一、WLAN的知识点
1.WLAN的概念:WLAN是一种无线局域网技术,用于实现局部区域内的计算机设备互联和资源共享。
2.WLAN的工作原理:主要涉及无线网卡、接入控制器设备(AC)、无线接入点(AP)等关键组件的协同工作。
3.建立CAPWAP隧道阶段
4.为确保AP能够上线,AC需预先配置如下内容
5.STA的接入
| 扫描 | 包括STA的请求和AP回应 |
| 链路认证 | 包括WEP认证、WPA/WPA2-802.1X认证和WPA/WPA2-PSK认证 |
| 关联 | 包括协商速率、信道等 |
| 接入认证 | 包括PSK认证和802.1X认证 |
| DHCP | |
6.配置模板
为了方便用户配置和维护WLAN的各种功能,针对的不同功能和特性设计了各种类型的模板下面这些模板同城为WLAN模板。
二、WLAN无线综合实验
实验拓扑
(1)基本的配置:
LSW1
<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname LSW1
[LSW1]vlan batch 100 101
[LSW1]interface g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/1]quit
[LSW1]interface g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101
[LSW1-GigabitEthernet0/0/3]quit
[LSW1]interface g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 101
[LSW1-GigabitEthernet0/0/2]q
[LSW1]interface vlanif 101
[LSW1-Vlanif101]ip address 192.168.101.1 24
[LSW1-Vlanif101]undo shutdown
[LSW1-Vlanif101]q
LSW2
<Huawei>system-view
[Huawei]undo info-center enable
[Huawei]sysname LSW2
[LSW2]vlan 100
[LSW2-vlan100]q
[LSW2]interface e0/0/1
[LSW2-Ethernet0/0/1]port link-type trunk
[LSW2-Ethernet0/0/1]port trunk allow-pass vlan 100
[LSW2-Ethernet0/0/1]port trunk pvid vlan 100
[LSW2-Ethernet0/0/1]q
[LSW2]interface e0/0/2
[LSW2-Ethernet0/0/2]port link-type trunk
[LSW2-Ethernet0/0/2]port trunk allow-pass vlan 100
[LSW2-Ethernet0/0/2]port trunk pvid vlan 100
[LSW2-Ethernet0/0/2]q
[LSW2]interface e0/0/3
[LSW2-Ethernet0/0/3]port link-type trunk
[LSW2-Ethernet0/0/3]port trunk allow-pass vlan 100
[LSW2-Ethernet0/0/3]q
注:1.为什么只在LSW2上创建VLAN100,不创建VLAN101呢?
因为是用来隧道转发,数据到达AC1后才会打上101的标签然后发给LSW1。
2.为什么连接AP的接口要打port trunk vlan 100?
因为交换机收到AP的数据帧打上100标签发送,把打上100标签的数据帧去掉然后发给AP。
AC1
<AC1>system-view
[AC1]undo info-center enable
[AC1]vlan batch 100 101
[AC1]interface g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC1-GigabitEthernet0/0/1]q
[AC1]interface vlanif 100
[AC1-Vlanif100]ip address 192.168.100.1 24
[AC1-Vlanif100]q
R1
<Huawei>system-view
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.101.2 24
[R1-GigabitEthernet0/0/0]undo shutdown
[R1-GigabitEthernet0/0/0]q
(2)设置DHCP,创建WLAN,设置trunk
先在LSW2 g0/0/1上抓包,可以看到DHCP Discocery广播
但此时交换机不会将该DHCP广播帧泛洪到路由器。因为从LSW2 g0/0/1上传递出来的DHCP Discocery报文是打着VLAN100标签,只能到达VLANif100对应目的地,而LSW1的g0/0/1属于VLANif 101,因此必须通过三层转发才行 。
2)设置业务DHCP,让STA获得IP地址
[LSW1]dhcp enable
[LSW1]interface vlanif 101
[LSW1-Vlanif101]dhcp select interface
[LSW1-Vlanif101]q
3)设置管理DHCP,让AP获取IP地址
[AC1]dhcp enable
[AC1]interface vlanif 100
[AC1-Vlanif100]dhcp select interface //配置接口地址池
[AC1-Vlanif100]q
(3)配置AC、AP上线
1)创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name x
[AC1-wlan-ap-group-x]quit
2)创建域管理模式并关联到AP组
[AC1]wlan
[AC1-wlan-view]ap-group name x //创建AP组x
[AC1-wlan-ap-group-x]q
[AC1-wlan-view]regulatory-domain-profile name x1 //创建域个管理模板x1
[AC1-wlan-regulate-domain-x1]country-code cn //国家代码选择中国
[AC1-wlan-regulate-domain-x1]q
[AC1-wlan-view]ap-group name x
[AC1-wlan-ap-group-x]regulatory-domain-profile x1 //AP组的域管理模板是x1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y//选择y
[AC1-wlan-ap-group-x]q
3)配置AC的接口源地址
[AC1]capwap source interface vlanif 100 //AC的接口源地址为VLAN 100
4)离线导入AP
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth //AP的认证模式为mac地址认证
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fcd5-1c70 //AP的编号和mac地址
[AC1-wlan-ap-1]ap-name ds //AP的名字为ds
[AC1-wlan-ap-1]ap-group x //AP属于AP组的x
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-view]ap-id 2 ap-mac 00e0-fc1e-3670
[AC1-wlan-ap-2]ap-name xs
[AC1-wlan-ap-2]ap-group x
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
5)查看AP的信息
(4)配置WLAN业务参数
1)创建安全模板
[AC1]wlan
[AC1-wlan-view]security-profile name y1 //创建名为'y1'的密码文件
[AC1-wlan-sec-prof-y1]security wpa-wpa2 psk pass-phrase huawei@123 aes //设置密码,用AES加密
[AC1-wlan-sec-prof-y1]q
2)创建SSID模板
[AC1-wlan-view]ssid-profile name y2 //SSID的模板名字为y2
[AC1-wlan-ssid-prof-y2]ssid hcia //SSID的名字为hcia
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-y2]q
[AC1-wlan-view]q
3)创建VAP模板
[AC1]wlan
[AC1-wlan-view]vap-profile name y //VAP模板的名字为y
[AC1-wlan-vap-prof-y]forward-mode tunnel //转发模式为隧道
[AC1-wlan-vap-prof-y]service-vlan vlan-id 101 //服务的VLAN为101
[AC1-wlan-vap-prof-y]security-profile y1 //调用安全模板y1
[AC1-wlan-vap-prof-y]ssid-profile y2 //调用SSID模板y2
[AC1-wlan-vap-prof-y]q
4)在AP组调用VAP模板
[AC1-wlan-view]ap-group name x
[AC1-wlan-ap-group-x]vap-profile y wlan 1 radio 0 //调用VAP模式y
[AC1-wlan-ap-group-x]vap-profile y wlan 1 radio 1
[AC1-wlan-ap-group-x]q
[AC1-wlan-view]
在模拟器中的拓扑图中可以看到变化,不得不说华为的ENSP模拟得很好
在下面的设备中连接WLAN,找到hcia,输入密码,就ok啦
(5)测试
1)登录完成后,可以点击命令行,输入ipconfig可以查看到是否获取IP地址
2)Ping的网关能通
三、总结
总之,WLAN作为一种灵活便捷的无线网络形式,极大地提升了工作和生活中的网络应用体验。从其发展历程来看,WLAN经历了多次技术进步,不断优化传输速率和网络稳定性。尽管存在一些不足,但随着技术的不断完善,WLAN将更好地满足人们日益增长的无线联网需求。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
