华为一个AC多个VAP的实现
来源:原创
时间:2024-04-10
作者:脚本小站
分类:网络
R1:
<Huawei>system-view [Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.111.1 24 [R1-GigabitEthernet0/0/0]quit [R1]ip route-static 192.168.100.0 24 192.168.111.2 [R1]ip route-static 192.168.101.0 24 192.168.111.2 [R1]ip route-static 192.168.102.0 24 192.168.111.2
AC1:
# 划分vlan并配置IP [AC6005]sysname AC1 [AC1]vlan batch 100 101 102 111 [AC1]interface Vlanif 100 [AC1-Vlanif100]ip address 192.168.100.1 24 [AC1-Vlanif100]interface Vlanif 101 [AC1-Vlanif101]ip address 192.168.101.1 24 [AC1-Vlanif101]interface Vlanif 102 [AC1-Vlanif102]ip address 192.168.102.1 24 [AC1-Vlanif102]interface Vlanif 111 [AC1-Vlanif111]ip address 192.168.111.2 24 # 划分端口到vlan [AC1]int GigabitEthernet 0/0/1 [AC1-GigabitEthernet0/0/1]port link-type access [AC1-GigabitEthernet0/0/1]port default vlan 111 [AC1-GigabitEthernet0/0/1]int GigabitEthernet 0/0/2 [AC1-GigabitEthernet0/0/2]port link-type access [AC1-GigabitEthernet0/0/2]port default vlan 100 # 启用dhcp [AC1]dhcp enable # 创建地址池 [AC1]ip pool vlan100 [AC1-ip-pool-vlan100]network 192.168.100.0 mask 24 [AC1-ip-pool-vlan100]gateway-list 192.168.100.1 [AC1]ip pool vlan101 [AC1-ip-pool-vlan101]network 192.168.101.0 mask 24 [AC1-ip-pool-vlan101]gateway-list 192.168.101.1 # 业务vlan要配置网关和DNS [AC1-ip-pool-vlan101]dns-list 8.8.8.8 [AC1]ip pool vlan102 [AC1-ip-pool-vlan102]network 192.168.102.0 mask 24 [AC1-ip-pool-vlan102]gateway-list 192.168.102.1 [AC1-ip-pool-vlan102]dns-list 8.8.8.8 [AC1-ip-pool-vlan102]quit # 查看地址池: [AC1]display ip pool # 设置vlan的地址从地址池中取 [AC1]interface Vlanif 100 [AC1-Vlanif100]dhcp select global [AC1]interface Vlanif 101 [AC1-Vlanif101]dhcp select global [AC1]interface Vlanif 102 [AC1-Vlanif102]dhcp select global # 默认路由: [AC1]ip route-static 0.0.0.0 0 192.168.111.1 # AP中查看是否获取了IP地址: [Huawei]display ip interface brief Interface IP Address/Mask Physical Protocol NULL0 unassigned up up(s) Vlanif1 192.168.100.23/24 up up
隧道转发
建立capwap隧道:用于AP上线
# 使用vlan100建立capwap隧道 [AC1]capwap source interface Vlanif 100 # 配置域管理模版 [AC1]wlan [AC1-wlan-view]regulatory-domain-profile name default # 域管理模版名称为default # 配置国家代码 [AC1-wlan-regulate-domain-default]country-code cn # 配置ap接入的认证模式 [AC1-wlan-view]ap auth-mode mac-auth # 指定mac地址的方式认证 [AC1-wlan-view]ap-id 1 ap-mac 00e0-fc5d-1130 # 绑定mac地址 [AC1-wlan-ap-1]ap-name ap1 # 起一个ap名称 [AC1-wlan-ap-1]regulatory-domain-profile default # 指定域管理模版 # 显示AP: [AC1-wlan-view]display ap all -------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime -------------------------------------------------------------------------------- 1 00e0-fc5d-1130 ap1 default 192.168.100.23 AP2050DN nor 0 9M:36S -------------------------------------------------------------------------------- Total: 1 # 创建SSID [AC1-wlan-view]ssid-profile name sales-AP [AC1-wlan-ssid-prof-sales-AP]ssid sales-AP # 创建安全模版 [AC1-wlan-view]security-profile name sec-sales [AC1-wlan-sec-prof-sec-sales]security wpa-wpa2 psk pass-phrase a1234567 aes # 安全密码 a1234567 # 配置vap模版 [AC1-wlan-view]vap-profile name vap-sales [AC1-wlan-vap-prof-vap-sales]forward-mode tunnel [AC1-wlan-vap-prof-vap-sales]service-vlan vlan-id 101 [AC1-wlan-vap-prof-vap-sales]ssid-profile sales-AP [AC1-wlan-vap-prof-vap-sales]security-profile sec-sales # 在AP中应用模版 [AC1-wlan-view]ap-id 1 [AC1-wlan-ap-1]vap-profile vap-sales wlan 1 radio 0 [AC1-wlan-ap-1]vap-profile vap-sales wlan 1 radio 1 # 创建SSID [AC1-wlan-view]ssid-profile name market-AP [AC1-wlan-ssid-prof-market-AP]ssid market-AP # 创建安全模版 [AC1-wlan-view]security-profile name sec-market [AC1-wlan-sec-prof-sec-market]security wpa-wpa2 psk pass-phrase b1234567 aes # 配置vap模版 # 创建一个名为 vap-market 的VAP配置文件,该文件将包含VAP的各种设置。 [AC1-wlan-view]vap-profile name vap-market # 配置VAP的数据转发模式为隧道模式。 [AC1-wlan-vap-prof-vap-market]forward-mode tunnel # 指定VAP所使用的服务VLAN的ID为102 [AC1-wlan-vap-prof-vap-market]service-vlan vlan-id 102 # 指定用于VAP的SSID配置文件的名称为 market-AP。SSID配置文件包含了VAP所使用的无线网络名称(SSID)、加密方式等信息。 [AC1-wlan-vap-prof-vap-market]ssid-profile market-AP # 指定用于VAP的安全配置文件的名称为 sec-market。 [AC1-wlan-vap-prof-vap-market]security-profile sec-market # 在AP中应用模版 [AC1-wlan-view]ap-id 1 [AC1-wlan-ap-1]vap-profile vap-market wlan 2 radio 0 [AC1-wlan-ap-1]vap-profile vap-market wlan 2 radio 1 # 查看接口是否都up了 [AC1-wlan-ap-1]display ip interface brief
隧道转发的数据包是经过封装的:如图
改成直接转发
[AC1-GigabitEthernet0/0/2]undo port default vlan [AC1-GigabitEthernet0/0/2]undo port link-type [AC1-GigabitEthernet0/0/2]port link-type trunk [AC1-GigabitEthernet0/0/2]port trunk pvid vlan 100 # 没有vlan的数据表默认走vlan100 [AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102 # 改成直接转发 [AC1-wlan-view]vap-profile name vap-sales [AC1-wlan-vap-prof-vap-sales]forward-mode direct-forward Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait...done. [AC1-wlan-view]vap-profile name vap-market [AC1-wlan-vap-prof-vap-market]forward-mode direct-forward Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait...done. # 查看说有的虚拟ap [AC1-wlan-view]display vap all Info: This operation may take a few seconds, please wait. WID : WLAN ID ------------------------------------------------------------------------------ AP ID AP name RfID WID BSSID Status Auth type STA SSID ------------------------------------------------------------------------------ 1 ap1 0 2 00E0-FCD1-0B81 ON WPA/WPA2-PSK 1 market-AP 1 ap1 0 1 00E0-FCD1-0B80 ON WPA/WPA2-PSK 1 sale-AP 1 ap1 1 2 00E0-FCD1-0B91 ON WPA/WPA2-PSK 0 market-AP 1 ap1 1 1 00E0-FCD1-0B90 ON WPA/WPA2-PSK 0 sale-AP ------------------------------------------------------------------------------ # 查看已连接的工作站 [AC1-wlan-view]display station all Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID ------------------------------------------------------------------------------------------------------ 5489-9823-447d 1 ap1 0/2 2.4G - -/- - 102 192.168.102.73 market-AP 5489-98da-7d3c 1 ap1 0/1 2.4G - -/- - 101 192.168.101.176 sale-AP ------------------------------------------------------------------------------------------------------ Total: 2 2.4G: 2 5G: 0
直接转发的包是没有经过vlan100封装的:如图。
