华为无线ensp跨ac三层漫游

月夜行舟

已于 2022-08-11 20:12:20 修改

阅读量5.3k

点赞数 8

分类专栏：华为ensp 文章标签：华为无线

于 2022-06-02 23:27:49 首次发布

本文链接：https://blog.csdn.net/h320758724/article/details/125108098

版权

华为ensp 专栏收录该内容

8 篇文章 6 订阅

订阅专栏

该配置示例展示了如何为企业建立WLAN网络，实现不同部门间的VLAN隔离和移动漫游。通过LSW、AR路由器和AC控制器的配置，确保员工在不同子网间移动时业务不受影响，同时设置了静态IP和DHCP服务，以及智能漫游和安全策略。

摘要由CSDN通过智能技术生成

实验拓扑

拓扑下载

业务需求

企业用户通过WLAN接入网络，以满足移动办公的最基本需求。为了区分部门进行管理，不同部门的员工在不同的子网。且在覆盖区域内移动发生漫游时，不影响用户的业务使用。

LSW3

设置对应的vlan通过就行了，我们这里使用101和100的vlan

sys
#
 sysname Switch_1
#
 vlan batch 100 to 101
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 101
 #
return

LSW4

设置对应的vlan通过就行了，我们这里使用102和200的vlan

sys
#
 sysname Switch_2
#
 vlan batch 102 200
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 200
 port trunk allow-pass vlan 102 200
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 102 200
 #
return

AR1

sys
#
 sysname Router
#
interface GigabitEthernet0/0/1
 ip address 10.23.100.2 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 10.23.200.2 255.255.255.0
q
ip route-static 0.0.0.0 0 30.30.30.1
ip route-static 10.23.101.0 24 10.23.100.1
ip route-static 10.23.102.0 24 10.23.200.1
int g0/0/0
ip add 30.30.30.2 24
q
acl num 2000
rule per sou any
q
int g0/0/0
nat out 2000
!

AR2（用于模拟外网）

sys
sysn ar2
int g0/0/0
ip add 30.30.30.1 24
q
int loo 0
ip add 1.1.1.1 32
q

AC1

后续的操作需要等待ap上线后，前提是两端ac使用静态地址配通后，才可以实现跨ac的三层漫游，当然你使用其它的动态链路协议也可以，bgp,ospf都行，两端ac可以通讯就行了

sys
#
sysname AC_1
#
vlan batch 100 to 102
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
dhcp ser ex 10.23.100.2
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type acc
 port d v 100
#
ip route-static 10.23.200.0 255.255.255.0 10.23.100.2 
ip route-static 0.0.0.0 0 10.23.100.2
#
capwap source interface vlanif100
#
wlan
ap auth no   //这里一定要等待ap上线后才可以进行后续的操作
regulatory-domain-profile name guojia
country-code CN
ap-group name 101
regulatory-domain-profile guojia 
y
q
ap-id 0
ap-group 101
y
q
ssid-profile name wifiname
 ssid erceng
 security-profile name passwd
security wpa2 psk pass-phrase 12345678 aes
y

 vap-profile name 101
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile wifiname
  security-profile passwd
rrm-profile name rrm
  smart-roam enable
  smart-roam roam-threshold check-snr check-rate
  smart-roam roam-threshold snr 30
  smart-roam roam-threshold rate 30

radio-2g-profile name 2g
  rrm-profile rrm
 radio-5g-profile name 5g
  rrm-profile rrm
ap-group name 101
  radio 0
   radio-2g-profile 2g
y
   vap-profile 101 wlan 1
  radio 1
   radio-5g-profile 5g
y
vap-profile 101 wlan 1
！  
 mobility-group name mobility    //主要靠这个ac漫游组
  member ip-address 10.23.100.1
  member ip-address 10.23.200.1  ac给ap上线分配地址的网关
q

AC2

后续的操作需要等待ap上线后，前提是两端ac使用静态地址配通后，才可以实现跨ac的三层漫游，当然你使用其它的动态链路协议也可以，bgp,ospf都行，两端ac可以通讯就行了

sys
#
sysname AC_2
#
vlan batch 101 to 102 200
#
dhcp enable
#
interface Vlanif200
 ip address 10.23.200.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
dhcp ser ex 10.23.200.2
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 102 200 
#
interface GigabitEthernet0/0/2
 port link-type acc
 port def vlan 200
#
ip route-static 10.23.100.0 255.255.255.0 10.23.200.2 
ip route-static 0.0.0.0 0 10.23.200.2
#
capwap source interface vlanif200
#
wlan
ap auth no
regulatory-domain-profile name guojia
country-code CN
ap-group name 102
regulatory-domain-profile guojia 
y
q
ap-id 0
ap-group 102
y
q
ssid-profile name wifiname
 ssid erceng
 security-profile name passwd
security wpa2 psk pass-phrase 12345678 aes
y

 vap-profile name 102
  forward-mode tunnel
  service-vlan vlan-id 102
  ssid-profile wifiname
  security-profile passwd
rrm-profile name rrm
  smart-roam enable
  smart-roam roam-threshold check-snr check-rate
  smart-roam roam-threshold snr 30
  smart-roam roam-threshold rate 30

radio-2g-profile name 2g
  rrm-profile rrm
 radio-5g-profile name 5g
  rrm-profile rrm
ap-group name 102
  radio 0
   radio-2g-profile 2g
y
   vap-profile 102 wlan 1
  radio 1
   radio-5g-profile 5g
y
vap-profile 102 wlan 1
！
 mobility-group name mobility   //主要就是靠这个ac漫游组来配置的
  member ip-address 10.23.100.1   //ac给ap上线分配地址的网关
  member ip-address 10.23.200.1
q

主要就是配置漫游组前提两台ac可以互相通讯

 mobility-group name mobility   //主要就是靠这个ac漫游组来配置的
  member ip-address 10.23.100.1   //ac给ap上线分配地址的网关
  member ip-address 10.23.200.1

最终效果，这里我们ping外网进行测试，wifi密码12345678

月夜行舟

关注

8
点赞
踩
62

收藏

觉得还不错? 一键收藏
打赏
4
评论
华为无线ensp跨ac三层漫游

ac跨三层漫游，非常实用的技术，可以复制粘贴来使用，提供ensp的topo文件，可以
复制链接

扫一扫

专栏目录