华为无线配置笔记
实验截图:业务vlan10,管理vlan100,两个ssid一个2.4一个5。
1、配置交换机,
创建对应vlan,设置连接ap的端口为trunk并设置本征vlan为管理vlan100
# 1、配置交换机,创建对应vlan,设置连接ap的端口为trunk并设置本征vlan为管理vlan100
[sw1]vlan batch 10 20 100
[sw1]undo info-center enable
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/1]q
[sw1]int g0/0/2
[sw1-GigabitEthernet0/0/2]port link-type trunk
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[sw1-GigabitEthernet0/0/2]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw1-GigabitEthernet0/0/3]port trunk pvid vlan 100
[sw1-GigabitEthernet0/0/3]q
# 脚本
vlan batch 10 20 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 2 to 4094
#
2、AC上创建对应vlan,并设置vlanif,创建dhcp地址池并开启对应的dhcp服务
# 2、AC上创建对应vlan,并设置vlanif,创建dhcp地址池并开启对应的dhcp服务
# vlan100是管理vlan为ap提供服务
# vlan10是业务vlan为sta提供服务
[AC]vlan batch 10 20 100
[AC]int g0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC-GigabitEthernet0/0/1]q
[AC]int g0/0/2
[AC-GigabitEthernet0/0/2]port link-type access
[AC-GigabitEthernet0/0/2]port default vlan 20
[AC-GigabitEthernet0/0/2]stp edged-port enable
[AC-GigabitEthernet0/0/2]q
# 设置管理vlan的dhcp地址池,并在对应的vlanif接口设置IP地址并开启dhcp全局服务
[AC]dhcp enable
[AC]ip pool ap100
[AC-ip-pool-ap100]network 100.1.1.0 mask 24
[AC-ip-pool-ap100]gateway-list 100.1.1.100
[AC-ip-pool-ap100]dns-list 100.1.1.100
[AC-ip-pool-ap100]domain-name jier.com
[AC-ip-pool-ap100]option 43 sub-option 2 ip-address 100.1.1.100 # 设置option43 2 指定AC的地址这两个选一个就形
[AC-ip-pool-ap100]option 43 sub-option 3 ascii 100.1.1.100 # 设置option43 3 都是指定AC的地址,2和3选一个就行
[AC-ip-pool-ap100]q
[AC]int Vlanif 100
[AC-Vlanif100]ip address 100.1.1.100 24
[AC-Vlanif100]dhcp select global
[AC-Vlanif100]q
# 设置业务vlan的dhcp地址池,设置对应的vlanif接口地址并开启dhcp全局服务
[AC]ip pool user10
[AC-ip-pool-user10]network 10.1.1.0 mask 24
[AC-ip-pool-user10]gateway-list 10.1.1.100
[AC-ip-pool-user10]dns-list 10.1.1.100
[AC-ip-pool-user10]domain-name jier.com
[AC-ip-pool-user10]q
[AC]int Vlanif 10
[AC-Vlanif10]ip address 10.1.1.100 24
[AC-Vlanif10]dhcp select global
[AC-Vlanif10]q
# 设置连接pc的vlanif接口ip
[AC]int Vlanif 20
[AC-Vlanif20]ip address 20.1.1.100 24
[AC-Vlanif20]q
# 脚本
vlan batch 10 20 100
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
stp edged-port enable
q
dhcp enable
ip pool ap100
gateway-list 100.1.1.100
network 100.1.1.0 mask 255.255.255.0
dns-list 100.1.1.100
domain-name jier.com
option 43 sub-option 2 ip-address 100.1.1.100
option 43 sub-option 3 ascii 100.1.1.100
q
interface Vlanif100
ip address 100.1.1.100 255.255.255.0
dhcp select global
q
ip pool user10
gateway-list 10.1.1.100
network 10.1.1.0 mask 255.255.255.0
dns-list 10.1.1.100
domain-name jier.com
q
interface Vlanif10
ip address 10.1.1.100 255.255.255.0
dhcp select global
q
interface Vlanif20
ip address 20.1.1.100 255.255.255.0
q
#
3、指定capwap隧道的源接口为vlanif100
# 3、指定capwap隧道的源接口为vlanif100
[AC]capwap source ip-address 100.1.1.100 # 指定capwap隧道的源地址
[AC]capwap source interface Vlanif 100 # 指定capwap隧道的源接口,两个选一个设置就像
# 脚本
capwap source ip-address 100.1.1.100
capwap source interface vlanif100
#
4、进入wlan视图,通过Mac绑定ap设备,为ap指定ap-id,设置ap组
# 4、进入wlan视图,通过Mac绑定ap设备,为ap指定ap-id,设置ap组
[AC]wlan # 进入wlan视图
[AC-wlan-view]ap-group name apg01 # 创建ap组apg01
[AC-wlan-ap-group-apg01]q
[AC-wlan-view]ap-group name apg02 # 创建ap组apg02
[AC-wlan-ap-group-apg02]q
[AC-wlan-view]ap auth-mode mac-auth # 设置ap的认证模式为mac地址认证
[AC-wlan-view]ap-mac 00e0-fc46-5320 ap-id 0 # 绑定ap的mac地址设置ap的id,并进入ap-id视图
[AC-wlan-ap-0]ap-name ap0 # 设置ap的名字
[AC-wlan-ap-0]ap-group apg01 # 设置ap所在的ap组
[AC-wlan-ap-0]q
[AC-wlan-view]ap-mac 00e0-fc01-56c0 ap-id 1 # 绑定另一个ap
[AC-wlan-ap-1]ap-name ap1
[AC-wlan-ap-1]ap-group apg02
[AC-wlan-ap-1]q
[AC-wlan-view]q
[AC]dis ap all # 查看全部安排是否上线
# 脚本
wlan
ap-group name apg01
q
ap-group name apg02
q
ap auth-mode mac-auth
ap-mac 00e0-fc46-5320 ap-id 0
ap-name ap0
ap-group apg01
**手工输入y
ap-mac 00e0-fc01-56c0 ap-id 1
ap-name ap1
ap-group apg02
**手工输入y
#
5、创建ssid模板,security安全模板,vap虚拟接入点模板,并在ap组中调用vap模板开启无线信号
# 5、创建ssid模板,security安全模板,vap虚拟接入点模板,并在ap组中调用vap模板开启无线信号
[AC]wlan
[AC-wlan-view]ssid-profile name s01 # 创建一个2.4G的ssid模板
[AC-wlan-ssid-prof-s01]ssid s01wifi # 设置ssid名称,就是无线的名称
[AC-wlan-ssid-prof-s01]q
[AC-wlan-view]ssid-profile name s02 # 在创建一个5G的ssid
[AC-wlan-ssid-prof-s02]ssid s02wifi
[AC-wlan-ssid-prof-s02]q
[AC-wlan-view]security-profile name wpa2 # 创建加密密钥
[AC-wlan-sec-prof-wpa2]security wpa2 psk pass-phrase 12345678 aes
[AC-wlan-sec-prof-wpa2]q
[AC-wlan-view]vap-profile name vap01 # 创建虚拟接入点模板,并绑定对应的ssid模板、安全模板、和业务vlan,转发模式
[AC-wlan-vap-prof-vap01]ssid-profile s01
[AC-wlan-vap-prof-vap01]security-profile wpa2
[AC-wlan-vap-prof-vap01]service-vlan vlan-id 10
[AC-wlan-vap-prof-vap01]forward-mode direct-forward
[AC-wlan-vap-prof-vap01]q
[AC-wlan-view]vap-profile name vap02
[AC-wlan-vap-prof-vap02]ssid-profile s02
[AC-wlan-vap-prof-vap02]security-profile wpa2
[AC-wlan-vap-prof-vap02]service-vlan vlan-id 10
[AC-wlan-vap-prof-vap02]forward-mode direct-forward
[AC-wlan-vap-prof-vap02]q
[AC-wlan-view]ap-group name apg01 # 进入对应的ap组中,调用vap模板发射无线信号,radio 0是2.4G
[AC-wlan-ap-group-apg01]vap-profile vap01 wlan 1 radio 0
[AC-wlan-ap-group-apg01]q
[AC-wlan-view]ap-group name apg02 # radio 1是5G
[AC-wlan-ap-group-apg02]vap-profile vap02 wlan 1 radio 1
[AC-wlan-ap-group-apg02]q
# 脚本
wlan
ssid-profile name s01
ssid s01wifi
q
ssid-profile name s02
ssid s02wifi
q
security-profile name wpa2
security wpa2 psk pass-phrase 12345678 aes
**手动输入y
vap-profile name vap01
service-vlan vlan-id 10
ssid-profile s01
security-profile wpa2
q
vap-profile name vap02
service-vlan vlan-id 10
ssid-profile s02
security-profile wpa2
q
ap-group name apg01
vap-profile vap01 wlan 1 radio 0
q
ap-group name apg02
vap-profile vap02 wlan 1 radio 1
q
#
[AC6605]wlan
# 设置ap的认证模式为Mac地址认证
[AC6605-wlan-view]ap auth-mode mac-auth
# 绑定ap的Mac地址并设置ap-id
[AC6605-wlan-view]ap-mac 00e0-fc46-5320 ap-id 0
# 设置ap的名字
[AC6605-wlan-ap-0]ap-name ap0
[AC6605-wlan-ap-0]q
# 继续绑定第二个ap并设置ap-id和名字
[AC6605-wlan-view]ap-mac 00e0-fc01-56c0 ap-id 1
[AC6605-wlan-ap-1]ap-name ap1
[AC6605-wlan-ap-1]q
# 创建ap组
[AC6605-wlan-view]ap-group name apg01
[AC6605-wlan-ap-group-apg01]q
# 进入ap-id 0,并设置ap-id 0所在的ap组
[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-group apg01
[AC6605-wlan-ap-0]q
# 进入ap-id 1,并设置ap-id 1所在的ap组
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-group apg01
[AC6605-wlan-ap-1]q
[AC6605]dis ap all # 查看ap信息
# 5、创建ssid模板,security安全模板,vap虚拟接入点模板,并在ap组中调用vap模板开启无线信号
[AC6605]wlan
# 设置ssid目标,设置ssid名称
[AC6605-wlan-view]ssid-profile name s01
[AC6605-wlan-ssid-prof-s01]ssid s01wifi
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-ssid-prof-s01]q
# 设置安全模板,设置安全认证方式
[AC6605-wlan-view]security-profile name wpa2
[AC6605-wlan-sec-prof-wpa2]security wpa2 psk pass-phrase 12345678 aes
[AC6605-wlan-sec-prof-wpa2]q
# 设置虚拟接入点模板
[AC6605-wlan-view]vap-profile name vap01
[AC6605-wlan-vap-prof-vap01]ssid-profile s01
[AC6605-wlan-vap-prof-vap01]security-profile wpa2
[AC6605-wlan-vap-prof-vap01]service-vlan vlan-id 10 # 设置业务vlan
[AC6605-wlan-vap-prof-vap01]forward-mode direct-forward
[AC6605-wlan-vap-prof-vap01]q
# 进入ap组调用vap模板,设置开启的无线信号
[AC6605-wlan-view]ap-group name apg01
[AC6605-wlan-ap-group-apg01]vap-profile vap01 wlan 1 radio 0 # 开启2.4G
[AC6605-wlan-ap-group-apg01]vap-profile vap01 wlan 1 radio 1 # 开启5G
[AC6605-wlan-ap-group-apg01]vap-profile vap01 wlan 1 radio all # 全部开启
[AC6605-wlan-ap-group-apg01]q
6、开启AC的web管理界面,配置管理接口地址
# 开启AC的web管理界面,配置管理接口地址
# 脚本
http secure-server enable
vlan 99
q
int Vlanif 99
ip address 192.168.100.100 24
q
int g0/0/3
port link-type access
port default vlan 99
q
进入web管理界面
https://192.168.100.100/view/login.html
用户名:admin
密码默认:admin@huawei.com
登陆后会要求修改密码,修改为huawei@123
设置AC的管理vlan
手动绑定ap
设置ssid