基于enspv510版ac与ap配置-txj
基于e n s p v510版a c与a p配置四川托普信息职业技术学院唐小军
一、拓扑图
二、实验环境:
三、相应设备:
1.无线AP:5030, AC:6605,
2.交换:二层,s3700,三层,s5700
3.电脑:STA
四、实现目标:
1.STA3能通过无线方式访问到三层交换机接口地址,10.23.101.2
五、配置思路
1.配置AP、AC和周边网络设备之间实现网络互通。
2.配置AP上线。
a)创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
b)配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
c)配置AP上线的认证方式并离线导入AP,实现AP正常上线。
3.配置WLAN业务参数,实现STA访问WLAN网络功能。
六、实验过程:
1.二层交换机配置
[HUAWEI] sysname Switch
[Switch] vlan batch 100 101
[Switch] interface Ethernet0/0/1
[Switch-Ethernet0/0/1] port link-type trunk
[Switch-Ethernet0/0/1] port trunk pvid vlan 100
[Switch-Ethernet0/0/1] port trunk allow-pass vlan 100 101
[Switch-Ethernet0/0/1] port-isolate enable
[Switch-Ethernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-Ethernet0/0/2] port link-type trunk
[Switch-Ethernet0/0/2] port trunk allow-pass vlan 100 101 [Switch-Ethernet0/0/2] quit
2.三层交换机配置
[Huawei] sysname Router
[Router] vlan batch 101
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] port link-type trunk
[Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 101 [Router-GigabitEthernet0/0/1] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.2 24
[Router-Vlanif101] quit
3.配置AC与其它网络设备互通
[AC6605] sysname AC
[AC] vlan batch 100 101
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101 [AC-GigabitEthernet0/0/1] quit
[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] port link-type trunk
[AC-GigabitEthernet0/0/2] port trunk allow-pass vlan 101 [AC-GigabitEthernet0/0/2] quit
4.在AC上配置DHCP服务器为STA和AP分配IP地址[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.23.101.1 24
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit
5.在AC上配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中。[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit
# 配置AC的源接口。
[AC] capwap source interface vlanif 100
6.查看ap的mac地址做好记录以备用,并为ap设置部署名称例如area_1
7.AP具有射频0和射频1两个射频。例如AP5030DN的射频0为2.4GHz射频,射频1为5GHz射频。[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit
8.保证AP上电并与AC连接,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示
AP正常上线。
[AC-wlan-view] display ap all
Total AP information:
nor : normal [1]
-------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
-------------------------------------------------------------------------------------
0 00e0-fcfe-1e60 area_1 ap-group1 10.23.100.106 AP5030DN nor 0 10S
-------------------------------------------------------------------------------------
Total: 1
9.配置WLAN业务参数,配置WPA-WPA2+PSK+AES的安全策略,密码为“a1234567”
[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net] quit
# 创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”。
[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit
# 创建名为“wlan-net”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC-wlan-view] vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net] forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit
# 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置。
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
[AC-wlan-ap-group-ap-group1] quit
10.配置AP射频的信道和功率,关闭射频的信道和功率自动调优功能。射频的信道和功率自动调优功能默认
开启,如果不关闭此功能则会导致手动配置不生效。
[AC-wlan-view] rrm-profile name default
[AC-wlan-rrm-prof-default] calibrate auto-channel-select disable
[AC-wlan-rrm-prof-default] calibrate auto-txpower-select disable
[AC-wlan-rrm-prof-default] quit
# 配置AP射频0的信道和功率。
[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio 0
[AC-wlan-radio-0/0] channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/0] eirp 127
[AC-wlan-radio-0/0] quit
# 配置AP射频1的信道和功率。
[AC-wlan-ap-0] radio 1
[AC-wlan-radio-0/1] channel 20mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-0/1] eirp 127
[AC-wlan-radio-0/1] quit
[AC-wlan-ap-0] quit
11.验证配置结果, WLAN业务配置会自动下发给AP,配置完成后,通过执行命令display vap ssid
wlan-net查看如下信息,当“Status”项显示为“ON”时,表示AP对应的射频上的VAP已创建成功。
12.STA搜索到名为“wlan-net”的无线网络,输入密码“a1234567”并正常关联后,在AC上执行display
station ssid wlan-net命令,可以查看到用户已经接入到无线网络“wlan-net”中。在STA3上做如下操作: