
基本配置(二层通信)
<AC6005>system-view
Enter system view, return user view with Ctrl+Z.
[AC6005]sysname AC1
[AC1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC1]vlan batch 10 100 110
Info: This operation may take a few seconds. Please wait for a moment...done.
## 在接口vlanif100,配置接口DHCP,为AP分配IP
[AC1]int vlan 100
[AC1-Vlanif100]ip address 192.168.100.254 24
[AC1-Vlanif100]dhcp select interface ## 启用接口地址池方式的DHCP,网关为vlanif100的接口地址
[AC1-Vlanif100]dhcp server dns-list 8.8.8.8 ## 下发的dns
[AC1-Vlanif100]qu
## 在接口vlanif110,配置接口DHCP,为STA分配IP
[AC1]int vlan 110
[AC1-Vlanif110]ip address 192.168.110.254 24
[AC1-Vlanif110]dhcp select interface
[AC1-Vlanif110]dhcp server dns-list 8.8.8.8
[AC1-Vlanif110]qu
[AC1]int g0/0/2
[AC1-GigabitEthernet0/0/2]port link-type trunk
[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/2]quit
## 配置接口为access,与路由器进行三层通信
[AC1]interface GigabitEthernet0/0/1
[AC1-GigabitEthernet0/0/1]port link-type access
[AC1-GigabitEthernet0/0/1]port default vlan 10
[AC1-GigabitEthernet0/0/1]qu
## 配置SVI接口
[AC1]int vlan10
[AC1-Vlanif10]ip address 192.168.10.1 255.255.255.0
[AC1-Vlanif10]quit
AP上线
## 创建域管理模版
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain ## 创建管理域名为domain
[AC1-wlan-regulate-domain-domain]country-code CN ## 设置国家码为中国(CN)
Info: The current country code is same with the input country code. ## 华为AC默认国家码为中国CN
[AC1-wlan-regulate-domain-domain]quit
## 创建AP组关联模板
[AC1-wlan-view]ap-group name ap1 ## 创建AP组名为AP1
Info: This operation may take a few seconds. Please wait for a moment.done. ##创建成功
[AC1-wlan-ap-group-ap1]regulatory-domain-profile domain ## 绑定管理域 domain
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y ## 是否重启AP yes
[AC1-wlan-ap-group-ap1]quit
## 指定与AP建立CAPWAP隧道的源接口
[AC1]capwap source interface vlan 100
## AP上线
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth ## 设置AP认证模式为mac认证
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc9e-6090 ## 设置AP编号为1,mac地址为00e0-fc9e-6090
[AC1-wlan-ap-1]ap-name ap1 ## 设置ap名字为ap1
[AC1-wlan-ap-1]ap-group ap1 ## 关联ap组 ap1
查看AP的MAC地址
<Huawei>display int g0/0/0
GigabitEthernet0/0/0 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, AP Series, GigabitEthernet0/0/0 Interface
Switch Port, PVID : 1, TPID : 8100(Hex), The Maximum Frame Length is 1800
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcd6-1c90
VAP组关联–WLAN业务流量
## 安全模板
[AC1]wlan
[AC1-wlan-view]security-profile name test ## 创建名为“test”的安全模板
[AC1-wlan-sec-prof-test]security wpa-wpa2 psk pass-phrase baixi123 aes ## 设置无线密码,方式为psk认证,密码baixi123,用aes加密
[AC1-wlan-sec-prof-test]quit
## SSID模板
[AC1-wlan-view]ssid name test_ssid ## 创建创SSID模板,名为“test_ssid”
[AC1-wlan-ssid-prof-test_ssid]ssid baixi ## 设置SSID名为“baixi”
Info: This operation may take a few seconds, please wait.done. ## 提示而已,正常
[AC1-wlan-ssid-prof-test_ssid]quit
## 创建VAP模板“test_vap”
[AC1-wlan-view]vap name test_vap ## 创建VAP模板,名为“test_vap”
[AC1-wlan-vap-prof-test_vap]security-profile test ## 关联安全模版“test”
Info: This operation may take a few seconds, please wait.done. ## 提示
[AC1-wlan-vap-prof-test_vap]ssid-profile test_ssid ## 关联SSID模板“test_ssid”
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-test_vap]forward-mode tunnel ## 指定数据转发方式为隧道转发
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-test_vap]service-vlan vlan-id 110 ## 指定VAP的业务流量
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-test_vap]quit
##配置VAP(引用VAP模板)
[AC1-wlan-view]ap-group name ap1 ##进入 ap组“ap1”
[AC1-wlan-ap-group-ap1]vap-profile test_vap wlan 1 radio all ## 关联vap模板“test_vap”,wlan编号为1,射频为all(0,1,2)
Info: This operation may take a few seconds, please wait...done.
LSW1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn LSW1
[LSW1]vlan batch 100 110
Info: This operation may take a few seconds. Please wait for a moment...done.
[LSW1]undo info-center enable
Info: Information center is disabled.
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
[LSW1-GigabitEthernet0/0/1]quit
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 110 ## 放行管理vlan和业务vlan流量
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100 ## 指定接口的缺省VLAN为AP的管理VLAN
[LSW1-GigabitEthernet0/0/2]quit
AR1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.10.2 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]ip route-static 192.168.110.0 255.255.255.0 192.168.10.1 ## 指向AC
STA获取AP的业务流量
输入密码
STA>ipconfig --查看STA获取到的IP
流量能够成功达到AC
配置文档
AP1
#
sysname AC1
#
dhcp enable
#
vlan batch 10 100 110
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Vlanif110
ip address 192.168.110.254 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
#
wlan
regulatory-domain-profile name domain
country-code CN
quit
ap-group name ap1
regulatory-domain-profile domain
yes
quit
quit
capwap source interface vlanif100
wlan
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fc9e-6090
ap-name ap1
ap-group ap1
yes
quit
security-profile name test
security wpa-wpa2 psk pass-phrase baixi123 aes
quit
ssid-profile name test_ssid
ssid baixi
quit
vap-profile name test_vap
forward-mode tunnel
service-vlan vlan-id 110
ssid-profile test_ssid
security-profile test
quit
ap-group name ap1
vap-profile test_vap wlan 1 radio all
LSW1
sysn LSW1
#
undo info-center enable
#
vlan batch 100 110
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan all
![[答疑]系统需求并不会修改领域事实(警惕伪创新)](https://img-blog.csdnimg.cn/img_convert/d54b51fed70e80def2ae27dd8d3acb9c.png)
