华为AC旁路+核心交换机启DHCP服务器+双ssid使用不同vlan

拓扑图

一、R1配置

<Huawei>system-view  //进入视图模式

[Huawei]sysname R1   //命名为R1

[R1]interface GigabitEthernet 0/0/0    //进入0/0/0接口 （路由器直接可以在端口上配置ip）
[R1-GigabitEthernet0/0/0]ip address 200.200.200.200 24   //配置ip地址

[R1-GigabitEthernet0/0/0]quit    //退出

[R1]ip route-static 0.0.0.0 0 200.200.200.1   // 配置静态路由

二、核心交换机SW1配置

配置vlan 100  172  173  192  200

<Huawei>system-view
[Huawei]sysname SW1
[SW1]undo info-center enable

[SW1]vlan batch 100 172 173 192 200                   创建vlan

[SW1]int Vlanif 100 
[SW1-Vlanif100]ip address 100.100.100.1 24             分别配置vlanif IP地址

[SW1]int Vlanif 172  
[SW1-Vlanif100]ip address 172.16.10.254 24

[SW1]int Vlanif 173  
[SW1-Vlanif100]ip address 172.16.11.254 24

[SW1]int Vlanif 192  
[SW1-Vlanif100]ip address 192.168.10.254 24

[SW1]int Vlanif 200  
[SW1-Vlanif100]ip address 200.200.200.1 24

连接ac和连接sw2的接口配置trunk 连接路由器配置access

[SW1]int g0/0/1              连接路由接口
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 200
[SW1-GigabitEthernet0/0/1]quit

[SW1]interface g0/0/2             连接ac接口
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]quit

[SW1]interface g0/0/3             连接sw2接口
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/3]quit

配置DHCP服务

[SW1]dhcp enable               开启dhcp服务

ap的地址池

[SW1]ip pool toap                 ap的地址池
Info:It's successful to create an IP address pool.
[SW1-ip-pool-toap]network 192.168.10.0 mask 24
[SW1-ip-pool-toap]gateway-list 192.168.10.254 
[SW1-ip-pool-toap]option 43 sub-option 2 ip-address 100.100.100.100
[SW1-ip-pool-toap]quit   
[SW1]interface Vlanif 192
[SW1-Vlanif192]dhcp select global 
[SW1-Vlanif192]quit

dhcp地址池2

[SW1]ip pool toyonghu               用户终端地址池1
[SW1-ip-pool-toyonghu]network 172.16.10.0 mask 24
[SW1-ip-pool-toyonghu]gateway-list 172.16.10.254
[SW1-ip-pool-toyonghu]quit
[SW1]int vlanif 172
[SW1-Vlanif172]dhcp select global 
[SW1-Vlanif172]quit

dhcp地址池3

[SW1]ip pool toyonghu2            用户终端地址池2
Info:It's successful to create an IP address pool. 
[SW1-ip-pool-toyonghu2]network 172.16.11.0 mask 24
[SW1-ip-pool-toyonghu2]gateway-list 172.16.11.254
[SW1-ip-pool-toyonghu2]qui
[SW1]int vlanif 173
[SW1-Vlanif173]dhcp select global 
[SW1-Vlanif173]quit

三、配置ac1

修改名称
<AC6605>system-view 
[AC6605]sysname AC1

[AC1]vlan batch 100 172 173                //创建vlan

[AC1]int vlanif 100              //配置vlan100地址
[AC1-Vlanif100]ip address 100.100.100.100 24
[AC1-Vlanif100]quit 

配置静态路由
[AC1]ip route-static 192.168.10.0 24 100.100.100.1

配置连接端口trunk

[AC1]int g0/0/1              连接sw1接口
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/1]quit

四、配置sw2 交换机

<Huawei>system-view
[Huawei]sysname SW2

[SW2]undo info-center enable      关闭日志信息

[SW2]vlan 192

[SW2]interface Eth0/0/1      连接sw1接口
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/1]port trunk allow-pass vlan all
[SW2-Ethernet0/0/1]quit

[SW2]interface eth0/0/2          连接ap接口
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 192
[SW2-Ethernet0/0/2]quit
[SW2]

[SW2]interface eth0/0/3        连接ap接口
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 192
[SW2-Ethernet0/0/3]quit
[SW2]

查看ap是否获取到IP地址

均获取到了IP地址

ping AC1和ping  R1均能通信

五、AC上配置wlan

5.1 创建ssid

<AC1>sys
[AC1]wlan             进入wlan视图

[AC1-wlan-view]ssid-profile name ssid-hnxx            配置ssid-hnxx模板

[AC1-wlan-view]ssid hnxx            配置ssid hnxx 信号
[AC1-wlan-ssid-prof-ssid-hnxx]quit

[AC1-wlan-view]ssid-profile name ssid-szhn            配置ssid-szhn模板

[AC1-wlan-view]ssid szhn            配置ssid szhn 信号
[AC1-wlan-ssid-prof-ssid-szhn]quit
[AC1-wlan-view]

5.2创建安全模板

[AC1-wlan-view]security-profile name sec-hnxx     创建hnxx安全模板
[AC1-wlan-sec-prof-sec-hnxx]security wpa-wpa2 psk pass-phrase hn1234567 aes
[AC1-wlan-sec-prof-sec-hnxx]quit

[AC1-wlan-view]security-profile name sec-szhn       创建szhn安全模板
[AC1-wlan-sec-prof-sec-szhn]security wpa-wpa2 psk pass-phrase szhn123456 aes
[AC1-wlan-sec-prof-sec-szhn]quit

5.3.1创建vap-hnxx 接入业务vlan 172

[AC1-wlan-view]vap-profile name vap-hnxx           创建vap-hnxx

[AC1-wlan-vap-prof-vap-hnxx]forward-mode tunnel             隧道转发模式

[AC1-wlan-vap-prof-vap-hnxx]service-vlan vlan-id 172           vap-hnxx使用vlan172

[AC1-wlan-vap-prof-vap-hnxx]ssid-profile ssid-hnxx                 使用ssid模板ssid-hnxx

[AC1-wlan-vap-prof-vap-hnxx]security-profile sec-hnxx            使用安全模板sec-hnxx

[AC1-wlan-vap-prof-vap-hnxx]quit
[AC1-wlan-view]

5.3.2创建vap-hnxx 接入业务vlan 173

 [AC1-wlan-view]vap-profile name vap-szhn

[AC1-wlan-vap-prof-vap-szhn]forward-mode tunnel          隧道转发模式

[AC1-wlan-vap-prof-vap-szhn]service-vlan vlan-id 173        vap-szhn使用vlan173

[AC1-wlan-vap-prof-vap-szhn]ssid-profile ssid-szhn            使用ssid模板ssid-szhn

[AC1-wlan-vap-prof-vap-szhn]security-profile sec-szhn            使用安全模板sec-szhn

[AC1-wlan-vap-prof-vap-szhn]quit
[AC1-wlan-view]

六、创建ap组 加入ap

6.1创建ap组  group-hnxx   

[AC1-wlan-view]ap-group name group-hnxx                创建group-hnxx组
 
[AC1-wlan-ap-group-group-hnxx]vap-profile vap-hnxx wlan 1 radio all       vap-hnxx使用all射频信号

[AC1-wlan-ap-group-group-hnxx]quit

6.2创建ap组  group-szhn

[AC1-wlan-view]ap-group name group-szhn           创建group-szhn组

[AC1-wlan-ap-group-group-szhn]vap-profile vap-szhn wlan 1 radio all 

[AC1-wlan-ap-group-group-szhn]quit
[AC1-wlan-view]

查看ap-mac地址

display arp

七、添加ap到ap组

7.1 将ap1添加到group-hnxx组中

[AC1]wlan 

[AC1-wlan-view]ap auth-mode mac-auth 

[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc65-31b0

[AC1-wlan-ap-1]ap-name ap-ap1

[AC1-wlan-ap-1]ap-group group-hnxx
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC1-wlan-ap-1]

7.2 将ap2添加到group-szhn组中

[AC1-wlan-view]ap auth-mode mac-auth 

[AC1-wlan-view]ap-id 2 ap-mac 00e0-fc84-5550
[AC1-wlan-ap-2]ap-name ap-ap2
 
[AC1-wlan-ap-2]ap-group group-szhn
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y

八、用vlan 100 回复ap报文

[AC1]capwap source interface Vlanif 100

查看STA1和STA2状态 

STA1

STA2

九、实现ap1释放2个ssid信号：hnxx和szhn

[AC1]wlan
 
[AC1-wlan-view]ap-group name group-hnxx
查看group-hnxx组状态
[AC1-wlan-ap-group-group-hnxx]display this
#
  radio 0
   vap-profile vap-hnxx wlan 1
  radio 1
   vap-profile vap-hnxx wlan 1
  radio 2
   vap-profile vap-hnxx wlan 1
#

重要步骤
[AC1-wlan-ap-group-group-hnxx]vap-profile vap-szhn wlan 2 radio all 
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-group-hnxx]

查看ap1释放出了2个信号

查看group-hnxx组状态

上面没有对ap2配置ap2还是只释放一个信号

 结束，谢谢，此文作为自己实验的笔记，也参考了其他博主的文章，现在分享给大家，希望能够给大家带来帮助。