要想配置无线,先看懂摸板逻辑关系
关于模板的详细可以看华为官网,也可以参考https://blog.csdn.net/seaship/article/details/86165045
AC业务摸板配置
华为下的AC配置,开启Dhcp,用vlan pool形式部署便于多无线vlan拓展
vlan pool Test
vlan 2021 to 2022
interface Vlanif1250
description GuanLi
ip address 192.168.250.1 255.255.255.0
#
interface Vlanif2021
ip address 172.16.21.1 255.255.255.0
dhcp select interface
dhcp server dns-list 202.96.128.86 114.114.114.114
#
interface Vlanif2022
ip address 172.16.22.1 255.255.255.0
dhcp select interface
dhcp server dns-list 202.96.128.86 114.114.114.114
#
interface Vlanif2000
description WX_Mgt
ip address 172.16.100.1 255.255.255.0
dhcp select interface
AC到poe的下联接口配置,这里以vlan2000为AP管理网段
interface GigabitEthernet5/1/4
description LINK-2F-POE
port link-type trunk
port trunk allow-pass vlan 1012 1051 1250 2000 2011 to 2012 2021 to 2022
POE的配置
vlan batch 1250 2000 2021 to 2022
aaa
local-user admin password irreversible-cipher xxxxxx
local-user admin privilege level 15
local-user admin service-type terminal ssh http
#
interface Vlanif1250
ip address 192.168.250.22 255.255.255.0
POE下联AP的配置,pvid 2000是为了剥离2000VLAN标签,成为终端接受的原始数据,释放管理Ip
interface GigabitEthernet0/0/5
description LINK-AP2-10
port link-type trunk
port trunk pvid vlan 2000
port trunk allow-pass vlan 2000 2011 to 2012 2021 to 2022
POE上联核心
interface GigabitEthernet0/0/28
description UPLINK-SW-CORE
port link-type trunk
port trunk allow-pass vlan 1012 1051 1250 2000 2011 to 2012 2021 to 2022
基本网络配通,这里就可以把AP连接POE,AC就能读到AP了
然后配置射频管理的国家码,配置SSID模板(wifi名字),安全模板(wifi密码),认证模板(802.1x或者portal+ radius)
配置VAP模板,VAP模板调用ssid ,安全模板等
配置AP组,将AP加入相应的AP组,AP组调用VAP模板,射频模板
这里只是粗略不严谨的说法,便于看懂
< Home
配置不同业务VLAN的AP间快速漫游功能示例
组网图形
图1 配置不同业务VLAN的AP间快速漫游组网图
-
配置流程
WLAN不同的特性和功能需要在不同类型的模板下进行配置和维护,这些模板统称为WLAN模板,如域管理模板、射频模板、VAP模板、AP系统模板、AP有线口模板、WIDS模板、WDS模板、Mesh模板。当用户在配置WLAN业务功能时,需要在对应功能的WLAN模板中进行参数配置,配置完成后,须将此模板引用到AP组或AP中,配置才会自动下发到AP,进而配置的功能在AP上生效。由于模板之间是存在相互引用关系的,因此在用户配置过程中,需要先了解各个模板之间存在的逻辑关系。模板的逻辑关系和基本配置流程请参见WLAN业务配置流程。
组网需求
如图1所示,某园区网部署两台AP,分别为两个部门的员工提供WLAN接入服务,通过AC集中管理和控制。AC为AP和STA动态分配IP地址。两个部门的用户分属于不同VLAN,即AP1和AP2采用不同的业务VLAN,分别为101和102。用户采用的安全策略为WPA2+802.1X+AES,数据转发模式为隧道转发。
用户希望STA从AP1的无线信号覆盖区域移动到AP2的无线信号覆盖区域时业务不会中断。
配置思路
采用如下的思路配置不同业务VLAN的AP间快速漫游:
- 用户采用的安全策略为WPA2+802.1X+AES,需要进行接入认证,漫游切换时间较长。因此,通过配置同一业务VLAN的AP间快速漫游,实现用户在漫游过程中业务不中断。
- 配置网络互通,使AP与AC之间能够传输CAPWAP报文。
- 配置AC作为DHCP服务器,为STA和AP分配IP地址。
- 配置WLAN基本业务,保证用户能够连接到无线网络。
| 配置项 | 数据 |
|---|---|
| DHCP服务器 | AC作为DHCP服务器为STA和AP分配IP地址 |
| AP的IP地址池 | 10.23.100.2~10.23.100.254/24 |
| STA的IP地址池 | 10.23.101.2~10.23.101.254/24 10.23.102.2~10.23.102.254/24 |
| AC的源接口IP地址 | VLANIF100:10.23.100.1/24 |
| RADIUS认证参数 |
|
| STA的用户名和密码 |
|
| 802.1X接入模板 |
|
| 认证模板 |
|
| AP组 |
|
| |
| 域管理模板 |
|
| SSID模板 |
|
| 安全模板 |
|
| VAP模板 |
|
|
配置注意事项
- 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。
- 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
- 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。
-
建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
-
隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。
操作步骤
- 在AC上配置NAC模式为统一模式,以保证用户能够正常接入网络
<HUAWEI> system-view [HUAWEI] authentication unified-mode 说明:如果当前NAC模式为传统模式,则配置NAC模式为统一模式后,需要保存配置并重启设备后生效。
- 配置Switch_A和AC,使AP与AC之间能够传输CAPWAP报文
# 配置Switch_A的接口GE0/0/1~GE0/0/3都加入VLAN100(管理VLAN)。
<HUAWEI> system-view [HUAWEI] sysname Switch_A [Switch_A] vlan batch 100 [Switch_A] interface gigabitethernet 0/0/1 [Switch_A-GigabitEthernet0/0/1] port link-type trunk [Switch_A-GigabitEthernet0/0/1] port trunk pvid vlan 100 [Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch_A-GigabitEthernet0/0/1] port-isolate enable [Switch_A-GigabitEthernet0/0/1] quit [Switch_A] interface gigabitethernet 0/0/2 [Switch_A-GigabitEthernet0/0/2] port link-type trunk [Switch_A-GigabitEthernet0/0/2] port trunk pvid vlan 100 [Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [Switch_A-GigabitEthernet0/0/2] port-isolate enable [Switch_A-GigabitEthernet0/0/2] quit [Switch_A] interface gigabitethernet 0/0/3 [Switch_A-GigabitEthernet0/0/3] port link-type trunk [Switch_A-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 [Switch_A-GigabitEthernet0/0/3] quit# 配置AC连接Switch_A的接口GE1/0/1加入VLAN100。
<HUAWEI> system-view [HUAWEI] sysname AC [AC] vlan batch 100 [AC] interface gigabitethernet 1/0/1 [AC-GigabitEthernet1/0/1] port link-type trunk [AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [AC-GigabitEthernet1/0/1] quit - 配置AC与上层网络设备互通
# 配置AC上行接口GE1/0/3加入VLAN101和VLAN102并配置AC连接RADIUS服务器的接口GE1/0/4加入VLAN103。
[AC] vlan batch 101 to 103 [AC] interface gigabitethernet 1/0/3 [AC-GigabitEthernet1/0/3] port link-type trunk [AC-GigabitEthernet1/0/3] port trunk allow-pass vlan 101 102 [AC-GigabitEthernet1/0/3] quit [AC] interface gigabitethernet 1/0/4 [AC-GigabitEthernet1/0/4] port link-type trunk [AC-GigabitEthernet1/0/4] port trunk pvid vlan 103 [AC-GigabitEthernet1/0/4] port trunk allow-pass vlan 103 [AC-GigabitEthernet1/0/4] quit - 配置AC作为DHCP服务器,为STA和AP分配IP地址。配置VLANIF103,使AC和RADIUS服务器之间能够通信
# 配置基于接口地址池的DHCP服务器,其中,VLANIF100接口为AP1和AP2提供IP地址,VLANIF101为AP1下的STA提供IP地址,VLANIF102为AP2下的STA提供IP地址。说明: DNS服务器地址请根据实际需要配置。常用配置方法如下:
- 接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
- 全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
[AC] dhcp enable [AC] interface vlanif 100 [AC-Vlanif100] ip address 10.23.100.1 24 [AC-Vlanif100] dhcp select interface [AC-Vlanif100] quit [AC] interface vlanif 101 [AC-Vlanif101] ip address 10.23.101.1 24 [AC-Vlanif101] dhcp select interface [AC-Vlanif101] quit [AC] interface vlanif 102 [AC-Vlanif102] ip address 10.23.102.1 24 [AC-Vlanif102] dhcp select interface [AC-Vlanif102] quit# 配置VLANIF103。
[AC] interface vlanif 103 [AC-Vlanif103] ip address 10.23.103.2 24 [AC-Vlanif103] quit - 配置RADIUS认证参数
说明:
请确保AC与RADIUS服务器的共享密钥相同。
# 创建RADIUS服务器模板。
[AC] radius-server template radius_huawei [AC-radius-radius_huawei] radius-server authentication 10.23.103.1 1812 [AC-radius-radius_huawei] radius-server shared-key cipher huawei@123 [AC-radius-radius_huawei] quit# 创建RADIUS方式的认证方案。
[AC] aaa [AC-aaa] authentication-scheme radius_huawei [AC-aaa-authen-radius_huawei] authentication-mode radius [AC-aaa-authen-radius_huawei] quit# 创建AAA域并配置域的RADIUS服务器模板和认证方案。
[AC-aaa] domain huawei.com [AC-aaa-domain-huawei.com] radius-server radius_huawei [AC-aaa-domain-huawei.com] authentication-scheme radius_huawei [AC-aaa-domain-huawei.com] quit [AC-aaa] quit 说明:配置了域“huawei.com”后,认证用户名后面需要加上域名。
# 测试用户是否能够通过RADIUS模板的认证。(已在RADIUS服务器上配置了测试用户test@huawei.com,用户密码123456)
[AC] test-aaa test@huawei.com 123456 radius-template radius_huawei Info: Account test succeed. - 配置802.1X接入模板,管理802.1X接入控制参数
# 创建名为“wlan-dot1x”的802.1X接入模板。
[AC] dot1x-access-profile name wlan-dot1x# 配置认证方式为EAP中继模式。
[AC-dot1x-access-profile-wlan-dot1x] dot1x authentication-method eap [AC-dot1x-access-profile-wlan-dot1x] quit - 创建名为“wlan-authentication”的认证模板,绑定802.1X接入模板,并配置用户强制域
[AC] authentication-profile name wlan-authentication [AC-authen-profile-wlan-authentication] dot1x-access-profile wlan-dot1x [AC-authen-profile-wlan-authentication] access-domain huawei.com dot1x force [AC-authen-profile-wlan-authentication] quit - 配置AP上线
# 创建AP组,用于将相同配置的AP都加入同一AP组中。
[AC] wlan [AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view] ap-group name ap-group2 [AC-wlan-ap-group-ap-group2] quit# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
# 配置AC的源接口。[AC-wlan-view] regulatory-domain-profile name domain1 [AC-wlan-regulate-domain-domain1] country-code cn [AC-wlan-regulate-domain-domain1] quit [AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view] ap-group name ap-group2 [AC-wlan-ap-group-ap-group2] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-ap-group2] quit [AC-wlan-view] quit
# 在AC上离线导入AP1和AP2,并将AP1和AP2分别加入AP组“ap-group1”和“ap-group2”中。假设AP的MAC地址为60de-4476-e360和60de-4474-9640,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60de-4476-e360的AP部署在1号区域,命名此AP为area_1。[AC] capwap source interface vlanif 100 - 说明:
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth命令。
举例中使用的AP为AP6010DN-AGN,具有射频0和射频1两个射频。AP6010DN-AGN的射频0为2.4GHz射频,射频1为5GHz射频。
[AC] wlan [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360 [AC-wlan-ap-0] ap-name area_1 [AC-wlan-ap-0] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-0] quit [AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640 [AC-wlan-ap-1] ap-name area_2 [AC-wlan-ap-1] ap-group ap-group2 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-1] quit# 将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。
[AC-wlan-view] display ap all Total AP information: nor : normal [2] -------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime -------------------------------------------------------------------------------- 0 60de-4476-e360 area_1 ap-group1 10.23.100.254 AP6010DN-AGN nor 0 5M:2S 1 60de-4474-9640 area_2 ap-group2 10.23.100.253 AP6010DN-AGN nor 0 5M:4S -------------------------------------------------------------------------------- Total: 2 - 配置WLAN业务参数
# 创建名为“wlan-security”的安全模板,并配置安全策略。
[AC-wlan-view] security-profile name wlan-security [AC-wlan-sec-prof-wlan-security] security wpa2 dot1x aes [AC-wlan-sec-prof-wlan-security] quit# 创建名为“wlan-ssid”的SSID模板,并配置SSID名称为“wlan-net”。
[AC-wlan-view] ssid-profile name wlan-ssid [AC-wlan-ssid-prof-wlan-ssid] ssid wlan-net [AC-wlan-ssid-prof-wlan-ssid] quit# 分别创建名为“wlan-vap1”和“wlan-vap2”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板、SSID模板和认证模板。
[AC-wlan-view] vap-profile name wlan-vap1 [AC-wlan-vap-prof-wlan-vap1] forward-mode tunnel [AC-wlan-vap-prof-wlan-vap1] service-vlan vlan-id 101 [AC-wlan-vap-prof-wlan-vap1] security-profile wlan-security [AC-wlan-vap-prof-wlan-vap1] authentication-profile wlan-authentication [AC-wlan-vap-prof-wlan-vap1] ssid-profile wlan-ssid [AC-wlan-vap-prof-wlan-vap1] quit [AC-wlan-view] vap-profile name wlan-vap2 [AC-wlan-vap-prof-wlan-vap2] forward-mode tunnel [AC-wlan-vap-prof-wlan-vap2] service-vlan vlan-id 102 [AC-wlan-vap-prof-wlan-vap2] security-profile wlan-security [AC-wlan-vap-prof-wlan-vap2] authentication-profile wlan-authentication [AC-wlan-vap-prof-wlan-vap2] ssid-profile wlan-ssid [AC-wlan-vap-prof-wlan-vap2] quit# 配置AP组“ap-group1”和“ap-group2”分别引用VAP模板“wlan-vap1”和“wlan-vap2”,AP上射频0和射频1都使用VAP模板的配置。
[AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 0 [AC-wlan-ap-group-ap-group1] vap-profile wlan-vap1 wlan 1 radio 1 [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view] ap-group name ap-group2 [AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 0 [AC-wlan-ap-group-ap-group2] vap-profile wlan-vap2 wlan 1 radio 1 [AC-wlan-ap-group-ap-group2] quit - 配置AP射频的信道和功率
说明:
举例中AP射频的信道和功率仅为示例,实际配置中请根据AP的国家码和网规结果进行配置。
# 关闭射频的信道和功率自动调优功能。
射频的信道和功率自动调优功能默认开启,如果不关闭此功能则会导致手动配置不生效。
# 配置AP射频0的信道和功率。[AC-wlan-view] rrm-profile name default [AC-wlan-rrm-prof-default] calibrate auto-channel-select disable [AC-wlan-rrm-prof-default] calibrate auto-txpower-select disable [AC-wlan-rrm-prof-default] quit
# 配置AP射频1的信道和功率。[AC-wlan-view] ap-id 0 [AC-wlan-ap-0] radio 0 [AC-wlan-radio-0/0] channel 20mhz 6 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-0/0] eirp 127 [AC-wlan-radio-0/0] quit[AC-wlan-ap-0] radio 1 [AC-wlan-radio-0/1] channel 20mhz 149 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-0/1] eirp 127 [AC-wlan-radio-0/1] quit [AC-wlan-ap-0] quit - 提交配置
[AC-wlan-view] commit all Warning: Committing configuration may cause service interruption, continue?[Y/N]:y - 验证配置结果
完成配置后,用户可通过无线终端搜索到SSID为wlan-net的无线网络。用户在STA上使用802.1X客户端进行认证,输入正确的用户名和密码,STA认证成功后,可以正常访问Internet上的资源。需要根据设置的认证方式(peap)对客户端进行相应的配置。-
WINDOWS XP系统下的配置
- 首先在无线网络属性中,添加SSID为wlan-net,并选择认证方式为WPA2,加密方式为CCMP使用的算法AES。
- 在“验证”选项卡中,选择EAP类型为PEAP,单击“属性”,去掉验证服务器证书选项(此处不验证服务器证书),单击“配置”,去掉自动使用Windows登录名和密码选项,然后单击“确定”。
-
WINDOWS 7系统下的配置
- 进入管理无线网络页面,单击“添加”,选择“手动创建网络配置文件”,添加SSID为wlan-net,并选择认证方式为WPA2-企业,加密使用的算法AES,单击“下一步”。
- 单击“更改连接设置”,进入“无线网络属性”界面,选择“安全”页签,单击“设置”,取消勾选“验证服务器证书”(此处不验证服务器证书),单击“配置”,取消勾选“自动使用Windows登录名和密码”,单击“确定”。
- 单击“确定”,返回“无线网络属性”界面,单击“高级设置”,在“高级设置”界面,勾选“指定身份验证模式”,并选择身份验证模式为“用户身份验证”,单击“确定”。
当STA从AP1的覆盖范围移动到AP2的覆盖范围时,在AC上执行命令display station ssid wlan-net,查看STA的接入信息,可以看到STA关联到了AP2。[AC-wlan-view] display station ssid wlan-net Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) --------------------------------------------------------------------------------- STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address --------------------------------------------------------------------------------- e019-1dc7-1e08 0 area_1 1/1 5G 11n 38/64 -68 101 10.23.101.254 --------------------------------------------------------------------------------- Total: 1 2.4G: 0 5G: 1
在AC上执行命令display station roam-track sta-mac e019-1dc7-1e08,可以查看该STA的漫游轨迹。[AC-wlan-view] display station ssid wlan-net Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ---------------------------------------------------------------------------------------- STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ---------------------------------------------------------------------------------------- e019-1dc7-1e08 1 area_2 1/1 5G 11n 46/59 -58 101 10.23.101.254 ---------------------------------------------------------------------------------------- Total: 1 2.4G: 0 5G: 1[AC-wlan-view] display station roam-track sta-mac e019-1dc7-1e08 Access SSID:huawei Rx/Tx:link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------ L2/L3 AC IP AP name Radio ID BSSID TIME In/Out RSSI Out Rx/Tx ------------------------------------------------------------------------------ -- 10.23.100.1 area_1 0 60de-4476-e360 2015/02/07 17:48:30 -51/-48 46/13 L2 10.23.100.1 area_2 0 60de-4474-9640 2015/02/07 17:54:50 -58/- -/- ------------------------------------------------------------------------------ Number: 1 -
配置文件
-
接入交换机的配置文件
# sysname Switch_A # vlan batch 100 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 port-isolate enable group 1 # interface GigabitEthernet0/0/2 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 port-isolate enable group 1 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 100 # return -
AC的配置文件
# sysname AC # vlan batch 100 to 103 # authentication-profile name wlan-authentication dot1x-access-profile wlan-dot1x access-domain huawei.com dot1x force # dhcp enable # radius-server template radius_huawei radius-server shared-key cipher %^%#*7d1;XNof/|Q0:DsP!,W51DIYPx}`AARBdJ'0B^$%^%# radius-server authentication 10.23.103.1 1812 weight 80 # aaa authentication-scheme radius_huawei authentication-mode radius domain huawei.com authentication-scheme radius_huawei radius-server radius_huawei # interface Vlanif100 ip address 10.23.100.1 255.255.255.0 dhcp select interface # interface Vlanif101 ip address 10.23.101.1 255.255.255.0 dhcp select interface # interface Vlanif102 ip address 10.23.102.1 255.255.255.0 dhcp select interface # interface Vlanif103 ip address 10.23.103.2 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/3 port link-type trunk port trunk allow-pass vlan 101 to 102 # interface GigabitEthernet1/0/4 port link-type trunk port trunk pvid vlan 103 port trunk allow-pass vlan 103 # capwap source interface vlanif100 # wlan security-profile name wlan-security security wpa2 dot1x aes ssid-profile name wlan-ssid ssid wlan-net vap-profile name wlan-vap1 forward-mode tunnel service-vlan vlan-id 101 ssid-profile wlan-ssid security-profile wlan-security authentication-profile wlan-authentication vap-profile name wlan-vap2 forward-mode tunnel service-vlan vlan-id 102 ssid-profile wlan-ssid security-profile wlan-security authentication-profile wlan-authentication regulatory-domain-profile name domain1 rrm-profile name default calibrate auto-channel-select disable calibrate auto-txpower-select disable ap-group name ap-group1 regulatory-domain-profile domain1 radio 0 vap-profile wlan-vap1 wlan 1 radio 1 vap-profile wlan-vap1 wlan 1 ap-group name ap-group2 regulatory-domain-profile domain1 radio 0 vap-profile wlan-vap2 wlan 1 radio 1 vap-profile wlan-vap2 wlan 1 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 radio 0 channel 20mhz 6 eirp 127 radio 1 channel 20mhz 149 eirp 127 ap-id 1 type-id 19 ap-mac 60de-4474-9640 ap-sn 210235554710CB000078 ap-name area_2 ap-group ap-group2 # dot1x-access-profile name wlan-dot1x # return
父主题: 配置举例
版权所有 © 华为技术有限公司
版权所有 © 华为技术有限公司
< 上一节
1896
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
