WLAN的基本业务配置流程
组建直连式二层无线局域网
直连式二层组网AC数据规划表
| 配 置 项 | 数 据 |
|---|---|
| AP管理VLAN | VLAN 100 |
| STA业务VLAN | VLAN 101 |
| DHCP服务器 | AC作为DHCP服务器为AP和STA分配IP地址 |
| AP的IP地址池 | 10.23.100.2~10.23.100.254/24 |
| STA的IP地址池 | 10.23.101.3~10.23.101.254/24 |
| AC的源接口IP地址 | VLANIF 100:10.23.100.1/24 |
| AP组 | 名称:ap-group1 引用模板:VAP模板wlan-net、域管理模板default |
| 域管理模板 | 名称:default 国家码:中国 |
| SSID模板 | 名称:wlan-net SSID名称:wlan-net |
| 安全模板 | 名称:wlan-net 安全策略:WPA-WPA2+PSK+AES 密码:a1234567 |
| VAP模板 | 名称:wlan-net 转发模式:直接转发 业务VLAN:VLAN 101 引用模板:SSID模板wlan-net、安全模板wlan-net |
VLAN部署
在交换机以及AC上配置VLAN、Trunk。配置接入交换机S1的G0/0/1-3接口为Trunk接口,并加入VLAN 100和VLAN 101。G0/0/1、G0/0/2接口的默认VLAN为VLAN 100,当AP1、AP2加电启动后会加入VLAN 100,VLAN 100是AP的管理VLAN。G0/0/3接口的默认VLAN保持为默认值VLAN 1。
[S1]vlan batch 100 101
[S1]interface gigabitethernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101配置AC的接口G0/0/1加入VLAN 100和VLAN 101,接口G0/0/2加入VLAN 101。
[AC]vlan batch 100 101
[AC]interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1]quit
[AC]interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2]port link-type trunk
[AC-GigabitEthernet0/0/2]port trunk allow-pass vlan 101
[AC-GigabitEthernet0/0/2]quitIP地址部署
AC、R1上配置IP地址。在AC上配置VLANIF 100接口、VLANIF 101接口的IP地址。在R1上配置VLAN 101子接口G0/0/0.101的IP地址;创建LoopBack 10接口用于测试,该接口地址也模拟为DNS服务器的地址。
[AC]interface vlanif 100
[AC-Vlanif100]ip address 10.23.100.1 24
[AC]interface vlanif 101
[AC-Vlanif101]ip address 10.23.101.1 24[R1]interface GigabitEthernet0/0/0.101
[R1-GigabitEthernet0/0/0.101]dot1q termination vid 101
[R1-GigabitEthernet0/0/0.101]ip address 10.23.101.2 255.255.255.0
[R1-GigabitEthernet0/0/0.101]arp broadcast enable
[R1]interface LoopBack 10
[R1-LoopBack10]ip address 10.10.10.10 24VLAN间路由部署
VLAN间路由是由AC实现,AC、R1上配置合适的路由表,使得全网互通。
[AC]ip route-static 0.0.0.0 0.0.0.0 10.23.101.2
[R1]ip route-static 10.23.100.0 255.255.255.0 10.23.101.1DHCP服务部署
在AC上部署DHCP,为AP和无线终端提供IP地址。在AC上配置VLANIF 100接口为AP提供IP地址,配置VLANIF 101接口为无线终端(STA)提供IP地址。
[AC]dhcp enable
[AC]interface vlanif 100
[AC-Vlanif100]dhcp select interface
[AC-Vlanif100]quit
[AC]interface vlanif 101
[AC-Vlanif101]dhcp select interface
[AC-Vlanif101]dhcp server excluded-ip-address 10.23.101.2
[AC-Vlanif101]dhcp server dns-list 10.10.10.10
[AC-Vlanif101]quit创建AP组
创建AP组,用于将相同配置的AP都加入同一AP组中。
[AC]wlan
[AC-wlan-view]ap-group name ap-group1创建域管理模板,在域管理模板下配置AC的国家码,并在AP组下引用域管理模板。
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quitAP上线
配置AC的源接口。
[AC]capwap source interface vlanif 100
在AC上离线导入AP1、AP2,AP的ID分别为0和1,并将AP加入AP组“ap-group1”中。假设AP1的MAC地址为ac85-3d92-3340、AP2的MAC地址为ac85-3d92-1b60,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如,命名AP1为area_1、AP2为area_2。ap auth-mode用于配置AC对AP的认证模式,命令默认情况下为MAC认证,即通过MAC检查AP是否合法。
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac ac85-3d92-3340
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0]quit将AP上电后,当执行命令查看到AP的“State”字段为“nor”时,表示AP正常上线。AP正常能上线是整个WLAN组网的关键一步,如果AP没有正常上线,请先仔细考虑有线网络的VLAN、Trunk、VLAN路由、DHCP代理、DHCP服务器是否正确?
[AC-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
---------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Upt
ime
---------------------------------------------------------------------------------------------
0 00e0-fc4f-3de0 area_1 ap-group1 10.23.100.239 AP5030DN nor 1 1H:10M:48S
1 00e0-fc3e-2040 area_2 ap-group1 10.23.100.6 AP5030DN nor 1 1H:10M:39S
---------------------------------------------------------------------------------------------Total: 2
配置WLAN业务参数
创建名为“wlan-net”的安全模板,并配置安全策略,这个安全策略就是STA连接WLAN时要使用的认证方式。例中配置的安全策略为WPA-WPA2+PSK+AES,密码为“a1234567”。
[AC-wlan-view]security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net]quit创建名为“wlan-net”的SSID模板,并配置SSID的名称为“wlan-net”,SSID就是STA扫描到的无线网络的名称。
[AC-wlan-view]ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC-wlan-ssid-prof-wlan-net]quit创建名为“wlan-net”的VAP模板,配置业务数据转发模式为直接转发、业务VLAN为VLAN 101,并且引用安全模板和SSID模板。
[AC-wlan-view]vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net]forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net]service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net]security-profile wlan-net
[AC-wlan-vap-prof-wlan-net]ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net]quit配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置。
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
[AC-wlan-ap-group-ap-group1]quit配置AP射频的信道和功率
例中的AP具有射频0和射频1两个射频。AP的射频0为2.4GHz射频,射频1为5GHz射频。该例子关闭AP1(ID为0)射频0的信道自动选择功能和功率自动调优功能(eNSP中可能不支持),并配置AP1射频0的信道为信道6、带宽为20MHz,功率为127mw。其中EIRP为有效全向辐射功率。
[AC-wlan-view]ap-id 0
[AC-wlan-ap-0]radio 0
[AC-wlan-radio-0/0]calibrate auto-channel-select disable
[AC-wlan-radio-0/0]calibrate auto-txpower-select disable
[AC-wlan-radio-0/0]channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0]eirp 127
[AC-wlan-radio-0/0]quit关闭AP1射频1的信道和功率自动调优功能,并配置AP射频1的信道和功率。
[AC-wlan-ap-0]radio 1
[AC-wlan-radio-0/1]calibrate auto-channel-select disable
[AC-wlan-radio-0/1]calibrate auto-txpower-select disable
[AC-wlan-radio-0/1]channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1]eirp 127
[AC-wlan-radio-0/1]quit- End -