近期采购一批H3C的WA6620无线接入AP,但是没有采购AC。由于项目着急上线,只能先把这个设备拿来先用胖模式开起来。为了防止后期配置丢失找不到,就记录下来,方便后期查找配置。
一、组网需求:
如下图所示,使用H3C Wi-Fi6无线接入点、PoE交换机和三层交换机实现多台FAT AP与交换机配合组网。具体要求如下:
1、L3 switch作为DHCP server为无线客户端Client分配IP地址。
2、L2 switch通过PoE方式给AP供电。
3、Client通过VLAN 100接入无线网络。
4、使用手工配置静态IP地址的方式,为AP规划地址。
5、要求客户端可以在FAT AP内漫游,也可以跨FAT AP漫游。
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
L3 Switch |
Vlan-int 100 |
10.100.2.111/16 |
L2 Switch |
Vlan-int 100 |
10.100.2.112/16 |
|
AP 1 |
Vlan-int 100 |
10.100.2.121/16 |
AP 2 |
Vlan-int 100 |
10.100.2.122/16 |
|
AP 3 |
Vlan-int 100 |
10.100.2.123/16 |
AP 4 |
Vlan-int 100 |
10.100.2.124/16 |
二、配置思路:
配置思路
· 配置FAT AP和上层网络设备实现二层互通。
· 在L3 switch上开启DHCP server功能,为Client提供地址。FAT AP的地址由管理员手动配置,Client通过DHCP server自动获取IP地址。
· 在L2 switch上开启PoE功能,为AP设备供电。
· 配置FAT AP的国家码,保证射频符合当地法律。
· 配置FAT AP漫游组,实现跨FAT AP漫游。
三、配置步骤:
3.3.1 配置L3 switch
(1) 配置L3 switch的接口
# 配置VLAN及接口。
<L3 switch>system-view
[L3 switch] vlan 100
[L3 switch-vlan100] quit
[L3 switch] interface vlan-interface 100
[L3 switch-Vlan-interface1] ip address 10.100.2.111 255.255.0.0
[L3 switch-Vlan-interface1] quit
# 配置L3 Switch和L2 Switch相连的接口GigabitEthernet1/0/2为Trunk类型,并允许VLAN 100通过。
[L3 switch] interface gigabitethernet 1/0/2
[L3 switch-GigabitEthernet1/0/2] port link-type trunk
[L3 switch-GigabitEthernet1/0/2] port trunk permit vlan 100
[L3 switch-GigabitEthernet1/0/2] quit
(2) 配置DHCP server
# 配置DHCP地址池100为Client分配地址,范围为10.100.2.0/16,网关地址为10.100.2.111,禁止分配的IP地址为10.100.2.112、10.100.2.121~10.100.2.124。
[L3 switch] dhcp server ip-pool 100
[L3 switch-dhcp-pool-100] network 10.100.2.0 mask 255.255.0.0
[L3 switch-dhcp-pool-100] gateway-list 10.100.2.111
[L3 switch-dhcp-pool-100] forbidden-ip 10.100.2.112
[L3 switch-dhcp-pool-100] forbidden-ip-range 10.100.2.121 10.100.2.124
[L3 switch-dhcp-pool-100] quit
# 开启DHCP server功能。
[L3 switch] dhcp enable
3.3.2 配置L2 switch
(1) 配置L2 Switch 2的接口
# 配置VLAN及接口。
<L2 switch> system-view
[L2 switch] interface vlan-interface 100
[L2 switch-Vlan-interface100] ip address 10.100.2.112 255.255.0.0
[L2 switch-Vlan-interface100] quit
[L2 switch] vlan 100
[L2 switch-vlan100] quit
# 配置L2 Switch和L3 Switch相连的接口GigabitEthernet1/0/1为Trunk类型,并允许VLAN 100通过。
[L2 switch] interface gigabitethernet 1/0/1
[L2 switch-GigabitEthernet1/0/1] port link-type trunk
[L2 switch-GigabitEthernet1/0/1] port trunk permit vlan 100
[L2 switch-GigabitEthernet1/0/1] quit
# 配置L2 Switch与FAT AP相连的接口为Access类型,将接口加入VLAN 100,并开启PoE远程供电功能,以GigabitEthernet1/0/2为例。
[L2 switch] interface range gigabitethernet 1/0/2
[L2 switch-GigabitEthernet1/0/2] port access vlan 100
[L2 switch-GigabitEthernet1/0/2] poe enable
[L2 switch-GigabitEthernet1/0/2] quit
3.3.3 配置FAT AP
说明:本配置以FAT AP 1为例,FAT AP 2~4的配置与FAT AP 1类似,请参考下文进行配置。
(1) 配置国家码(如果缺省配置与举例中相同,请忽略此配置)
<AP> system-view
[AP] wlan global-configuration
[AP-wlan-global-configuration] region-code JP
This operation may reset the radio parameters. Continue? [Y/N]:y
[AP-wlan-global-configuration] quit
(2) 配置FAT AP的接口
# 配置VLAN及接口。
[AP] interface vlan-interface 100
[AP-Vlan-interface100] ip address 10.100.2.121 255.255.0.0
[AP-Vlan-interface100] quit
[AP] vlan 100
[AP-vlan100] quit
# 配置FAT AP和L2 Switch相连的接口GigabitEthernet1/0/1为Access类型,将接口加入VLAN 100。
[AP] interface gigabitethernet 1/0/1
[AP-GigabitEthernet1/0/1] port link-type access
[AP-GigabitEthernet1/0/1] port access vlan 100
[AP-GigabitEthernet1/0/1] quit
(3) 配置无线服务模板
# 创建无线服务模板service1,并进入无线服务模板视图。
[AP] wlan service-template service1
# 配置SSID为service。
[AP-wlan-st-service1] ssid service
# 配置无线服务模板的VLAN为100。
[AP-wlan-st-service1] vlan 100
# 配置AKM为PSK,配置PSK密钥,使用明文的字符串12345678作为共享密钥。
[AP-wlan-st-service1] akm mode psk
[AP-wlan-st-service1] preshared-key pass-phrase simple 12345678
# 配置CCMP为加密套件,配置RSN为安全信息元素。
[AP-wlan-st-service1] cipher-suite ccmp
[AP-wlan-st-service1] security-ie rsn
# 开启无线服务模板。
[AP-wlan-st-service1] service-template enable
[AP-wlan-st-service1] quit
# 将无线服务模板service1绑定到WLAN-Radio 1/0/1接口。
[AP] interface wlan-radio 1/0/1
[AP-WLAN-Radio1/0/1] undo shutdown
[AP-WLAN-Radio1/0/1] service-template service1
[AP-WLAN-Radio1/0/1] quit
# 将无线服务模板service1绑定到WLAN-Radio 1/0/2接口。
[AP] interface wlan-radio 1/0/2
[AP-WLAN-Radio1/0/2] undo shutdown
[AP-WLAN-Radio1/0/2] service-template service1
[AP-WLAN-Radio1/0/2] quit
(4) 配置漫游组
# 创建漫游组office。
[AP] wlan mobility group office
# 配置漫游组IADTP隧道IP地址类型为IPv4。
[AP-wlan-mg-office] tunnel-type ipv4
# 配置FAT AP加入漫游组时建立IADTP隧道的源IP地址为设备自身的IP地址。
[AP-wlan-mg-office] source ip 10.100.2.121
# 通过漫游组成员自动添加功能,添加漫游组内的AP成员。
[AP-wlan-mg-office] member auto-discovery
# 开启漫游组功能。
[AP-wlan-mg-office] group enable
[AP-wlan-mg-office] quit
#关闭自带的wifi
wlan service-template 16
undo service-template enable
save
yes
#配置登录相关账户信息
telnet server enable
ip http enable
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
authentication-mode scheme
local-user admin
password simple 12345678
authorization-attribute user-role network-admin
service-type telnet http https terminal
3.4 验证配置
客户端从AP 1漫游至AP 2后,可以通过命令行查看客户端的漫游信息。
# 在AP 1查看漫游组信息。
[AP1] display wlan mobility group
Mobility group name: office
Tunnel type: IPv4
Source IPv4: 10.100.2.121
Source IPv6: Not configured
Authentication method: Not configured
Mobility group status: Enabled
Member entries: 1
IP address State Online time
10.100.2.122 Up 00hr 00min 12sec
10.100.2.123 Up 00hr 00min 15sec
10.100.2.124 Up 00hr 00min 20sec
# 在AP 2查看漫游组信息。
[AP2] display wlan mobility group
Mobility group name: office
Tunnel type: IPv4
Source IPv4: 10.100.2.122
Source IPv6: Not configured
Authentication method: Not configured
Mobility group status: Enabled
Member entries: 1
IP address State Online time
10.100.2.121 Up 00hr 00min 05sec
10.100.2.123 Up 00hr 00min 15sec
10.100.2.124 Up 00hr 00min 20sec
# 在AP 1上通过display wlan mobility roam-track mac-address可以查看到客户端在AP 1初始上线,随后漫游到AP 2上。
[AP1] display wlan mobility roam-track mac-address bce2-659a-3232
Total entries : 2
Current entries: 2
BSSID Created at Online time AP IP address RID AP name
74ea-c8fd-c200 2016-06-14 11:12:28 00hr 06min 56sec 10.100.2.122 2 ap2
74ea-c8fd-c1e0 2016-06-14 11:11:28 00hr 03min 30sec 127.0.0.1 1 ap1
# 在AP 1上通过display wlan mobility roam-out可以查看到客户端漫出到AP 2上漫出信息。
[AP1] display wlan mobility roam-out
Total entries: 1
MAC address BSSID VLAN ID Online time FA IP address
bce2-659a-3232 74ea-c8fd-c200 1 00hr 01min 59sec 10.100.2.122
# 在AP 2上通过display wlan client可以查看到客户端关联的AP为AP 2,漫游状态为AP间漫游。
[AP2] display wlan client verbose
Total number of clients: 1
MAC address : bce2-659a-3232
IPv4 address : 10.100.2.125
IPv6 address : N/A
Username : N/A
AID : 978
Radio ID : 2
Channel : 36
SSID : service
BSSID : 74ea-c8fd-c200
VLAN ID : 100
VLAN ID2 : N/A
Sleep count : 49
……
Roam status : Inter-AP roam
Key derivation : N/A
PMF status : N/A
Forwarding policy name : Not configured
Online time : 0days 0hours 0minutes 54seconds
FT status : Inactive
# 在AP 2上通过display wlan mobility roam-in命令可以查看到客户端从AP 2漫入的漫入信息。
[AP2] display wlan mobility roam-in
Total entries: 1
MAC address BSSID VLAN ID HA IP address
bce2-659a-3232 74ea-c8fd-c200 100 10.100.2.121
附带配置AP命令:
sys
ap-mode cloud
rebootsys
wlan global-configuration
region-code CN
y
quitvlan 300
int g 1/0/1
port link-type access
port access vlan 300
int vlan 300
ip address 10.10.10.10 24
quitwlan service-template service1
ssid scan
vlan 300
akm mode psk
preshared-key pass-phrase simple 12345678
cipher-suite ccmp
security-ie rsn
service-template enable
quitinterface WLAN-Radio 1/0/1
undo shutdown
service-template service1
option client reject enable rssi 45
option client reconnect enable rssi 20
quitinterface wlan-radio 1/0/2
undo shutdown
service-template service1
quitwlan mobility group office
tunnel-type ipv4
source ip 10.10.10.10
member auto-discovery
group enabletelnet server enable
ip http enable
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
authentication-mode scheme
local-user admin
password simple hcai@12345
authorization-attribute user-role network-admin
service-type telnet http https terminalwlan service-template 16
undo service-template enable
save
y
本站所有文章,如无特殊说明或标注,均为本站原创发布。
任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。
如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。