【AC无线部分配置】用华为ENSP真实模拟企业网组建实例(附原文件和配置导出下载)
1.关于CAPWAP协议简介
CAPWAP协议,即无线接入点的控制和配置协议Control And Provisioning of Wireless Access Point Protocol的缩写,它是一种通用的隧道协议,CAPWAP协议基于UDP端口进行传输,用于无线终端接入点(AP)和无线网络控制器(AC)之间的通信交互,实现AC对其所关联的AP集中管理和控制。该协议的主要功能包括:
-
AP对AC的自动发现及AP和AC的状态机运行、维护
-
AC对AP进行管理,业务配置下发
-
STA数据封装
CAPWAP隧道进行转发
此外,CAPWAP协议支持两种操作模式:Split MAC和Local MAC。在Split MAC模式下,所有二层的无线数据和管理帧都被CAPWAP协议封装,在AC和AP之间交互。从STA收到的无线帧,直接封装,转发给AC。
总的来说,CAPWAP协议是整个WLAN的南向接口协议,相当于OpenFlow协议的角色,用于无线接入点的控制和配置。
2.网络结构简化
为方便阅读,本次无线配置部分,将网络图进行简化,浅色部分暂不配置,配置无线网络控制器、配置核心交换机、配置行政办公大楼汇聚交换机,使AP上线并实现和无线终端连接:
最终实现的功能效果如下,6台终端接入无线AP,实现无线连接:
3.FIT AP wlan数据规划表
WLAN主要数据规划如下表所示:
| 配置项 | 数据 | 备注 |
|---|---|---|
| AC管理地址 | VLAN4001,10.10.254.10/24 |
|
| AC源接口地址 | VLAN4002,10.10.252.1 |
|
| AP的IP地址池 | 10.10.252.2-10.10.252.254/24 |
AC分配 |
| STA的IP地址池 | VLAN1010:10.10.10.2-10.10.10.199/24 |
汇聚交换机分配 |
| AP组 | 名称:myap-group001 |
|
| 域管理模板 | mydomain001 |
|
| 国家代码 | CN |
|
| SSID模板名称 | myssid |
|
| SSID名称 | myhuaweiwifi |
|
| SSID密码 | myhuawei123 |
|
| 安全模板 | 名称:mysec 加密方式: wpa2 psk |
|
VAP模板 |
名称:myvap 转发模式:隧道转发 业务 VLAN:1010 |
4.AP基础信息
本仿真实验中,有3台AP,它们的基础信息如下:
| 设备序号 | 设备SN号 | 设备MAC地址 | 设备型号 | 软件版本 |
|---|---|---|---|---|
AP1 |
210235448310EE3ACA47 |
00E0-FC76-32F0 |
AP7050DE |
V200R007C10SPC300 |
AP2 |
2102354483105B748366 |
00E0-FCBF-0EB0 |
AP7050DE |
V200R007C10SPC300 |
AP3 |
210235448310CE562504 |
00E0-FC2F-40E0 |
AP7050DE |
V200R007C10SPC300 |
实际设备的AP和SN可以从设备背面信息直接查到,本仿真实验中可以从设置界面中查到:
5.AP上线过程
6.配置过程
6.1大楼汇聚交换机配置
这里是行政办公大楼汇聚交换机S5700-HJ-001,AP1、AP2、AP3分别和其3、4、5口相连,这3个物理口配置中继,并在交换机上创建VLAN1010和VLAN4001-VLAN4002
<XZBUILDING>sys
Enter system view, return user view with Ctrl+Z.
[XZBUILDING]sysname S5700-HJ-001 #为便于记忆和识别,这里进行改名
[S5700-HJ-001]
1)创建VLAN
VLAN4001上次实验已创建过,这里只创建VLAN1010和VLAN4002:
[S5700-HJ-001]vlan batch 1010 4002
Info: This operation may take a few seconds. Please wait for a moment...done.
[S5700-HJ-001]
2)配置DHCP服务
这里在VLANIF 1010接口上配置DHCP服务,提供终端接入时获取自动获取IP地址:
[S5700-HJ-001-GigabitEthernet0/0/3]int vlanif 1010
[S5700-HJ-001-Vlanif1010]ip address 10.10.10.1 255.255.255.0
[S5700-HJ-001-Vlanif1010]dhcp select interface
[S5700-HJ-001-Vlanif1010]dhcp server excluded-ip-address 10.10.10.200 10.10.10.254
[S5700-HJ-001-Vlanif1010]dhcp server dns-list 114.114.114.114 114.114.115.115
[S5700-HJ-001-Vlanif1010]
3)配置中继链路
将行政办公大楼汇聚交换机S5700-HJ-001上的3-5口接口进行配置:
[S5700-HJ-001]int g0/0/3
[S5700-HJ-001-GigabitEthernet0/0/3]port link-type trunk
[S5700-HJ-001-GigabitEthernet0/0/3]port trunk pvid vlan 4002
[S5700-HJ-001-GigabitEthernet0/0/3]port trunk allow-pass vlan 1010 4002
[S5700-HJ-001-GigabitEthernet0/0/3]int g0/0/4
[S5700-HJ-001-GigabitEthernet0/0/4]port link-type trunk
[S5700-HJ-001-GigabitEthernet0/0/4]port trunk pvid vlan 4002
[S5700-HJ-001-GigabitEthernet0/0/4]port trunk allow-pass vlan 1010 4002
[S5700-HJ-001-GigabitEthernet0/0/4]int g0/0/5
[S5700-HJ-001-GigabitEthernet0/0/5]port link-type trunk
[S5700-HJ-001-GigabitEthernet0/0/5]port trunk pvid vlan 4002
[S5700-HJ-001-GigabitEthernet0/0/5]port trunk allow-pass vlan 1010 4002
[S5700-HJ-001-GigabitEthernet0/0/5]
同时,检查24号上连端口,并配置如下:
[S5700-HJ-001]int g0/0/24
[S5700-HJ-001-GigabitEthernet0/0/24]dis th
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
[S5700-HJ-001-GigabitEthernet0/0/24]
4)路由信息
原配置的路由信息不变,全局配置信息如下:
[S5700-HJ-001]dis th
#
sysname S5700-HJ-001
#
undo info-center enable
#
vlan batch 1001 to 1010 4001 to 4002
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 10.10.254.1
#
return
[S5700-HJ-001]
6.2核心交换机配置
机房核心交换机S5700-HXSW的配置主要是与其GigabitEthernet0/0/1端口相连的无线网络控制器AC6005,以及它与行政办公大楼汇聚交换机相连的GigabitEthernet0/0/4端口的配置、VLAN创建、路由等配置信息。
1)创建VLAN
创建VLAN4002:
[S5700-HXSW]vlan b 4002
Info: This operation may take a few seconds. Please wait for a moment...done.
[S5700-HXSW]
2)配置中继链路
GigabitEthernet0/0/1与AC相连的接口:
[S5700-HXSW]int g0/0/1
[S5700-HXSW-GigabitEthernet0/0/1] port link-type trunk
[S5700-HXSW-GigabitEthernet0/0/1] port trunk allow-pass vlan 4001 to 4002
[S5700-HXSW-GigabitEthernet0/0/1]
GigabitEthernet0/0/4与行政办公大楼汇聚交换机相连的接口:
[S5700-HXSW]int g0/0/4
[S5700-HXSW-GigabitEthernet0/0/4] port link-type trunk
[S5700-HXSW-GigabitEthernet0/0/4] port trunk allow-pass vlan 2 to 4094
[S5700-HXSW-GigabitEthernet0/0/4]
3)路由配置
[S5700-HXSW]ip route-static 10.10.252.0 255.255.255.0 10.10.254.10
[S5700-HXSW]
6.3无线网络控制器AC配置
这部分是本次仿真实验的重点部分,包括基础配置和无线配置。实际配置之前,应检查AP的版本和AC的版本是否一致,如果不一致,需要进行升级。
6.3.1基础配置
这里根据前面规划,AC的管理地址为VLAN4001:10.10.254.10/24,AC的源接口地址为VLAN4002:10.10.252.1/24,根据前面的规划信息表进行配置。
1)创建VLAN
[AC6005]vlan batch 1010 4001 4002
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC6005]
2)创建管理地址和源接口地址
[AC6005]interface vlanif 4001
[AC6005-Vlanif4001]ip address 10.10.254.10 255.255.255.0
[AC6005-Vlanif4001]interface vlanif 4002
[AC6005-Vlanif4002]ip address 10.10.252.1 255.255.255.0
[AC6005-Vlanif4002]
3)配置AP的DHCP地址池
[AC6005]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[AC6005]int vlanif4002
[AC6005-Vlanif4002]dhcp select interface
[AC6005-Vlanif4002]
4)配置接口
在GigabitEthernet0/0/1接口上配置线路模式为中继模式,允许VLAN4001和VLAN4002通过:
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 4001 to 4002
[AC6005-GigabitEthernet0/0/1]
5)路由配置
[AC6005]ip route-static 0.0.0.0 0.0.0.0 10.10.254.1
[AC6005]
6.3.2无线配置部分
1)创建AP组
| 配置项 | 数据 |
|---|---|
| AP组名称 | myap-group001 |
| 域管理模板 | mydomain001 |
| 国家代码 | CN |
[AC6005]wlan
[AC6005-wlan-view]ap-group name myap-group001
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6005-wlan-ap-group-myap-group001]quit
[AC6005-wlan-view]regulatory-domain-profile name mydomain001
[AC6005-wlan-regulate-domain-mydomain001]country-code CN
Info: The current country code is same with the input country code.
[AC6005-wlan-regulate-domain-mydomain001]quit
[AC6005-wlan-view]
上面分别为创建AP组名称,创建域模板,设置国家代码信息,然后进入AP组,应用域管理模板:
[AC6005-wlan-view]ap-group name myap-group001
[AC6005-wlan-ap-group-myap-group001]dis th
#
return
[AC6005-wlan-ap-group-myap-group001]regulatory-domain-profile mydomain001
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6005-wlan-ap-group-myap-group001]quit
[AC6005-wlan-view]quit
[AC6005]
2)配置AC源接口
[AC6005]capwap source interface vlanif4002
[AC6005]
3)将AP绑定到AP组中
分别添加AP:
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth #配置为MAC认证方式
[AC6005-wlan-view]ap-id 0 ap-mac 00E0-FC77-2080
[AC6005-wlan-ap-0]ap-id 1 ap-mac 00E0-FCBF-0EB0
[AC6005-wlan-ap-1]ap-id 2 ap-mac 00E0-FC2F-40E0
[AC6005-wlan-ap-2]
根据MAC地址添加后,然后将其分别绑定到AP组并修改AP名称:
[AC6005-wlan-ap-2]quit
[AC6005-wlan-view]ap-id 0
[AC6005-wlan-ap-0]ap-name QHD_XZ_5F_001 #第1个AP的名称为:QHD_XZ_5F_001
[AC6005-wlan-ap-0]ap-group myap-group001
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-ap-0]ap-id 1
[AC6005-wlan-ap-1]ap-name QHD_XZ_5F_002 #第2个AP的名称为:QHD_XZ_5F_002
[AC6005-wlan-ap-1]ap-group myap-group001
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:
Error: Please choose 'YES' or 'NO' first before pressing 'Enter'. [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-ap-1]ap-id 2
[AC6005-wlan-ap-2]ap-name QHD_XZ_5F_003 #第3个AP的名称为:QHD_XZ_5F_003
[AC6005-wlan-ap-2]ap-group myap-group001
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:
Error: Please choose 'YES' or 'NO' first before pressing 'Enter'. [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-ap-2]dis th
#
ap-name QHD_XZ_5F_003
ap-group myap-group001
#
return
[AC6005-wlan-ap-2]quit
[AC6005-wlan-view]quit
[AC6005]
下面开始配置WLAN业务参数:
4)配置安全模板
创建安全配置文件名为mysec,认证类型为wpa2,无线密码为:myhuawei123,如下:
[AC6005]wlan
[AC6005-wlan-view]security-profile name mysec
[AC6005-wlan-sec-prof-mysec]security wpa2 psk pass-phrase myhuawei123 aes
[AC6005-wlan-sec-prof-mysec]quit
[AC6005-wlan-view]
5)创建SSID模板
创建ssid模板名称为myssid,无线网络名称为myhuaweiwifi:
[AC6005-wlan-view]ssid-profile name myssid
[AC6005-wlan-ssid-prof-myssid]ssid myhuaweiwifi
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-myssid]quit
[AC6005-wlan-view]
6)创建并配置VAP模板
创建vap模板名称为myvap,配置业务数据转发模式为隧道转发,配置业务VLAN ID为1010,并且引用安全模板mysec和SSID模板myssid:
[AC6005-wlan-view]vap-profile name myvap
[AC6005-wlan-vap-prof-myvap]forward-mode tunnel
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-myvap]service-vlan vlan-id 1010
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-myvap]security-profile mysec
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-myvap]ssid-profile myssid
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-myvap]quit
[AC6005-wlan-view]
7)配置AP组引用VAP模板
[AC6005-wlan-view]ap-group name myap-group001
[AC6005-wlan-ap-group-myap-group001]vap-profile myvap wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-myap-group001]dis th
#
regulatory-domain-profile mydomain001
radio 0
vap-profile myvap wlan 1
radio 1
vap-profile myvap wlan 1
radio 2
vap-profile myvap wlan 1
#
return
[AC6005-wlan-ap-group-myap-group001]
8)保存退出
[AC6005]quit
<AC6005>sa
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file has been saved successfully
Note: The configuration file will take effect after being activated
<AC6005>
7.测试
7.1无线连接测试
如下图,随便找一个终端,然后查看VAP列表,发现有2.4G和5G的无线信号,根据前面设置的密码进行连接:
7.2查看VAP射频信号状态
在无线网络控制器AC6005上查看VAP是否成功创建:
<AC6005>dis vap ssid myhuaweiwifi
Info: This operation may take a few seconds, please wait.
WID : WLAN ID
------------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
------------------------------------------------------------------------------------
0 QHD_XZ_5F_001 0 1 00E0-FC77-2080 ON WPA2-PSK 2 myhuaweiwifi
0 QHD_XZ_5F_001 1 1 00E0-FC77-2090 ON WPA2-PSK 0 myhuaweiwifi
1 QHD_XZ_5F_002 0 1 00E0-FCBF-0EB0 ON WPA2-PSK 3 myhuaweiwifi
1 QHD_XZ_5F_002 1 1 00E0-FCBF-0EC0 ON WPA2-PSK 0 myhuaweiwifi
2 QHD_XZ_5F_003 0 1 00E0-FC2F-40E0 ON WPA2-PSK 2 myhuaweiwifi
2 QHD_XZ_5F_003 1 1 00E0-FC2F-40F0 ON WPA2-PSK 0 myhuaweiwifi
------------------------------------------------------------------------------------
Total: 6
<AC6005>
也可以直接查看所有AP的状态:
<AC6005>dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [3]
----------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type St
ate STA Uptime
----------------------------------------------------------------------------------------------------------
0 00e0-fc77-2080 QHD_XZ_5F_001 myap-group001 10.10.252.168 AP6050DN no
r 2 10M:39S
1 00e0-fcbf-0eb0 QHD_XZ_5F_002 myap-group001 10.10.252.139 AP7050DE no
r 3 10M:28S
2 00e0-fc2f-40e0 QHD_XZ_5F_003 myap-group001 10.10.252.115 AP7050DE no
r 2 10M:40S
----------------------------------------------------------------------------------------------------------
Total: 3
<AC6005>
7.3终端查看与测试
【无线部分配置】ENSP模拟中型网络实验文件.zip(1.18MB)
登录可下载
网站声明:如果转载,请联系本站管理员。否则一切后果自行承担。
赞同 0
评论 0 条
- 上周热门
- 如何使用 StarRocks 管理和优化数据湖中的数据? 2941
- 【软件正版化】软件正版化工作要点 2860
- 统信UOS试玩黑神话:悟空 2819
- 信刻光盘安全隔离与信息交换系统 2712
- 镜舟科技与中启乘数科技达成战略合作,共筑数据服务新生态 1246
- grub引导程序无法找到指定设备和分区 1213
- 华为全联接大会2024丨软通动力分论坛精彩议程抢先看! 163
- 点击报名 | 京东2025校招进校行程预告 162
- 2024海洋能源产业融合发展论坛暨博览会同期活动-海洋能源与数字化智能化论坛成功举办 160
- 华为纯血鸿蒙正式版9月底见!但Mate 70的内情还得接着挖... 157
- 本周热议
- 我的信创开放社区兼职赚钱历程 40
- 今天你签到了吗? 27
- 信创开放社区邀请他人注册的具体步骤如下 15
- 如何玩转信创开放社区—从小白进阶到专家 15
- 方德桌面操作系统 14
- 我有15积分有什么用? 13
- 用抖音玩法闯信创开放社区——用平台宣传企业产品服务 13
- 如何让你先人一步获得悬赏问题信息?(创作者必看) 12
- 2024中国信创产业发展大会暨中国信息科技创新与应用博览会 9
- 中央国家机关政府采购中心:应当将CPU、操作系统符合安全可靠测评要求纳入采购需求 8
热门标签更多
