华为---企业WLAN组网基本配置示例---AC+AP组网

AC+AP组网所需的物理条件

1、无线AP---收发无线信号；
2、无线控制器(AC)---用来控制管理多个AP；
3、PoE交换机---能给AP实现网络连接和供电的交换机；
4、授权：默认AC管理的AP数量有限，买授权才能管控更多AP。

---

WLAN创建步骤

一、AP上线

二、WLAN业务配置下发

三、无线网络终端接入WLAN

四、WLAN业务数据转发

        WLAN网络中的数据包括控制报文（管理报文）和数据报文。控制报文是通过CAPWAP的控制隧道转发的，用户的数据报文分为隧道转发方式、直接转发方式。

隧道转发方式：用户数据报文-->AP（CAPWAP数据隧道封装后）-->AC-->转发到上层网络。

直接转发方式：用户数据报文-->AP（不经过AC）-->直接转发到上层网络。

---

网络拓扑图

代码段

system-view 
 sysname R
interface GigabitEthernet 0/0/0 
 ip address 192.168.11.253 24
 
 
system-view 
 sysname SW
 dhcp enable
 vlan batch 10 11
interface GigabitEthernet 0/0/1
 port link-type access
 port default vlan 11
 quit
interface GigabitEthernet 0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface GigabitEthernet 0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10
 quit
interface Vlan 11
 ip address 192.168.11.254 24
 dhcp select interface
 quit
 
 
system-view 
sysname SW1
 vlan batch 10 11
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/1
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit
interface Ethernet 0/0/2
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10 11
 quit
 
 
system-view 
 sysname AC
 dhcp enable
 vlan 10
 quit
interface GigabitEthernet 0/0/1 
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 10
 quit
interface Vlan 10
 ip address 192.168.10.254 24
 dhcp select interface
 quit
wlan
 regulatory-domain-profile name test-d
 country-code CN
 quit
 ap-group name test-g
 regulatory-domain-profile test-d
 y
 quit
 ap auth-mode mac-auth
 ap-id 1 ap-mac 00e0-fcee-6470
 ap-name test-ap1
 ap-group test-g
 y
 ap-id 2 ap-mac 00e0-fc90-2b60
 ap-name test-ap2
 ap-group test-g
 y
 quit
 security-profile name test-s
 security wpa-wpa2 psk pass-phrase test@123 aes
 quit
 ssid-profile name test-w
 ssid test-wifi
 quit
 vap-profile name test-vap
 forward-mode direct-forward 
 service-vlan vlan-id 11
 security-profile test-s
 ssid-profile test-w
 quit
 ap-group name test-g
 vap-profile test-vap wlan 1 radio all
 quit
capwap source interface Vlanif 10
quit

配置步骤及代码---代码解析

配基础有线网络配置

system-view
[Huawei] sysname R
[R-GigabitEthernet0/0/0] ip address 192.168.11.253 24

system-view
Enter system view, return user view with Ctrl+Z.
[Huawei] sysname SW
[SW] dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW] vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW]interface GigabitEthernet 0/0/1
[SW-GigabitEthernet0/0/1] port link-type access
[SW-GigabitEthernet0/0/1] port default vlan 11
[SW-GigabitEthernet0/0/1] quit
[SW]interface GigabitEthernet 0/0/2
[SW-GigabitEthernet0/0/2] port link-type trunk
[SW-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 11
[SW-GigabitEthernet0/0/2] quit
[SW]interface GigabitEthernet 0/0/3
[SW-GigabitEthernet0/0/3] port link-type trunk
[SW-GigabitEthernet0/0/3] port trunk allow-pass vlan 10
[SW-GigabitEthernet0/0/3] quit
[SW]interface Vlan 11
[SW-Vlanif11] ip address 192.168.11.254 24
[SW-Vlanif11] dhcp select interface
[SW-Vlanif11] quit

system-view
Enter system view, return user view with Ctrl+Z.
[SW1]sysname SW1
[SW1] vlan batch 10 11
Info: This operation may take a few seconds. Please wait for a moment...done.  
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 11
[SW1-GigabitEthernet0/0/1] quit
[SW1]interface Ethernet 0/0/1
[SW1-Ethernet0/0/1] port link-type trunk
[SW1-Ethernet0/0/1] port trunk pvid vlan 10
[SW1-Ethernet0/0/1] port trunk allow-pass vlan 10 11
[SW1-Ethernet0/0/1] quit
[SW1]interface Ethernet 0/0/2
[SW1-Ethernet0/0/2] port link-type trunk
[SW1-Ethernet0/0/2] port trunk pvid vlan 10
[SW1-Ethernet0/0/2] port trunk allow-pass vlan 10 11
[SW1-Ethernet0/0/2] quit

system-view 
Enter system view, return user view with Ctrl+Z.
[AC6605] sysname AC
[AC] dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC] vlan 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC-vlan10] quit
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk pvid vlan 10
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[AC-GigabitEthernet0/0/1] quit
[AC]interface Vlan 10
[AC-Vlanif10] ip address 192.168.10.254 24
[AC-Vlanif10] dhcp select interface
[AC-Vlanif10] quit

AP上线和业务配置

[AC]wlan
[AC-wlan-view] regulatory-domain-profile name test-d //创建域管理模板test-d
[AC-wlan-regulate-domain-test-d] country-code CN //国家代码选择中国
Info: The current country code is same with the input country code.
[AC-wlan-regulate-domain-test-d] quit
[AC-wlan-view] ap-group name test-g //创建AP组test-g
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-test-g] regulatory-domain-profile test-d  //AP组的域管理模板是test-d
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-test-g]quit
[AC-wlan-view] ap auth-mode mac-auth  //AP的认证模式为MAC认证

AP离线加入

[AC-wlan-view] ap-id 1 ap-mac 00e0-fcee-6470  //AP的编号和MAC地址
[AC-wlan-ap-1] ap-name test-ap1  //AP的名字为test-ap1
[AC-wlan-ap-1] ap-group test-g //AP属于AP组test-g
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-1]ap-id 2 ap-mac 00e0-fc90-2b60
[AC-wlan-ap-2] ap-name test-ap2
[AC-wlan-ap-2] ap-group test-g
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-2]quit
[AC-wlan-view] security-profile name test-s  //安全模板的名字为test-s
[AC-wlan-sec-prof-test-s] security wpa-wpa2 psk pass-phrase test@123 aes //无线网密码是test@123，用AES加密。
[AC-wlan-sec-prof-test-s] quit
[AC-wlan-view] ssid-profile name test-w //ssid的模板名字为test-w
[AC-wlan-ssid-prof-test-w] ssid test-wifi //ssid的名称为test-wifi
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-test-w] quit
[AC-wlan-view] vap-profile name test-vap //vap模板的名字叫test-vap
[AC-wlan-vap-prof-test-vap] forward-mode direct-forward  //转发模式为直接转发
[AC-wlan-vap-prof-test-vap] service-vlan vlan-id 11 //服务VLAN的ID为11
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] security-profile test-s //调用安全模板test-s
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] ssid-profile test-w //调用SSID模板test-w
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-test-vap] quit
[AC-wlan-view] ap-group name test-g
[AC-wlan-ap-group-test-g] vap-profile test-vap wlan 1 radio all //调用VAP模板test-vap，wlan所有频道
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-test-g] quit
[AC-wlan-view]capwap source interface Vlanif 10  //AC的capwap隧道源接口为vlan 10
[AC]quit

STA接入

测试验证

管理vlan和业务vlan通信正常。