1.LSW1、LSW2、AC1、AC2 基础配置
LSW1
sy
vlan b 100 101
int g 0/0/1
p l t
p t p v 100
p t a v 100 101
int g 0/0/2
p l t
p t a v 100 101
LSW2
sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 101
int g 0/0/2
p l t
p t a v 100 102
int g 0/0/3
p l t
p t a v 100 102
int g 0/0/4
p l t
p t a v 100 101
AC1
sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 102
int vlan 100
ip add 10.23.100.2 24
int vlan 102
ip add 10.23.102.1 24
AC2
sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 102
int vlan 100
ip add 10.23.100.3 24
int vlan 102
ip add 10.23.102.2 24
2.配置Router给STA和AP分配IP地址
sy
dhcp enable
vlan b 100 101
int g 0/0/1
portswitch
p l t
p t a v 100 101
ip pool ap
network 10.23.100.0 mask 24
gateway-list 10.23.100.1
ip pool sta
network 10.23.101.0 mask 24
gateway-list 10.23.101.1
int vlan 100
ip add 10.23.100.1 24
dhcp select global
int vlan 101
ip add 10.23.101.1 24
dhcp select global
3.配置AC1的WLAN基本业务
wlan
ap-group name ap-group1
q
regulatory-domain-profile name default
country-code cn
q
ap-group name ap-group1
regulatory-domain-profile default ---y
q
q
capwap source interface vlan 100
// Mac地址 => dis int g 0/0/0
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 00e0-fcbe-0890
ap-name area_1
ap-group ap-group1 ---y
q
dis ap all
security-profile name wlan-net
security wpa-wpa2 psk pass-phrase 12345678 aes ---y
q
ssid-profile name wlan-net
ssid wlan-net
q
vap-profile name wlan-net
forward-mode direct-forward
service-vlan vlan-id 101
security-profile wlan-net
ssid-profile wlan-net
q
ap-group name ap-group1
vap-profile wlan-net wlan 1 radio 0
vap-profile wlan-net wlan 1 radio 1
q
q
4.配置AC2的WLAN私有配置
capwap source interface Vlanif 100
5.配置AC间控制隧道DTLS加密
AC1
capwap dtls inter-controller psk a1234567
capwap dtls inter-controller control-link encrypt ---y
AC2
capwap dtls inter-controller psk a1234567
capwap dtls inter-controller control-link encrypt ---y
6.配置主用AC1和备用AC2双链路备份功能
AC1
wlan
ap-system-profile name wlan-net
primary-access ip-address 10.23.100.2
backup-access ip-address 10.23.100.3
q
ap-group name ap-group1
ap-system-profile wlan-net ---y
q
undo ac protect restore disable
ac protect enable ---y
// 若双链路备份功能已开启,此处再执行命令ac protect enable不会重启AP,需要在主AC上继续执行
// 命令ap-reset重启AP,AP重启后,双链路备份功能开始生效。
ap-reset all ---y
q
AC2
wlan
ap-system-profile name wlan-net
primary-access ip-address 10.23.100.2
backup-access ip-address 10.23.100.3
q
ap-group name ap-group1
ap-system-profile wlan-net ---y
q
undo ac protect restore disable
ac protect enable ---y
7.配置双机热备份功能
AC1
hsb-service 0
service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
q
hsb-service-type ap hsb-service 0
hsb-service-type access-user hsb-service 0
AC2
hsb-service 0
service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
q
hsb-service-type ap hsb-service 0
hsb-service-type access-user hsb-service 0
8.验证配置结果
dis ap-system-profile name wlan-net
dis ac protect
dis hsb-service 0