碼上快樂

相關內容    簡體    繁體

中大型企業有線無線用戶統一接入(實施筆記)

本文轉載自   查看原文   2021-02-02 09:08   833    NetWork WLAN/ NetWork 實例

組網圖形

    

有線無線用戶統一接入簡介

  • 在實際的使用場景中,有線網絡和無線網絡環境通常是共同存在的。例如在辦公區內PC電腦、打印機等設備通常通過有線方式接入網絡,而筆記本、手機終端等移動設備通常是通過無線方式接入網絡。通過部署有線無線用戶統一接入的網絡環境,可以同時為有線用戶和無線用戶提供網絡接入的服務,實現對有線用戶和無線用戶的統一管理。

配置注意事項

  • 本舉例使用Portal認證,為保證實際網絡的安全性,請根據實際的需求配置合適的安全策略。
  • 隧道轉發模式下,管理VLAN和業務VLAN不能配置為同一VLAN。直接轉發模式下,管理VLAN和業務VLAN建議也不要配置為同一VLAN。
  • 數據轉發方式為直接轉發時,建議在直接連接AP的設備接口上配置端口隔離,如果不配置端口隔離,可能會在VLAN內存在不必要的廣播報文,或者導致不同AP間的WLAN用戶二層互通的問題。

  配置管理VLAN和業務VLAN:

  • 隧道轉發模式下,業務報文會封裝在CAPWAP數據隧道中進行傳輸,發送給AC,然后由AC再轉發到上層網絡或AP,所以只要配置AC與AP間的網絡加入管理VLAN,AC與上層網絡間的網絡加入業務VLAN,就能正常傳輸業務報文和管理報文。
  • 直接轉發模式下,業務報文不會進行CAPWAP封裝,而是直接轉發給上層網絡或AP,所以需要配置AC與AP間的網絡加入管理VLAN,AP與上層網絡間的網絡加入業務VLAN,才能正常傳輸業務報文和管理報文。

組網需求

  • 企業由於業務要求,需要在其企業大樓內同時部署有線和無線網絡。為方便管理維護,管理員希望能夠在AC上集中管理有線用戶和無線用戶,有線用戶采取免認證方式,無線用戶采用Portal認證方式,並且無線用戶能夠在AC內漫游。
  • 如圖所示,AC上行連接出口網關Router;下行通過接入交換機S5700-1和S5700-2連接和管理AP,其中,S5700-1部署在一樓,S5700-2部署在二樓。在每個房間內部署AP2010DN為房間內用戶同時提供有線接入和無線接入,在樓道中部署AP5030DN提供無線網絡覆蓋。S5700-1和S5700-2均為PoE交換機,為連接的AP供電;為使整體網絡規划簡潔,便於管理,接入交換機只做二層透傳,所有網關配置在AC上;AC作為DHCP服務器為AP、STA和PC分配IP地址。

配置思路

  • 1.配置各網絡設備,使AP、接入交換機S5700-1、S5700-2、AC和上層網絡設備之間實現網絡互通。
  • 2.配置AC作為DHCP服務器,為AP、有線用戶和無線用戶分配IP地址。
  • 3.配置RADIUS服務器認證、計費和授權模板和Portal認證。
  • 4.配置WLAN基本業務,包括AC系統參數、AC上管理AP和WLAN業務參數。
  • 5.配置VAP並下發配置。
  • 6.驗證配置結果,有線用戶和無線用戶都能夠接入Internet。

操作步驟

  • 1.配置各網絡設備互通

  # 配置交換機S5700-1和S5700-2的接口GE0/0/1~GE0/0/4都加入VLAN100(管理VLAN),S5700-1的接口GE0/0/1~GE0/0/4加入VLAN201(有線業務報文所屬VLAN),S5700-2的接口GE0/0/1~GE0/0/4加入VLAN202(有線業務報文所屬VLAN),其中直連AP的接口需要配置PVID,並建議直連AP的接口配置端口隔離以減少廣播報文。以配置S5700-1為例,S5700-2的配置與S5700-1類似,不再贅述。

[HUAWEI] sysname S5700-1
[S5700-1] vlan batch 100 201
[S5700-1] interface gigabitethernet 0/0/1
[S5700-1-GigabitEthernet0/0/1] port link-type trunk
[S5700-1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 201
[S5700-1-GigabitEthernet0/0/1] quit
[S5700-1] interface gigabitethernet 0/0/2
[S5700-1-GigabitEthernet0/0/2] port link-type trunk
[S5700-1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 201
[S5700-1-GigabitEthernet0/0/2] port trunk pvid vlan 100   //直連AP的接口需要配置PVID
[S5700-1-GigabitEthernet0/0/2] port-isolate enable   //配置端口隔離以減少廣播報文
[S5700-1-GigabitEthernet0/0/2] quit
[S5700-1] interface gigabitethernet 0/0/3
[S5700-1-GigabitEthernet0/0/3] port link-type trunk
[S5700-1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 201
[S5700-1-GigabitEthernet0/0/3] port trunk pvid vlan 100
[S5700-1-GigabitEthernet0/0/3] port-isolate enable
[S5700-1-GigabitEthernet0/0/3] quit
[S5700-1] interface gigabitethernet 0/0/4
[S5700-1-GigabitEthernet0/0/4] port link-type trunk
[S5700-1-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 201
[S5700-1-GigabitEthernet0/0/4] port trunk pvid vlan 100
[S5700-1-GigabitEthernet0/0/4] port-isolate enable
[S5700-1-GigabitEthernet0/0/4] quit

   # 配置AC連接接入交換機S5700-1的接口GE1/0/1加入VLAN100和VLAN201,連接接入交換機S5700-2的接口GE1/0/2加入VLAN100和VLAN202,連接上層網絡的接口GE1/0/4加入VLAN300,連接Agile Controller的接口GE1/0/3加入VLAN200。

[HUAWEI] sysname AC
[AC] vlan batch 100 200 201 202 300
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 201
[AC-GigabitEthernet1/0/1] quit
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] port link-type trunk
[AC-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 202
[AC-GigabitEthernet1/0/2] quit
[AC] interface gigabitethernet 1/0/3
[AC-GigabitEthernet1/0/3] port link-type trunk
[AC-GigabitEthernet1/0/3] port trunk allow-pass vlan 200
[AC-GigabitEthernet1/0/3] quit
[AC] interface gigabitethernet 1/0/4
[AC-GigabitEthernet1/0/4] port link-type trunk
[AC-GigabitEthernet1/0/4] port trunk allow-pass vlan 300
[AC-GigabitEthernet1/0/4] quit

   # 配置VLANIF200,用於AC和Agile Controller通信。

[AC] interface vlanif200
[AC-Vlanif200] ip address 10.23.200.2 24  //配置IP地址用於AC和Agile Controller通信
[AC-Vlanif200] quit
  •  2.配置AC為DHCP Server,分別為PC、AP、STA分配IP地址

  # 配置AC通過接口地址池為PC、AP、STA分配IP地址。

[AC] dhcp enable
[AC] vlan batch 101 102
[AC] interface vlanif 100  //配置接口地址池為AP分配IP地址
[AC-Vlanif100] description manage_ap
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101  //配置接口地址池為一樓無線用戶STA分配IP地址
[AC-Vlanif101] description manage_floor1_sta
[AC-Vlanif101] ip address 10.23.101.1 24
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit
[AC] interface vlanif 102  //配置接口地址池為二樓無線用戶STA分配IP地址
[AC-Vlanif102] description manage_floor2_sta
[AC-Vlanif102] ip address 10.23.102.1 24
[AC-Vlanif102] dhcp select interface
[AC-Vlanif102] quit
[AC] interface vlanif 201  //配置接口地址池為一樓有線用戶PC分配IP地址
[AC-Vlanif201] description manage_floor1_pc
[AC-Vlanif201] ip address 10.23.201.1 24
[AC-Vlanif201] dhcp select interface
[AC-Vlanif201] quit
[AC] interface vlanif 202  //配置接口地址池為二樓有線用戶PC分配IP地址
[AC-Vlanif202] description manage_floor2_pc
[AC-Vlanif202] ip address 10.23.202.1 24
[AC-Vlanif202] dhcp select interface
[AC-Vlanif202] quit
  •  3.配置RADIUS服務器認證、計費和授權模板和Portal認證

  # 配置AC的RADIUS服務器認證、計費和授權模板。

[AC] radius-server template radius1  //創建名為radius1的RADIUS服務器模板
[AC-radius-radius1] radius-server authentication 10.23.200.1 1812 source ip-address 10.23.200.2 weight 80   //配置RADIUS認證服務器,認證端口1812,AC使用10.23.200.2和RADIUS服務器通信
[AC-radius-radius1] radius-server accounting 10.23.200.1 1813 source ip-address 10.23.200.2 weight 80   //配置RADIUS計費服務器,以便獲取終端用戶的上下線信息,計費端口1813,AC使用10.23.200.2和RADIUS服務器通信
[AC-radius-radius1] radius-server shared-key cipher Admin@123   //配置RADIUS服務器預共享密鑰
[AC-radius-radius1] undo radius-server user-name domain-included   //設備向RADIUS服務器發送的用戶名不包含域名,當RADIUS服務器不接受帶域名的用戶時需要配置
[AC-radius-radius1] quit
[AC] radius-server authorization 10.23.200.1 shared-key cipher Admin@123   //配置RADIUS授權服務器的地址,共享密鑰為Admin@123,必須與認證密鑰和計費密鑰一致。配置授權服務器以便RADIUS服務器向AC下發授權規則
[AC] aaa
[AC-aaa] authentication-scheme radius1  //創建名為radius1的認證方案
[AC-aaa-authen-radius1] authentication-mode radius   //Agile Controller作為RADIUS服務器,認證方案必須配置為RADIUS
[AC-aaa-authen-radius1] quit
[AC-aaa] accounting-scheme radius1  //創建名為radius1的計費方案
[AC-aaa-accounting-radius1] accounting-mode radius   //配置計費方案為RADIUS方式。為了方便RADIUS服務器維護賬號的狀態信息,例如上下線信息,強制帳號下線,計費模式必須配置為radius
[AC-aaa-accounting-radius1] quit
[AC-aaa] domain portal1   //創建名為portal1的域
[AC-aaa-domain-portal1] authentication-scheme radius1  //綁定認證方案radius1
[AC-aaa-domain-portal1] accounting-scheme radius1  //綁定計費方案radius1
[AC-aaa-domain-portal1] radius-server radius1  //綁定RADIUS服務器模板radius1
[AC-aaa-domain-portal1] quit
[AC-aaa] quit

   # 配置Portal服務器。

[AC] web-auth-server portal1  //創建名為portal1的Portal服務器模板
[AC-web-auth-server-portal1] server-ip 10.23.200.1  //配置Portal服務器的IP地址
[AC-web-auth-server-portal1] port 50200  //配置設備向Portal服務器主動發送報文時使用的目的端口號為50200,缺省為50200
[AC-web-auth-server-portal1] shared-key cipher Admin@123  //配置AC與Portal服務器信息交互的共享密鑰
[AC-web-auth-server-portal1] url http://10.23.200.1:8080/portal  //配置指向Portal服務器的URL
[AC-web-auth-server-portal1] quit

   # 在WLAN-ESS接口下綁定Portal服務器模板,使能Portal認證的功能,對無線用戶進行Portal認證,有線用戶進行免認證。

[AC] interface wlan-ess 1
[AC-Wlan-Ess1] domain name portal1 force  //配置用戶強制域為portal1
[AC-Wlan-Ess1] domain name portal1  //配置用戶默認域為portal1
[AC-Wlan-Ess1] authentication portal  //配置認證功能為Portal認證
[AC-Wlan-Ess1] web-auth-server portal1 direct  //綁定名為portal1的Portal服務器模板並指定Portal認證方式為二層認證方式
[AC-Wlan-Ess1] quit
[AC] interface wlan-ess 2
[AC-Wlan-Ess2] domain name portal1 force  //配置用戶強制域為portal1
[AC-Wlan-Ess2] domain name portal1  //配置用戶默認域為portal1
[AC-Wlan-Ess2] authentication portal  //配置認證功能為Portal認證
[AC-Wlan-Ess2] web-auth-server portal1 direct  //綁定名為portal1的Portal服務器模板並指定Portal認證方式為二層認證方式
[AC-Wlan-Ess2] quit
  •  4.配置AP上線

  # 創建AP組,用於將相同配置的AP都加入同一AP組中。

[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] quit

  # 創建域管理模板,在域管理模板下配置AC的國家碼並在AP組下引用域管理模板。 

[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn  //配置AC的國家碼,使AC管理的AP的射頻特性符合不同國家或區域的法律法規要求,國家碼缺省值為CN
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y 
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y 
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view] quit

  # 配置AC的源接口。

[AC] capwap source interface vlanif 100

  # 在AC上離線導入AP。

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 101 ap-mac 60de-4476-e320
[AC-wlan-ap-101] ap-name ap-101
[AC-wlan-ap-101] ap-group ap-group1  //部署在一樓的AP都加入到AP組ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-101] quit
[AC-wlan-view] ap-id 102 ap-mac 60de-4476-e340
[AC-wlan-ap-102] ap-name ap-102
[AC-wlan-ap-102] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-102] quit
[AC-wlan-view] ap-id 103 ap-mac dcd2-fc04-b520
[AC-wlan-ap-103] ap-name ap-103
[AC-wlan-ap-103] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-103] quit
[AC-wlan-view] ap-id 201 ap-mac 60de-4476-e360
[AC-wlan-ap-201] ap-name ap-201
[AC-wlan-ap-201] ap-group ap-group2  //部署在二樓的AP都加入到AP組ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-201] quit
[AC-wlan-view] ap-id 202 ap-mac 60de-4476-e380
[AC-wlan-ap-202] ap-name ap-202
[AC-wlan-ap-202] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-202] quit
[AC-wlan-view] ap-id 203 ap-mac dcd2-fc04-b540
[AC-wlan-ap-203] ap-name ap-203
[AC-wlan-ap-203] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y 
[AC-wlan-ap-203] quit

   # 將AP上電后,當執行命令display ap all查看到AP的“State”字段為“nor”時,表示AP正常上線。

[AC-wlan-view] display ap all
Total AP information:
nor  : normal          [6]
-------------------------------------------------------------------------------------------------
ID   MAC            Name   Group     IP            Type            State STA Uptime
-------------------------------------------------------------------------------------------------
101  60de-4476-e320 ap-101 ap-group1 10.23.101.254 AP6010DN-AGN    nor   0   10S
102  60de-4476-e340 ap-102 ap-group1 10.23.101.253 AP6010DN-AGN    nor   0   15S
103  dcd2-fc04-b520 ap-103 ap-group1 10.23.101.252 AP6010DN-AGN    nor   0   23S
201  60de-4476-e360 ap-201 ap-group2 10.23.102.254 AP6010DN-AGN    nor   0   45S
202  60de-4476-e380 ap-202 ap-group2 10.23.102.253 AP6010DN-AGN    nor   0   49S
203  dcd2-fc04-b540 ap-203 ap-group2 10.23.102.252 AP6010DN-AGN    nor   0   55S
-------------------------------------------------------------------------------------------------
Total: 6

   # 配置AP2010DN的上行有線口GE0/0/0和下行接口Eth0/0/0、Eth0/0/1允許有線業務報文通過。

[AC-wlan-view] wired-port-profile name wired1
[AC-wlan-wired-port-wired1] vlan pvid 201  //AP2010DN下行接口用於連接PC等有線用戶終端,需要配置PVID,VLAN201用於傳輸一樓的有線業務報文
[AC-wlan-wired-port-wired1] vlan untagged 201  //AP2010DN下行接口用於連接PC等有線用戶終端,需要配置untagged
[AC-wlan-wired-port-wired1] quit
[AC-wlan-view] wired-port-profile name wired2
[AC-wlan-wired-port-wired2] vlan tagged 201  //AP2010DN上行接口用於連接上行網絡設備,需要配置tagged
[AC-wlan-wired-port-wired2] quit
[AC-wlan-view] wired-port-profile name wired3
[AC-wlan-wired-port-wired3] vlan pvid 202  //AP2010DN下行接口用於連接PC等有線用戶終端,需要配置PVID,VLAN202用於傳輸二樓的有線業務報文
[AC-wlan-wired-port-wired3] vlan untagged 202
[AC-wlan-wired-port-wired3] quit
[AC-wlan-view] wired-port-profile name wired4
[AC-wlan-wired-port-wired4] vlan tagged 202
[AC-wlan-wired-port-wired4] quit
[AC-wlan-view] ap-id 101
[AC-wlan-ap-101] wired-port-profile wired1 ethernet 0
[AC-wlan-ap-101] wired-port-profile wired1 ethernet 1
[AC-wlan-ap-101] wired-port-profile wired2 gigabitethernet 0
[AC-wlan-ap-101] quit
[AC-wlan-view] ap-id 102
[AC-wlan-ap-102] wired-port-profile wired1 ethernet 0
[AC-wlan-ap-102] wired-port-profile wired1 ethernet 1
[AC-wlan-ap-102] wired-port-profile wired2 gigabitethernet 0
[AC-wlan-ap-102] quit
[AC-wlan-view] ap-id 201
[AC-wlan-ap-201] wired-port-profile wired3 ethernet 0
[AC-wlan-ap-201] wired-port-profile wired3 ethernet 1
[AC-wlan-ap-201] wired-port-profile wired4 gigabitethernet 0
[AC-wlan-ap-201] quit
[AC-wlan-view] ap-id 202
[AC-wlan-ap-202] wired-port-profile wired3 ethernet 0
[AC-wlan-ap-202] wired-port-profile wired3 ethernet 1
[AC-wlan-ap-202] wired-port-profile wired4 gigabitethernet 0
[AC-wlan-ap-202] quit
  •  5.配置WLAN業務參數

   # 創建名為“rrm1”的RRM模板。

[AC-wlan-view] rrm-profile name rrm1
[AC-wlan-rrm-prof-rrm1] calibrate auto-channel-select disable  //配置射頻的信道選擇模式為固定模式
[AC-wlan-rrm-prof-rrm1] calibrate auto-txpower-select disable  //配置射頻的功率模式為固定模式
[AC-wlan-rrm-prof-rrm1] quit

   # 創建名為“radio-2g”和“radio-5g”的射頻模板,綁定RRM模板“rrm1”。

[AC-wlan-view] radio-2g-profile name radio-2g
[AC-wlan-radio-2g-prof-radio-2g] rrm-profile rrm1
[AC-wlan-radio-2g-prof-radio-2g] quit
[AC-wlan-view] radio-5g-profile name radio-5g
[AC-wlan-radio-5g-prof-radio-5g] rrm-profile rrm1
[AC-wlan-radio-5g-prof-radio-5g] quit

   # 創建名為“wlan-security”的安全模板,並配置安全策略。

[AC-wlan-view] security-profile name wlan-security  //接口下已經使能了Portal認證,所以安全策略使用缺省的OPEN方式,不認證,不加密
[AC-wlan-sec-prof-wlan-security] quit

   # 創建名為“wlan-ssid”的SSID模板,並配置SSID名稱為“hospital-wlan”。

[AC-wlan-view] ssid-profile name wlan-ssid
[AC-wlan-ssid-prof-wlan-ssid] ssid hospital-wlan  //配置SSID名稱為hospital-wlan
[AC-wlan-ssid-prof-wlan-ssid] quit

   # 配置名為“traffic1”的流量模板,並配置無線用戶二層隔離。

[AC-wlan-view] traffic-profile name traffic1
[AC-wlan-traffic-prof-traffic1] user-isolate l2
Warning: This action may cause service interruption. Continue?[Y/N]y

   # 創建名為“wlan-vap1”和“wlan-vap2”的VAP模板,配置業務數據轉發模式、業務VLAN,並且引用安全模板、SSID模板、認證模板和流量模板。

[AC-wlan-view] vap-profile name wlan-vap1
[AC-wlan-vap-prof-wlan-vap1] forward-mode tunnel  //配置業務轉發模式為隧道轉發
[AC-wlan-vap-prof-wlan-vap1] service-vlan vlan-id 101  //缺省情況下VLAN ID為1,修改VLAN ID為101
[AC-wlan-vap-prof-wlan-vap1] security-profile wlan-security 
[AC-wlan-vap-prof-wlan-vap1] ssid-profile wlan-ssid
[AC-wlan-vap-prof-wlan-vap1] authentication-profile portal1
[AC-wlan-vap-prof-wlan-vap1] traffic-profile traffic1
[AC-wlan-vap-prof-wlan-vap1] quit
[AC-wlan-view] vap-profile name wlan-vap2
[AC-wlan-vap-prof-wlan-vap2] forward-mode tunnel  //配置業務轉發模式為隧道轉發
[AC-wlan-vap-prof-wlan-vap2] service-vlan vlan-id 102  //缺省情況下VLAN ID為1,修改VLAN ID為102
[AC-wlan-vap-prof-wlan-vap2] security-profile wlan-security 
[AC-wlan-vap-prof-wlan-vap2] ssid-profile wlan-ssid 
[AC-wlan-vap-prof-wlan-vap2] authentication-profile portal1
[AC-wlan-vap-prof-wlan-vap2] traffic-profile traffic1
[AC-wlan-vap-prof-wlan-vap2] quit

   # 配置AP組引用VAP模板和射頻模板。

[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] radio-2g-profile radio-2g
[AC-wlan-ap-group-ap-group1] radio-5g-profile radio-5g
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 0
[AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 1
[AC-wlan-ap-group-ap-group2] radio-2g-profile radio-2g
[AC-wlan-ap-group-ap-group2] radio-5g-profile radio-5g
[AC-wlan-ap-group-ap-group2] quit
  •  6.配置VAP並下發

  # 配置VAP。

[AC-wlan-view] ap-id 101
[AC-wlan-ap-101] radio 0
[AC-wlan-radio-101/0] channel 20mhz 1  //根據WLAN planner網規工具規划的結果配置信道
[AC-wlan-radio-101/0] eirp 10  //根據WLAN planner網規工具規划的結果配置功率
[AC-wlan-radio-101/0] quit
[AC-wlan-ap-101] quit
[AC-wlan-view] ap-id 102
[AC-wlan-ap-102] radio 0
[AC-wlan-radio-102/0] channel 20mhz 6
[AC-wlan-radio-102/0] eirp 10
[AC-wlan-radio-102/0] quit
[AC-wlan-ap-102] quit
[AC-wlan-view] ap-id 103
[AC-wlan-ap-103] radio 0
[AC-wlan-radio-103/0] channel 20mhz 11
[AC-wlan-radio-103/0] eirp 10
[AC-wlan-radio-103/0] quit
[AC-wlan-ap-103] quit
[AC-wlan-view] ap-id 103
[AC-wlan-ap-103] radio 1  //AP5030支持兩個射頻,此步配置射頻1
[AC-wlan-radio-103/1] channel 20mhz 153
[AC-wlan-radio-103/1] eirp 10
[AC-wlan-radio-103/1] quit
[AC-wlan-ap-103] quit
[AC-wlan-view] ap-id 201
[AC-wlan-ap-201] radio 0
[AC-wlan-radio-201/0] channel 20mhz 1 
[AC-wlan-radio-201/0] eirp 10 
[AC-wlan-radio-201/0] quit
[AC-wlan-ap-201] quit
[AC-wlan-view] ap-id 202
[AC-wlan-ap-202] radio 0
[AC-wlan-radio-202/0] channel 20mhz 6
[AC-wlan-radio-202/0] eirp 10
[AC-wlan-radio-202/0] quit
[AC-wlan-ap-202] quit
[AC-wlan-view] ap-id 203
[AC-wlan-ap-203] radio 0
[AC-wlan-radio-203/0] channel 20mhz 11
[AC-wlan-radio-203/0] eirp 10
[AC-wlan-radio-203/0] quit
[AC-wlan-ap-203] quit
[AC-wlan-view] ap-id 203
[AC-wlan-ap-203] radio 1 
[AC-wlan-radio-203/1] channel 20mhz 157
[AC-wlan-radio-203/1] eirp 10
[AC-wlan-radio-203/1] quit
[AC-wlan-ap-203] quit

   # 下發配置。

[AC-wlan-view] commit all  //在AC上配置關於AP的WLAN業務配置后,需要下發配置到AP上才能最終生效
Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
  •  7.驗證配置結果

  # 配置完成后,通過display vap all命令,可以查看到VAP已創建成功。

[AC-wlan-view] display vap all
WID : WLAN ID
----------------------------------------------------------------------------------
AP ID AP name    RfID WID   BSSID          Status  Auth type  STA  SSID
----------------------------------------------------------------------------------
101   ap-101     0    1     60DE-4476-E320 ON      OPEN       0    hospital-wlan
102   ap-102     0    1     60DE-4476-E340 ON      OPEN       0    hospital-wlan
103   ap-103     0    1     DCD2-FC04-B520 ON      OPEN       0    hospital-wlan
103   ap-103     1    1     DCD2-FC04-B530 ON      OPEN       0    hospital-wlan
201   ap-201     0    1     60DE-4476-E360 ON      OPEN       0    hospital-wlan
202   ap-202     0    1     60DE-4476-E380 ON      OPEN       0    hospital-wlan
203   ap-203     0    1     DCD2-FC04-B540 ON      OPEN       0    hospital-wlan
203   ap-203     1    1     DCD2-FC04-B550 ON      OPEN       0    hospital-wlan
---------------------------------------------------------------------------------
Total: 8

   # STA搜索到名為“hospital-wlan”的無線網絡並正常關聯后,STA能夠被分配相應的IP地址,用戶輸入密鑰可以訪問無線網絡,在AC上執行display station all命令,可以查看到用戶已經接入到無線網絡“hospital-wlan”中。

[AC-wlan-view] display station all
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
----------------------------------------------------------------------------------------------------------
STA MAC          AP ID Ap name       Rf/WLAN  Band  Type  Rx/Tx    RSSI  VLAN  IP address    SSID
----------------------------------------------------------------------------------------------------------
14cf-9208-9abf   0     ap-101        0/1      2.4G  11n   3/8      -70   10    10.23.101.254 hospital-wlan
----------------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

   # 無線用戶STA和有線用戶PC能夠分配到IP地址,正常連接網絡。

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 從實戰角度超級詳解中大型企業微服務化的六大核心關鍵技術 筆記本同時接入無線(外網)和有線(內網) win10 筆記本 同時接入無線(外網)和有線(內網) Django打造大型企業官網(一) Django打造大型企業官網(二) 大型企業如何搭建自己的”企業微信”? 掌握中大型園區網絡的部署 .NET中大型項目開發必備(8)--高效分頁 Django打造大型企業官網(六) Django打造大型企業官網(八)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM