无线局域网WLAN(Wireless Local Area Network)是一种无线计算机网络,使用无线信道代替有线传输介质连接两个或多个设备形成一个局域网LAN(Local Area Network),典型部署场景如家庭、学校、校园或企业办公楼等。
WLAN是一个网络系统,而我们常见的Wi-Fi是这个网络系统中的一种技术使用WLAN网络中由两个关键的设备,AP和AC。AP是无线访问接入点,,一般来说一个网络中都有多个AP。AC是无线控制器,主要功能是对AP进行统一的管理,负责把来自不同AP的数据进行汇聚并接入Internet。
网络拓扑图:
无线网络的配置过程:
1.基础配置(VLAN,IP地址)
2.DHCP服务器和中继
3.AC中绑定AP
4.配置SSID模块、安全模块、VAP模块
5.VAP绑定SSID和安全模块
6.VAP关联AP组
7.测试
1.基础配置
LSW1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys lsw1
[lsw1]un in en
Info: Information center is disabled.
[lsw1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[lsw1]int g0/0/1
[lsw1-GigabitEthernet0/0/1]port link-type trunk
[lsw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 40
[lsw1-GigabitEthernet0/0/1]port trunk pvid vlan 10
[lsw1-GigabitEthernet0/0/1]quit
[lsw1]int g0/0/2
[lsw1-GigabitEthernet0/0/2]port link-type access
[lsw1-GigabitEthernet0/0/2]port default vlan 30
[lsw1-GigabitEthernet0/0/2]quit
[lsw1]int g0/0/3
[lsw1-GigabitEthernet0/0/3]port link-type trunk
[lsw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20 30 40 50
[lsw1-GigabitEthernet0/0/3]quit
[lsw1]int vlan 10
[lsw1-Vlanif10]ip add 192.168.10.254 24
[lsw1-Vlanif10]int vlan 20
[lsw1-Vlanif20]ip add 192.168.20.254 24
[lsw1-Vlanif20]int vlan 30
[lsw1-Vlanif30]ip add 192.168.30.254 24
[lsw1-Vlanif30]int vlan 40
[lsw1-Vlanif40]ip add 192.168.40.254 24AC
<AC6005>sys
Enter system view, return user view with Ctrl+Z.
[AC6005]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 40
[AC6005-GigabitEthernet0/0/1]quit
[AC6005]int vlan 40
[AC6005-Vlanif40]ip add 192.168.40.1 24
2.DHCP服务器
vlan10的地址池需要指定AC的地址
[ar1]int g0/0/0
[ar1-GigabitEthernet0/0/0]
[ar1-GigabitEthernet0/0/0]ip add 192.168.30.1 24
[ar1-GigabitEthernet0/0/0]quit
[ar1]int l0
[ar1-LoopBack0]ip add 2.2.2.2 32
[ar1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[ar1]ip pool vlan10
Info: It's successful to create an IP address pool.
[ar1-ip-pool-vlan10]gateway-list 192.168.10.254
[ar1-ip-pool-vlan10]network 192.168.10.0 mask 24
#指定AP地址
[ar1-ip-pool-vlan10]option 43 sub-option 3 ascii 192.168.40.1
[ar1-ip-pool-vlan10]quit
[ar1]ip pool vlan20
Info: It's successful to create an IP address pool.
[ar1-ip-pool-vlan20]ga
[ar1-ip-pool-vlan20]gateway-list 192.168.20.254
[ar1-ip-pool-vlan20]network 192.168.20.0 mask 24
[ar1-ip-pool-vlan20]quit
[ar1]int g0/0/0
[ar1-GigabitEthernet0/0/0]dhcp select global
[ar1]ip route-static 0.0.0.0 0 192.168.30.254 #配置回去的路由DHCP中继
[lsw1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[lsw1]int vlan 10
[lsw1-Vlanif10]dhcp select relay
[lsw1-Vlanif10]dhcp relay server-ip 192.168.30.1
[lsw1-Vlanif10]int vlan 20
[lsw1-Vlanif20]dhcp select relay
[lsw1-Vlanif20]dhcp relay server-ip 192.168.30.13.AC绑定AP
先查看AP是否获取到了IP地址
在AC处抓包,显示有AP的请求报文
查询APmac地址
[AC6005]capwap source interface Vlanif 40
[AC6005]wlan
[AC6005-wlan-view]ap-group name 40
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6005-wlan-ap-group-40]re
[AC6005-wlan-ap-group-40]regulatory-domain-profile name 40
[AC6005-wlan-regulate-domain-40]co
[AC6005-wlan-regulate-domain-40]country-code cn
Info: The current country code is same with the input country code.
[AC6005-wlan-view]ap auth-mode mac-auth [AC6005-wlan-view]ap-id 1 ap
[AC6005-wlan-view]ap-id 1 ap-mac 00e0-fce1-1110
[AC6005-wlan-ap-1]ap-g
[AC6005-wlan-ap-1]ap-group 40
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-view]quit
#配置出去的默认路由
[AC6005]ip route-static 0.0.0.0 0 192.168.40.254
#这里要先进一下三层vlan
[AC6005]int vlan 10
[AC6005]quit
查看AP是否上线
4.配置SSID模块、安全模块、VAP模块
[AC6005]wlan
#ssid模块
[AC6005-wlan-view]ssid-profile name 40
[AC6005-wlan-ssid-prof-40]ssid 40
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-40]quit
#安全模块
[AC6005-wlan-view]security-profile name 40
[AC6005-wlan-sec-prof-40]security ?open Open system wapi WLAN authentication and privacy infrastructure wep Wired equivalent privacy wpa Wi-Fi protected access wpa-wpa2 Wi-Fi protected access version 1&2 wpa2 Wi-Fi protected access version 2
[AC6005-wlan-sec-prof-40]security op
[AC6005-wlan-sec-prof-40]security wpa2 ?dot1x 802.1x authentication psk Pre-shared key
[AC6005-wlan-sec-prof-40]security wpa2 p
[AC6005-wlan-sec-prof-40]security wpa2 psk ?hex Hexadecimal pass-phrase Passphrase
[AC6005-wlan-sec-prof-40]security wpa2 psk pa
[AC6005-wlan-sec-prof-40]security wpa2 psk pass-phrase 123456789 ?aes Advanced encryption standardaes-tkip AES-TKIP tkip Temporal key integrity protocol
[AC6005-wlan-sec-prof-40]security wpa2 psk pass-phrase 123456789 aes
Warning: The current password is too simple. For the sake of security, you are a
dvised to set a password containing at least two of the following: lowercase let
ters a to z, uppercase letters A to Z, digits, and special characters. Continue?[Y/N]:y
[AC6005-wlan-sec-prof-40]quit
#VAP模块
[AC6005-wlan-view]vap-profile name 40
[AC6005-wlan-vap-prof-40]ssid 40
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-40]se
[AC6005-wlan-vap-prof-40]security-profile 40
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-40]ser
[AC6005-wlan-vap-prof-40]service-vlan ?vlan-id VLAN ID vlan-pool Bind VLAN pool
[AC6005-wlan-vap-prof-40]service-vlan v
[AC6005-wlan-vap-prof-40]service-vlan vlan-id 20
Info: This operation may take a few seconds, please wait.done.
6.VAP关联AP组
[AC6005-wlan-vap-prof-40]quit
[AC6005-wlan-view]ap-group name 40
[AC6005-wlan-ap-group-40]regulatory-domain-profile 40
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6005-wlan-ap-group-40]vap-profile 1 wlan 2 radio all
Error: The VAP profile does not exist.
[AC6005-wlan-ap-group-40]vap-profile 40 wlan 2 radio all
Info: This operation may take a few seconds, please wait...done.
这个时候就可以查看到效果了
7.测试
连接成功
看一下连通性
这个时候我们的WLAN就算配置完成了
如有错误,欢迎留言指出!