华为企业配置⼤型WLAN基本业务典型配置案例
最近⼜学习了华为中⼤型⽹络设备的WLAN组⽹,刚开始觉得头⼤,其实只要静下⼼来掌握规律就很简单了。
背景案例:
某公司需要搭建⼤型WLAN组⽹,希望所有AP获取的地址都是从路由器上统⼀分配,然后AP分别设置为两个区域,guest和employee wifi.
这是拓补图和成品图⼀起的。
先说总体思路吧
1:按照配置,所有的内⽹都能互通,创建各种vlan,⼀定记得各个端⼝trunk的状态。
2:给各个需要配IP地址的vlanif创建IP地址,并配置互通的路由。(包括静态路由和默认路由)
3:在router上创建全局地址池,然后交换机以中继的⽅式获得地址。(三层AC组⽹时,要在地址池宣告去AC,命令:
ip pool ap #option 43 sub-option 3 ascii -acvlan的地址(本案例:192.168.30.1))
4:在交换机上⽤dhcp lect relay来获取地址,验证是否能获取到地址。
5:创建vlan pool,guest和employee,⾥⾯各添加需要获得的地址池,(本⽂:guest11,12,employee13,14)AC上AP上线,
[记得不要让AP的地址和STA(⼯作站,⽆线设备)获取的地址⼀致(本⽂,AP对应vlan10)]
⼀:创建,guest和employee组,创建domain1域名模板,并且分别在组⾥调⽤这个模板(模板⾥⾯有country-code cn)
⼆:设置AP的上线⽅式为AP-MAC(本案例是这种⽅式),然后给此AP命名ID,name,所加的组。如法炮制,四个AP很快就上线,可以⽤dis ap all来查看,获取到IP地址,且状态时normal(正常)就OK了。
三:设置AP的原接⼝,capwas sorce interface vlan if 20 (本案例)
三:创建curity(主要验证加密⽅式和密码,),ssid模板(主要设置WiFi名称)
四:创建VAP 模板(主要包含四⼩项,1:转发模式2:选择服务的地址池为,ip pool,此时选择刚才创建的3:引⽤curity模板,4:引⽤SSID模板)
五,在组⾥,的射频上引⽤VAP模板,并设置射频(0,2.4Ghz 1 ,5Ghz)
然后验证配置
配置如下:
SA配置
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk乒乓球女运动员
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 10
#
#
port-group gaomin
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
童年的点点滴滴group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
#
CS
#
sysname cs
#
undo info-center enable
#
#
cluster enable
ntdp enable
ndp enable
英语四级英文
#
drop illegal-mac alarm
#
dhcp enable
#
diffrv domain default
#
drop-profile default
#
aaa
蒜香生菜authentication-scheme default
苹果手机锁屏怎么设置
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
july吴亦凡
local-ur admin password simple admin local-ur admin rvice-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0 dhcp lect relay
dhcp relay rver-ip 192.168.30.1
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0 dhcp lect relay
dhcp relay rver-ip 192.168.30.1
#
interface Vlanif12
ip address 192.168.12.1 255.255.255.0 dhcp lect relay
dhcp relay rver-ip 192.168.30.1
#
interface Vlanif13
ip address 192.168.13.1 255.255.255.0 dhcp lect relay
dhcp relay rver-ip 192.168.30.1
#
interface Vlanif14
ip address 192.168.14.1 255.255.255.0 dhcp lect relay
dhcp relay rver-ip 192.168.30.1
#
interface Vlanif20
ip address 192.168.20.2 255.255.255.0 #
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 to 14 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
#
ip route-static 0.0.0.0 0.0.0.0 192.168.30.1 #
ROUTER
#
sysname router
#
undo info-center enable
#
vlan batch 30
#
滑冰的英语cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffrv domain default
#
drop-profile default
#
ip pool ap
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0 option 43 sub-option 3 ascii 192.168.20.1 #
ip pool employee1
gateway-list 192.168.13.1
network 192.168.13.0 mask 255.255.255.0 #
ip pool employee2
gateway-list 192.168.14.1
network 192.168.14.0 mask 255.255.255.0 #
ip pool guest1
gateway-list 192.168.11.1
network 192.168.11.0 mask 255.255.255.0
#
ip pool guest2
gateway-list 192.168.12.1
network 192.168.12.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-ur admin password simple admin
local-ur admin rvice-type http
#
interface Vlanif1
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp lect global
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
#
ip route-static 192.168.10.0 255.255.255.0 192.168.30.2 ip route-static 192.168.11.0 255.255.255.0 192.168.30.2 ip route-static 192.168.12.0 255.255.255.0 192.168.30.2 ip route-static 192.168.13.0 255.255.255.0 192.168.30.2 ip route-static 192.168.14.0 255.255.255.0 192.168.30.2 ip route-static 192.168.20.0 255.255.255.0 192.168.30.2 #
AC
sysname AC
#
t memory-usage threshold 0
#
ssl renegotiation-rate 1
#
综合治理工作总结
vlan batch 10 to 14 20
#
authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name macportal_authen_profile
#
vlan pool guest
vlan 11 to 12
vlan pool employee
vlan 13 to 14
