华为无线设备AC6605局域网WLAN网络部署-模拟器演示

上图是拓扑图展示：
下面是配置命令：
SW1 （建立其他办公vlan和管理vlan100，）
undo terminal monitor
system-view
sysname SW1
vlan batch 100 101 102 103 104
interface gig0/0/1
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
interface gig0/0/2
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
interface gig0/0/3
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
interface gig0/0/4
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
interface gig0/0/5
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
SW2 (核心交换机-建立所有vlan，配置各vlan的网关地址，并且对办公和管理vlan配置DHCP中继，)
undo terminal monitor
system-view
sysname SW2
vlan batch 100 101 102 103 104 200 201
interface gig0/0/1
port link-type trunk
port trunk allow-pass vlan all
port trunk pvid vlan 100
quit
interface gig0/0/2
port link-type access
port default vlan 200
quit
interface gig0/0/3
port link-type access
port default vlan 201
quit
interface vlanif 100
ip address 10.23.100.1 24
quit
interface vlanif 101
ip address 10.23.101.1 24
quit
interface vlanif 102
ip address 10.23.102.1 24
quit
interface vlanif 103
ip address 10.23.103.1 24
quit
interface vlanif 104
ip address 10.23.104.1 24
quit
interface vlanif 200
ip address 10.45.200.2 24
quit
interface vlanif 201
ip address 10.67.201.2 24
quit

dhcp enable
interface vlanif 100
dhcp select relay
dhcp relay server-ip 10.67.201.1
quit
interface vlanif 101
dhcp select relay
dhcp relay server-ip 10.67.201.1
quit
interface vlanif 102
dhcp select relay
dhcp relay server-ip 10.67.201.1
quit
interface vlanif 103
dhcp select relay
dhcp relay server-ip 10.67.201.1
quit
interface vlanif 104
dhcp select relay
dhcp relay server-ip 10.67.201.1
quit

AR1 （DHCP服务器：配置ap的管理地址池并要告诉AP，AC的信息；办公vlan地址池，)
undo terminal monitor
system-view
sysname AR1
interface gig0/0/0
ip address 10.67.201.1 24
quit
ip route-static 10.23.0.0 16 10.67.201.2
dhcp enable
ip pool VLAN100
network 10.23.100.0 mask 24
gateway-list 10.23.100.1
option 43 sub-option 3 ascii 10.45.200.1
quit

ip pool VLAN101
network 10.23.101.0 mask 24
gateway-list 10.23.101.1
quit
ip pool VLAN102
network 10.23.102.0 mask 24
gateway-list 10.23.102.1
quit
ip pool VLAN103
network 10.23.103.0 mask 24
gateway-list 10.23.103.1
quit
ip pool VLAN104
network 10.23.104.0 mask 24
gateway-list 10.23.104.1
quit

interface gig0/0/0
dhcp select global
quit

AC (AC基础配置IP和路由)
undo terminal monitor
system-view
sysname AC
vlan 200
quit
interface vlanif 200
ip address 10.45.200.1 24
interface gig0/0/1
port link-type access
port default vlan 200
quit
ip route-static 10.0.0.0 8 10.45.200.2

阶段性目标2-让AP注册到 AC 上
配置思路：
@让 AP 获得 AC 的地址
@在 AC 上添加 AP 的配置信息
配置命令：
AP获得IP地址相关信息，都是通过 DHCP 服务器获得的，
我们可以考虑在 DHCP 服务器上，配置 AC 服务器的IP地址；

指定 CAPWAP信令协议的源IP地址
创建ap的l来宾组，关联域模板（国家代码），ap上线通过mac地址进行自注册（mac地址是AP的实际mac地址）
AC
undo terminal monitor
system-view

capwap source interface vlanif 200

wlan
ap-group name guest
quit
regulatory-domain-profile name domain1
country-code CN
quit
ap-group name guest
regulatory-domain-profile domain1

Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y

quit
quit
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 00e0-fca2-4a80
ap-name qiantai1
ap-group guest

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y

阶段性目标3：配置 AC，让 AP获得配置信息，并开启无线信号
配置思路：
1.得有无线信号
2.得有无线名称(ssid-profile)
3.得有无线密码(secuirty-profile)
4.连接上无线后，能自动获得IP地址；
@要确定 AP 所能提供的 VLAN 范围
@要去 DHCP 服务器为该 VLAN 创建 DHCP 地址

AC
undo terminal monitor
system-view

配置SSID配置文件，为AP的WiFi信号取名字
配置加密配置文件，为AP配置密码
创建VLAN Pool ，让AP的客户端加入特定的VLAN
wlan
ssid-profile name AAAA
ssid guest
quit
security-profile name CCCC
security wpa2 psk pass-phrase a1234567 aes
quit
quit
vlan pool HAHA
vlan 101 102
quit

配置VAP 模板，用于关联各种配置模板， 给来宾用.
为指定的ap-group开启无线信道
wlan
vap-profile name HEHE
service-vlan vlan-pool HAHA
security-profile CCCC
ssid-profile AAAA
quit
ap-group name guest
vap-profile HEHE wlan 1 radio 0
vap-profile HEHE wlan 1 radio 1
quit

第二台AP部署用于内部员工使用(创建ap的办公组，关联域模板，ap-mac地址自注册）
AC
wlan
ap-group name yuangong
regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
quit
quit

wlan
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fce0-21b0
ap-name bangong1
ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y

配置第二台无线信号，名字，密码，信道
AC
wlan
ssid-profile name 1111
ssid bangong
quit
security-profile name 2222
security wpa2 psk pass-phrase b1234567 aes
quit
quit
vlan pool sta-pool2
vlan 103 104
quit

wlan
vap-profile name bangong
service-vlan vlan-pool sta-pool2
security-profile 2222
ssid-profile 1111
quit
ap-group name yuangong
vap-profile bangong wlan 1 radio 1
quit
验证测试：