|
要想配置无线,先看懂摸板逻辑关系
关于模板的详细可以看华为官网,也可以参考https://blog.csdn.net/seaship/article/details/86165045
AC业务摸板配置
华为下的AC配置,开启Dhcp,用vlan pool形式部署便于多无线vlan拓展
vlan pool Test
vlan 2021 to 2022
interface Vlanif1250
description GuanLi
ip address 192.168.250.1 255.255.255.0
#
interface Vlanif2021
ip address 172.16.21.1 255.255.255.0
dhcp select interface
dhcp server dns-list 202.96.128.86 114.114.114.114
#
interface Vlanif2022
ip address 172.16.22.1 255.255.255.0
dhcp select interface
dhcp server dns-list 202.96.128.86 114.114.114.114
#
interface Vlanif2000
description WX_Mgt
ip address 172.16.100.1 255.255.255.0
dhcp select interface
AC到poe的下联接口配置,这里以vlan2000为AP管理网段
interface GigabitEthernet5/1/4
description LINK-2F-POE
port link-type trunk
port trunk allow-pass vlan 1012 1051 1250 2000 2011 to 2012 2021 to 2022
POE的配置
vlan batch 1250 2000 2021 to 2022
aaa
local-user admin password irreversible-cipher xxxxxx
local-user admin privilege level 15
local-user admin service-type terminal ssh http
#
interface Vlanif1250
ip address 192.168.250.22 255.255.255.0
POE下联AP的配置,pvid 2000是为了剥离2000VLAN标签,成为终端接受的原始数据,释放管理Ip
interface GigabitEthernet0/0/5
description LINK-AP2-10
port link-type trunk
port trunk pvid vlan 2000
port trunk allow-pass vlan 2000 2011 to 2012 2021 to 2022
POE上联核心
interface GigabitEthernet0/0/28
description UPLINK-SW-CORE
port link-type trunk
port trunk allow-pass vlan 1012 1051 1250 2000 2011 to 2012 2021 to 2022
基本网络配通,这里就可以把AP连接POE,AC就能读到AP了
然后配置射频管理的国家码,配置SSID模板(wifi名字),安全模板(wifi密码),认证模板(802.1x或者portal+ radius)
配置VAP模板,VAP模板调用ssid ,安全模板等
配置AP组,将AP加入相应的AP组,AP组调用VAP模板,射频模板
这里只是粗略不严谨的说法,便于看懂
< Home
配置不同业务VLAN的AP间快速漫游功能示例
组网图形
图1 配置不同业务VLAN的AP间快速漫游组网图
图1 配置不同业务VLAN的AP间快速漫游组网图
-
配置流程
WLAN不同的特性和功能需要在不同类型的模板下进行配置和维护,这些模板统称为WLAN模板,如域管理模板、射频模板、VAP模板、AP系统模板、AP有线口模板、WIDS模板、WDS模板、Mesh模板。当用户在配置WLAN业务功能时,需要在对应功能的WLAN模板中进行参数配置,配置完成后,须将此模板引用到AP组或AP中,配置才会自动下发到AP,进而配置的功能在AP上生效。由于模板之间是存在相互引用关系的,因此在用户配置过程中,需要先了解各个模板之间存在的逻辑关系。模板的逻辑关系和基本配置流程请参见WLAN业务配置流程。
组网需求
如图1所示,某园区网部署两台AP,分别为两个部门的员工提供WLAN接入服务,通过AC集中管理和控制。AC为AP和STA动态分配IP地址。两个部门的用户分属于不同VLAN,即AP1和AP2采用不同的业务VLAN,分别为101和102。用户采用的安全策略为WPA2+802.1X+AES,数据转发模式为隧道转发。
用户希望STA从AP1的无线信号覆盖区域移动到AP2的无线信号覆盖区域时业务不会中断。
配置思路
采用如下的思路配置不同业务VLAN的AP间快速漫游:
- 用户采用的安全策略为WPA2+802.1X+AES,需要进行接入认证,漫游切换时间较长。因此,通过配置同一业务VLAN的AP间快速漫游,实现用户在漫游过程中业务不中断。
- 配置网络互通,使AP与AC之间能够传输CAPWAP报文。
- 配置AC作为DHCP服务器,为STA和AP分配IP地址。
- 配置WLAN基本业务,保证用户能够连接到无线网络。
表1 数据规划表
| 配置项 | 数据 |
|---|
| DHCP服务器 | AC作为DHCP服务器为STA和AP分配IP地址 | | AP的IP地址池 | 10.23.100.2~10.23.100.254/24 | | STA的IP地址池 | 10.23.101.2~10.23.101.254/24 10.23.102.2~10.23.102.254/24 | | AC的源接口IP地址 | VLANIF100:10.23.100.1/24 | | RADIUS认证参数 |
- RADIUS服务器模板名称:radius_huawei
- IP地址:10.23.103.1
- 认证端口号:1812
- 共享密钥:huawei@123
- 认证方案:radius_huawei
| | STA的用户名和密码 |
- 用户名:test@huawei.com
- 密码:123456
| | 802.1X接入模板 |
| | 认证模板 |
- 名称:wlan-authentication
- 引用模板和认证方案:802.1X接入模板wlan-dot1x、认证方案radius_huawei、RADIUS服务器模板radius_huawei
| | AP组 |
- 名称:ap-group1
- 引用模板:VAP模板wlan-vap1、域管理模板domain1
|
- 名称:ap-group2
- 引用模板:VAP模板wlan-vap2、域管理模板domain1
| | 域管理模板 |
| | SSID模板 |
- 名称:wlan-ssid
- SSID名称:wlan-net
| | 安全模板 |
- 名称:wlan-security
- 安全策略:WPA2+802.1X+AES
| | VAP模板 |
- 名称:wlan-vap1
- 转发模式:隧道转发
- 业务VLAN:VLAN101
- 引用模板:SSID模板wlan-ssid、安全模板wlan-security、认证模板wlan-authentication
|
- 名称:wlan-vap2
- 转发模式:隧道转发
- 业务VLAN:VLAN102
- 引用模板:SSID模板wlan-ssid、安全模板wlan-security、认证模板wlan-authentication
|
配置注意事项
操作步骤
- 在AC上配置NAC模式为统一模式,以保证用户能够正常接入网络
<HUAWEI> system-view
[HUAWEI] authentication unified-mode
说明:
如果当前NAC模式为传统模式,则配置NAC模式为统一模式后,需要保存配置并重启设备后生效。 - 配置Switch_A和AC,使AP与AC之间能够传输CAPWAP报文
# 配置Switch_A的接口GE0/0/1~GE0/0/3都加入VLAN100(管理VLAN)。 <HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100
[Switch_A] interface gigabitethernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] port-isolate enable
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitethernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk pvid vlan 100
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/2] port-isolate enable
[Switch_A-GigabitEthernet0/0/2] quit
[Switch_A] interface gigabitethernet 0/0/3
[Switch_A-GigabitEthernet0/0/3] port link-type trunk
[Switch_A-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/3] quit
# 配置AC连接Switch_A的接口GE1/0/1加入VLAN100。 <HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet1/0/1] quit
- 配置AC与上层网络设备互通
# 配置AC上行接口GE1/0/3加入VLAN101和VLAN102并配置AC连接RADIUS服务器的接口GE1/0/4加入VLAN103。 [AC] vlan batch 101 to 103
[AC] interface gigabitethernet 1/0/3
[AC-GigabitEthernet1/0/3] port link-type trunk
[AC-GigabitEthernet1/0/3] port trunk allow-pass vlan 101 102
[AC-GigabitEthernet1/0/3] quit
[AC] interface gigabitethernet 1/0/4
[AC-GigabitEthernet1/0/4] port link-type trunk
[AC-GigabitEthernet1/0/4] port trunk pvid vlan 103
[AC-GigabitEthernet1/0/4] port trunk allow-pass vlan 103
[AC-GigabitEthernet1/0/4] quit
- 配置AC作为DHCP服务器,为STA和AP分配IP地址。配置VLANIF103,使AC和RADIUS服务器之间能够通信
# 配置基于接口地址池的DHCP服务器,其中,VLANIF100接口为AP1和AP2提供IP地址,VLANIF101为AP1下的STA提供IP地址,VLANIF102为AP2下的STA提供IP地址。说明: DNS服务器地址请根据实际需要配置。常用配置方法如下:
- 接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
- 全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.23.101.1 24
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit
[AC] interface vlanif 102
[AC-Vlanif102] ip address 10.23.102.1 24
[AC-Vlanif102] dhcp select interface
[AC-Vlanif102] quit
# 配置VLANIF103。 [AC] interface vlanif 103
[AC-Vlanif103] ip address 10.23.103.2 24
[AC-Vlanif103] quit
- 配置RADIUS认证参数
说明: 请确保AC与RADIUS服务器的共享密钥相同。 # 创建RADIUS服务器模板。 [AC] radius-server template radius_huawei
[AC-radius-radius_huawei] radius-server authentication 10.23.103.1 1812
[AC-radius-radius_huawei] radius-server shared-key cipher huawei@123
[AC-radius-radius_huawei] quit
# 创建RADIUS方式的认证方案。 [AC] aaa
[AC-aaa] authentication-scheme radius_huawei
[AC-aaa-authen-radius_huawei] authentication-mode radius
[AC-aaa-authen-radius_huawei] quit
# 创建AAA域并配置域的RADIUS服务器模板和认证方案。 [AC-aaa] domain huawei.com
[AC-aaa-domain-huawei.com] radius-server radius_huawei
[AC-aaa-domain-huawei.com] authentication-scheme radius_huawei
[AC-aaa-domain-huawei.com] quit
[AC-aaa] quit
说明:
配置了域“huawei.com”后,认证用户名后面需要加上域名。 # 测试用户是否能够通过RADIUS模板的认证。(已在RADIUS服务器上配置了测试用户test@huawei.com,用户密码123456) [AC] test-aaa test@huawei.com 123456 radius-template radius_huawei
Info: Account test succeed.
- 配置802.1X接入模板,管理802.1X接入控制参数
# 创建名为“wlan-dot1x”的802.1X接入模板。 [AC] dot1x-access-profile name wlan-dot1x
# 配置认证方式为EAP中继模式。 [AC-dot1x-access-profile-wlan-dot1x] dot1x authentication-method eap
[AC-dot1x-access-profile-wlan-dot1x] quit
- 创建名为“wlan-authentication”的认证模板,绑定802.1X接入模板,并配置用户强制域
[AC] authentication-profile name wlan-authentication
[AC-authen-profile-wlan-authentication] dot1x-access-profile wlan-dot1x
[AC-authen-profile-wlan-authentication] access-domain huawei.com dot1x force
[AC-authen-profile-wlan-authentication] quit
- 配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中。 [AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。 [AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view] quit
# 配置AC的源接口。 [AC] capwap source interface vlanif 100
# 在AC上离线导入AP1和AP2,并将AP1和AP2分别加入AP组“ap-group1”和“ap-group2”中。假设AP的MAC地址为60de-4476-e360和60de-4474-9640,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60de-4476-e360的AP部署在1号区域,命名此AP为area_1。 - 说明:
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth命令。 举例中使用的AP为AP6010DN-AGN,具有射频0和射频1两个射频。AP6010DN-AGN的射频0为2.4GHz射频,射频1为5GHz射频。 [AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit
[AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640
[AC-wlan-ap-1] ap-name area_2
[AC-wlan-ap-1] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-1] quit
# 将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。 [AC-wlan-view] display ap all
Total AP information:
nor : normal [2]
--------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------------------------
0 60de-4476-e360 area_1 ap-group1 10.23.100.254 AP6010DN-AGN nor 0 5M:2S
1 60de-4474-9640 area_2 ap-group2 10.23.100.253 AP6010DN-AGN nor 0 5M:4S
--------------------------------------------------------------------------------
Total: 2
- 配置WLAN业务参数
# 创建名为“wlan-security”的安全模板,并配置安全策略。 [AC-wlan-view] security-profile name wlan-security
[AC-wlan-sec-prof-wlan-security] security wpa2 dot1x aes
[AC-wlan-sec-prof-wlan-security] quit
# 创建名为“wlan-ssid”的SSID模板,并配置SSID名称为“wlan-net”。 [AC-wlan-view] ssid-profile name wlan-ssid
[AC-wlan-ssid-prof-wlan-ssid] ssid wlan-net
[AC-wlan-ssid-prof-wlan-ssid] quit
# 分别创建名为“wlan-vap1”和“wlan-vap2”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板、SSID模板和认证模板。 [AC-wlan-view] vap-profile name wlan-vap1
[AC-wlan-vap-prof-wlan-vap1] forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap1] service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-vap1] security-profile wlan-security
[AC-wlan-vap-prof-wlan-vap1] authentication-profile wlan-authentication
[AC-wlan-vap-prof-wlan-vap1] ssid-profile wlan-ssid
[AC-wlan-vap-prof-wlan-vap1] quit
[AC-wlan-view] vap-profile name wlan-vap2
[AC-wlan-vap-prof-wlan-vap2] forward-mode tunnel
[AC-wlan-vap-prof-wlan-vap2] service-vlan vlan-id 102
[AC-wlan-vap-prof-wlan-vap2] security-profile wlan-security
[AC-wlan-vap-prof-wlan-vap2] authentication-profile wlan-authentication
[AC-wlan-vap-prof-wlan-vap2] ssid-profile wlan-ssid
[AC-wlan-vap-prof-wlan-vap2] quit
# 配置AP组“ap-group1”和“ap-group2”分别引用VAP模板“wlan-vap1”和“wlan-vap2”,AP上射频0和射频1都使用VAP模板的配置。 [AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 0
[AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 1
[AC-wlan-ap-group-ap-group2] quit
- 配置AP射频的信道和功率
说明: 举例中AP射频的信道和功率仅为示例,实际配置中请根据AP的国家码和网规结果进行配置。 # 关闭射频的信道和功率自动调优功能。 射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效。 [AC-wlan-view] rrm-profile name default
[AC-wlan-rrm-prof-default] calibrate auto-channel-select disable
[AC-wlan-rrm-prof-default] calibrate auto-txpower-select disable
[AC-wlan-rrm-prof-default] quit
# 配置AP射频0的信道和功率。 [AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio 0
[AC-wlan-radio-0/0] channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0] eirp 127
[AC-wlan-radio-0/0] quit
# 配置AP射频1的信道和功率。 [AC-wlan-ap-0] radio 1
[AC-wlan-radio-0/1] channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1] eirp 127
[AC-wlan-radio-0/1] quit
[AC-wlan-ap-0] quit
- 提交配置
[AC-wlan-view] commit all
Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
- 验证配置结果
完成配置后,用户可通过无线终端搜索到SSID为wlan-net的无线网络。用户在STA上使用802.1X客户端进行认证,输入正确的用户名和密码,STA认证成功后,可以正常访问Internet上的资源。需要根据设置的认证方式(peap)对客户端进行相应的配置。
-
WINDOWS XP系统下的配置
- 首先在无线网络属性中,添加SSID为wlan-net,并选择认证方式为WPA2,加密方式为CCMP使用的算法AES。
- 在“验证”选项卡中,选择EAP类型为PEAP,单击“属性”,去掉验证服务器证书选项(此处不验证服务器证书),单击“配置”,去掉自动使用Windows登录名和密码选项,然后单击“确定”。
-
WINDOWS 7系统下的配置
- 进入管理无线网络页面,单击“添加”,选择“手动创建网络配置文件”,添加SSID为wlan-net,并选择认证方式为WPA2-企业,加密使用的算法AES,单击“下一步”。
- 单击“更改连接设置”,进入“无线网络属性”界面,选择“安全”页签,单击“设置”,取消勾选“验证服务器证书”(此处不验证服务器证书),单击“配置”,取消勾选“自动使用Windows登录名和密码”,单击“确定”。
- 单击“确定”,返回“无线网络属性”界面,单击“高级设置”,在“高级设置”界面,勾选“指定身份验证模式”,并选择身份验证模式为“用户身份验证”,单击“确定”。
STA在AP1的覆盖范围内搜索到SSID为“wlan-net”的无线网络,输入密码“123456”并正常关联后,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP1,STA的MAC地址为“e019-1dc7-1e08”。 [AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
---------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
---------------------------------------------------------------------------------
e019-1dc7-1e08 0 area_1 1/1 5G 11n 38/64 -68 101 10.23.101.254
---------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
当STA从AP1的覆盖范围移动到AP2的覆盖范围时,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP2。 [AC-wlan-view] display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
----------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address
----------------------------------------------------------------------------------------
e019-1dc7-1e08 1 area_2 1/1 5G 11n 46/59 -58 101 10.23.101.254
----------------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1
在AC上执行命令display station roam-track sta-mac e019-1dc7-1e08,可以查看该STA的漫游轨迹。 [AC-wlan-view] display station roam-track sta-mac e019-1dc7-1e08
Access SSID:huawei
Rx/Tx:link receive rate/link transmit rate(Mbps)
------------------------------------------------------------------------------
L2/L3 AC IP AP name Radio ID
BSSID TIME In/Out RSSI Out Rx/Tx
------------------------------------------------------------------------------
-- 10.23.100.1 area_1 0
60de-4476-e360 2015/02/07 17:48:30 -51/-48 46/13
L2 10.23.100.1 area_2 0
60de-4474-9640 2015/02/07 17:54:50 -58/- -/-
------------------------------------------------------------------------------
Number: 1
配置文件
-
接入交换机的配置文件 #
sysname Switch_A
#
vlan batch 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
port-isolate enable group 1
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100
#
return
-
AC的配置文件 #
sysname AC
#
vlan batch 100 to 103
#
authentication-profile name wlan-authentication
dot1x-access-profile wlan-dot1x
access-domain huawei.com dot1x force
#
dhcp enable
#
radius-server template radius_huawei
radius-server shared-key cipher %^%#*7d1;XNof/|Q0:DsP!,W51DIYPx}`AARBdJ'0B^$%^%#
radius-server authentication 10.23.103.1 1812 weight 80
#
aaa
authentication-scheme radius_huawei
authentication-mode radius
domain huawei.com
authentication-scheme radius_huawei
radius-server radius_huawei
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select interface
#
interface Vlanif102
ip address 10.23.102.1 255.255.255.0
dhcp select interface
#
interface Vlanif103
ip address 10.23.103.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 101 to 102
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk pvid vlan 103
port trunk allow-pass vlan 103
#
capwap source interface vlanif100
#
wlan
security-profile name wlan-security
security wpa2 dot1x aes
ssid-profile name wlan-ssid
ssid wlan-net
vap-profile name wlan-vap1
forward-mode tunnel
service-vlan vlan-id 101
ssid-profile wlan-ssid
security-profile wlan-security
authentication-profile wlan-authentication
vap-profile name wlan-vap2
forward-mode tunnel
service-vlan vlan-id 102
ssid-profile wlan-ssid
security-profile wlan-security
authentication-profile wlan-authentication
regulatory-domain-profile name domain1
rrm-profile name default
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile wlan-vap1 wlan 1
radio 1
vap-profile wlan-vap1 wlan 1
ap-group name ap-group2
regulatory-domain-profile domain1
radio 0
vap-profile wlan-vap2 wlan 1
radio 1
vap-profile wlan-vap2 wlan 1
ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
ap-name area_1
ap-group ap-group1
radio 0
channel 20mhz 6
eirp 127
radio 1
channel 20mhz 149
eirp 127
ap-id 1 type-id 19 ap-mac 60de-4474-9640 ap-sn 210235554710CB000078
ap-name area_2
ap-group ap-group2
#
dot1x-access-profile name wlan-dot1x
#
return
父主题: 配置举例
版权所有 华为技术有限公司
版权所有 华为技术有限公司
< 上一节 | 
转播
