二话不说，直接上图,三层旁挂，用lo2.2.2.2，作为capwap隧道接口

核心交换机创建vlan和vlanif接口

<Huawei>system-view

[Huawei]sysname sw1

[sw1]interface Vlanif 10

[sw1-Vlanif10]ip address 192.168.1.1 24  #与ar互联地址

[sw1-Vlanif10]q

[sw1]int vlanif 172

[sw1-Vlanif172]ip add 172.16.100.1 22   # 业务vlan

[sw1-Vlanif172]q

[sw1]interface Vlanif 101

[sw1-Vlanif101]ip ad 10.1.12.1 24       #与AC相连地址

[sw1]interface Vlanif 100

[sw1-Vlanif100]ip address 10.1.10.1 22  #给AP分配地址

配置接口VLAN

[sw1]interface GigabitEthernet 0/0/1

[sw1-GigabitEthernet0/0/1]port link-type access

[sw1-GigabitEthernet0/0/1]port default vlan 10  #与路由器互联

[sw1-GigabitEthernet0/0/1]int g0/0/2

[sw1-GigabitEthernet0/0/2]port link-type trunk

[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 101 172

#与AC互联

[sw1]interface GigabitEthernet 0/0/3

[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 172

#与接入交换机互联

[sw1-GigabitEthernet0/0/3]q

接入交换配置

<sw2>system-view

[sw2]vlan batch 100 172

Info: This operation may take a few seconds. Please wait for a moment...done.

[sw2]interface Eth0/0/3

[sw2-Ethernet0/0/3]port link-type trunk

[sw2-Ethernet0/0/3]port trunk allow-pass vlan 100 172  #放行所有

[sw2-Ethernet0/0/3]int e 0/0/1

[sw2-Ethernet0/0/1]port link-type trunk

[sw2-Ethernet0/0/1]port trunk allow-pass vlan 100 172   #放行ap和业务vlan

[sw2-Ethernet0/0/1]port trunk pvid vlan 100   #分配默认接口

[sw2]interface Eth0/0/2

[sw2-Ethernet0/0/2]port link-type trunk

[sw2-Ethernet0/0/2]port trunk allow-pass vlan 100 172

[sw2-Ethernet0/0/2]port trunk pvid vlan 100     #同上

AC基础配置；

<AC6005>sy

<AC6005>system-view

Enter system view, return user view with Ctrl+Z.

[AC6005]vlan batch 101 172

[AC6005]interface Vlanif 101

[AC6005-Vlanif101]ip address 10.1.12.2 24

[AC6005]interface LoopBack 0

[AC6005-LoopBack0]ip address 2.2.2.2 32     #创建环回口作为CAPWAP隧道源接口

[AC6005]interface GigabitEthernet 0/0/2

[AC6005-GigabitEthernet0/0/2]port link-type trunk

[AC6005-GigabitEthernet0/0/2]port trunk allow-pass vlan 101 172

#放通AC与核心互通的vlan   是否可以用ACCESS 未作实验 读者可以试试。

[AC6005-GigabitEthernet0/0/2]q

[AC6005]ping 10.1.12.1

PING 10.1.12.1: 56  data bytes, press CTRL_C to break

Reply from 10.1.12.1: bytes=56 Sequence=1 ttl=255 time=130 ms

#测试直连接口互通，验证配置

路由器配置

<Huawei>sy

<Huawei>system-view

Enter system view, return user view with Ctrl+Z.

[Huawei]sysname ar1

[ar1]interface GigabitEthernet 0/0/1

[ar1-GigabitEthernet0/0/1]ip address 192.168.1.3 24

[ar1-GigabitEthernet0/0/1]q

[ar1]interface LoopBack 0

[ar1-LoopBack0]ip address 1.1.1.1 32    #假设运营商外网

[ar1-LoopBack0]q

[ar1]ping 192.168.1.1             #测试直连是否互通

PING 192.168.1.1: 56  data bytes, press CTRL_C to break

Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=100 ms

写回传路由，因172.16.100是业务地址

[ar1]ip route-static 172.16.100.0 255.255.252.0 192.168.1.1

#外网回传路由

核心交换机静态路由配置

[sw1]ip route-static 2.2.2.2 32 10.1.12.2     #通往AC的静态路由

[sw1]ip route-static 0.0.0.0 0.0.0.0 192.168.1.3  #外网出口路由

[sw1]ping -a 172.16.100.1 1.1.1.1                #测试网关是否能通外网

PING 1.1.1.1: 56  data bytes, press CTRL_C to break

Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=60 ms

AC路由配置

[AC6005]ip route-static 0.0.0.0 0.0.0.0 10.1.12.1

#AC出口路由和AC与ap的路由

[AC6005]ping -a 2.2.2.2 172.16.100.1

PING 172.16.100.1: 56  data bytes, press CTRL_C to break

Reply from 172.16.100.1: bytes=56 Sequence=1 ttl=255 time=30 ms

Reply from 172.16.100.1: bytes=56 Sequence=2 ttl=255 time=10 ms

[AC6005]ping -a 2.2.2.2 10.1.10.1

PING 10.1.10.1: 56  data bytes, press CTRL_C to break

Reply from 10.1.10.1: bytes=56 Sequence=1 ttl=255 time=10 ms

[AC6005]ping -a 2.2.2.2 1.1.1.1

PING 1.1.1.1: 56  data bytes, press CTRL_C to break

Request time out

--- 1.1.1.1 ping statistics ---

1 packet(s) transmitted

0 packet(s) received

100.00% packet loss

#这里没通是因为只有出去没回程路由，需要在AR1上写条

Ip-route-static 2.2.2.2 255.255.255.255 192.168.1.1  即可互通

创建地址池

[sw1]ip pool vlan172     #创建业务地址池

Info:It's successful to create an IP address pool.

[sw1-ip-pool-vlan172]gateway-list 172.16.100.1

[sw1-ip-pool-vlan172]network 172.16.100.0 mask  22

[sw1-ip-pool-vlan172]excluded-ip-address 172.16.100.2 172.16.100.200

[sw1-ip-pool-vlan172]lease day 0 hour 4

[sw1-ip-pool-vlan172]dns-list 114.114.114.114

[sw1-ip-pool-vlan172]q

[sw1]ip pool vlan100      #创建ap地址池

Info:It's successful to create an IP address pool.

[sw1-ip-pool-vlan100]gateway-list 10.1.10.1

[sw1-ip-pool-vlan100]network 10.1.10.0 mask 22

[sw1-ip-pool-vlan100]option 43 sub-option 3 ascii 2.2.2.2

#三层地址，需要指定option 43 并指定源接口 2.2.2.2

使能DHCP功能

[sw1]dhcp enable

[sw1]interface Vlanif 172

[sw1-Vlanif172]dhcp select global       #使能全局模式

[sw1]interface Vlanif 100

[sw1-Vlanif100]dhcp select global        #使能全局模式

[sw1]ping -a 10.1.10.1 2.2.2.2

PING 2.2.2.2: 56  data bytes, press CTRL_C to break

Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms

Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms

开始AP上线配置：

#指定capwap隧道接口为lo0

[AC6005]capwap source interface LoopBack 0

创建AP组

[AC6005-wlan-view]ap-group name zhuzige

Info: This operation may take a few seconds. Please wait for a moment.done.

[AC6005-wlan-view]ap auth-mode mac-auth   #3中AP认证方式，不认证，mac认证，SN号认证

[AC6005-wlan-view]ap-mac 00E0-FCAA-19E0 #这条命令可以用ap ap-id x ap-mac   xxxx-xxxx-xxxx   用于指定ap的编号，方便于CAD布点图纸对应

[AC6005-wlan-ap-0]ap-name fool-1    #编写AP的名字

[AC6005-wlan-ap-0]display this

#

ap-name fool-1

[AC6005-wlan-ap-0]ap-group zhuzige   #加入AP组方便对组进行调用，如手动设置配置VIP区域

Warning: This operation may cause AP reset. If the country code changes, it will

clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6005-wlan-ap-0]q

[AC6005-wlan-view]ap-mac 00E0-FC0A-2590

[AC6005-wlan-ap-1]ap-name fool-2

[AC6005-wlan-ap-1]ap-group zhuzige

Warning: This operation may cause AP reset. If the country code changes, it will

clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC6005]dis ap all  #查看AP组是否在线

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

idle : idle            [1]

nor  : normal          [1]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige -           -               idle  0   -

1    00e0-fc0a-2590 fool-2 zhuzige -           -               idle   0  -

--------------------------------------------------------------------------------

----------

Total: 2

该处实验半天没出结果，怀疑是没得到免费的ARP原因排查了很久，刚开始怀疑DHCP没有使能成功，但用模拟器PC发现能获取到地址，排除了DHCP问题。

[sw1]display ip pool name vlan100

Pool-name      : vlan100

Pool-No        : 1

Lease          : 1 Days 0 Hours 0 Minutes

Domain-name    : -

Option-code    : 43

Option-subcode : 3

Option-type    : ascii

Option-value   : 2.2.2.2

DNS-server0    : -

NBNS-server0   : -

Netbios-type   : -

Position       : Local           Status           : Unlocked

Gateway-0      : 10.1.10.1

Mask           : 255.255.252.0

VPN instance   : --

-----------------------------------------------------------------------------

Start           End     Total  Used  Idle(Expired)  Conflict  Disable

-----------------------------------------------------------------------------

10.1.8.1     10.1.11.254  1021     3       1018(0)         0        0

最后用ping命令试试了DHCP分配出去后的地址，结果又通了，不知道是否ENSP的原因？

[AC6005]ping -a 2.2.2.2 10.1.11.253

PING 10.1.11.253: 56  data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Reply from 10.1.11.253: bytes=56 Sequence=4 ttl=254 time=60 ms

--- 10.1.11.253 ping statistics ---

4 packet(s) transmitted

1 packet(s) received

75.00% packet loss

round-trip min/avg/max = 60/60/60 ms

[AC6005]ping -a 2.2.2.2 10.1.11.252

PING 10.1.11.252: 56  data bytes, press CTRL_C to break

Reply from 10.1.11.252: bytes=56 Sequence=1 ttl=127 time=60 ms

Reply from 10.1.11.252: bytes=56 Sequence=2 ttl=127 time=60 ms

Reply from 10.1.11.252: bytes=56 Sequence=3 ttl=127 time=60 ms

--- 10.1.11.252 ping statistics ---

3 packet(s) transmitted

3 packet(s) received

0.00% packet loss

round-trip min/avg/max = 60/60/60 ms

--- 10.1.11.251 ping statistics ---

5 packet(s) transmitted

0 packet(s) received

100.00% packet loss

[AC6005]ping -a 2.2.2.2 10.1.11.254

PING 10.1.11.254: 56  data bytes, press CTRL_C to break

Request time out

Reply from 10.1.11.254: bytes=56 Sequence=2 ttl=254 time=60 ms

Reply from 10.1.11.254: bytes=56 Sequence=3 ttl=254 time=60 ms

Reply from 10.1.11.254: bytes=56 Sequence=4 ttl=254 time=70 ms

--- 10.1.11.254 ping statistics ---

4 packet(s) transmitted

3 packet(s) received

25.00% packet loss

round-trip min/avg/max = 60/63/70 ms

如情况 AP上线了 ，NOR状态

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

idle : idle            [1]

nor  : normal          [1]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige -           -               idle  0   -

1    00e0-fc0a-2590 fool-2 zhuzige 10.1.11.253 AP4030TN        nor   0   11S

--------------------------------------------------------------------------------

----------

Total: 2

[AC6005]dis ap all

Info: This operation may take a few seconds. Please wait for a moment.done.

Total AP information:

nor  : normal          [2]

--------------------------------------------------------------------------------

----------

ID   MAC            Name   Group   IP          Type            State STA Uptime

--------------------------------------------------------------------------------

----------

0    00e0-fcaa-19e0 fool-1 zhuzige 10.1.11.254 AP4030TN        nor   0   4S

1    00e0-fc0a-2590 fool-2 zhuzige 10.1.11.253 AP4030TN        nor   0   20S

--------------------------------------------------------------------------------

----------

Total: 2

[AC6005]

-----------------------------------------------------------------------------

开始管理模板

先创建VAP模板

[AC6005-wlan-view]vap-profile name zhuzige

创建安全模板

[AC6005-wlan-view]security-profile name zhuzige

[AC6005-wlan-sec-prof-zhuzige]security wpa-wpa2 psk pass-phrase zhuzige123 aes

#采用预配密码的方式进行加密aes传输

#创建SSid模板

[AC6005-wlan-view]ssid-profile name zhuzige

[AC6005-wlan-ssid-prof-zhuzige]ssid zhuzige

在vap模板下引入 安全模板和ssid模板

[AC6005-wlan-view]vap-profile name zhuzige

[AC6005-wlan-vap-prof-zhuzige]security-profile zhuzige

[AC6005-wlan-vap-prof-zhuzige]ssid-profile zhuzige

[AC6005-wlan-vap-prof-zhuzige]display this

#

ssid-profile zhuzige

security-profile zhuzige

在VAP模板下设置转发方式和转发VLAN

[AC6005-wlan-view]vap-profile name zhuzige

[AC6005-wlan-vap-prof-zhuzige]service-vlan vlan-id 172

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-zhuzige]forward-mode direct-forward

[AC6005-wlan-vap-prof-zhuzige]display this

#

service-vlan vlan-id 172

ssid-profile zhuzige

security-profile zhuzige

#

Return

创建域管理模板，设置国家射频信号。

[AC6005-wlan-view]regulatory-domain-profile name zhuzige

[AC6005-wlan-regulate-domain-zhuzige]country-code CN

Info: The current country code is same with the input country code.

进入AP组

[AC6005-wlan-view]ap-group name zhuzige

[AC6005-wlan-ap-group-zhuzige]regulatory-domain-profile zhuzige  #引入域管理模板

Warning: Modifying the country code will clear channel, power and antenna gain c

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC6005-wlan-ap-group-zhuzige]vap-profile zhuzige wlan 1 radio all  #引入vap模板 并开启双频信号

[AC6005-wlan-ap-group-zhuzige]Info: This operation may take a few seconds, please wait...done.

[AC6005-wlan-view]display vap ssid zhuzige   #查看ap是否发出信号。

检验STA 网络是否正常

检查AP信号是否密码正确

华为无线AC配置实例-华为3层ac旁挂+直接转发相关推荐

1. 华为交换机vlan配置举例_华为S5700系列配置实例

   原标题:华为S5700系列配置实例 华为S5700系列配置 一.#telnet远程登录 步骤一:创建VLAN,并配置交换机VLAN的管理IP # 创建vlan system-view [Quidway ...

2. 华为无线WiFi配置802.1x认证

   一.拓扑: 二.简介: 本篇主要介绍华为交换机设备配合Windows server 2019配置的802.1x+NPS协同做的有线网络认证(可跟做).现有的华为6605无线AC配置:认证模板.radi ...

3. 单臂路由配置实例 华为模拟器 计算机网络

   单臂路由配置实例 单臂路由(router-on-a-stick):是指在路由器的一个接口上通过配置子接口(或"逻辑接口",并不存在真正物理接口)的方式,实现原来相互隔离的不同VLA ...

4. 华为[ENSP]ACL配置实例(访问控制列表配置实例)

   ACL配置实验一(高级ACL)(简单)的拓扑图如下: 一.配置PC1.PC2和Server   二.配置Router(运用高级ACL配置) 相关命令解析: [Router]acl 3000(进入高级A ...

5. 华为ospf实验配置实例

   ospf配置实例 ospf OSPF 开放式最短路径优先协议 目前使用范围最广泛的IGP协议:无类别链路状态路由协议: OSPF协议最大的缺点,在于基于拓扑收敛产生巨大的更新量: 故设计者在设计osp ...

6. 由浅入深玩转华为WLAN—16 漫游系列（3）同一AC内AP之间二层漫游【二层上线+旁挂+直接转发组网方式以及漫游后业务不同故障解决方案讲解】

   简介 上一篇已经把整个网络的网络初始化已经完毕,从接入交换机的VLAN划分以及接口类型配置,到核心交换机的初始化,VLANIF创建跟DHCP与路由,出口路由器的路由 NAT等,这些初始化的目的主要是为 ...

7. 华为ac、瘦ap简单上线（旁挂式）

   交换机部分 交换机与ap连接的接口配置成为trunk,pvid配置成为管理vlan. 全局地址池要配置 option 43字段指定到ac 交换机与ac连接的接口模式为trunk允许管理vlan通过 配 ...

8. 6 华为交换机 路由配置_华为路由、交换机基础配置指令

   华为路由.交换机基础配置指令 一.华为路由器交换机配置命令:计算机命令 PCAlogin:root:使用root用户 password:linux:口令是linux #shutdown -h now: ...

9. 华为交换机导入配置_华为交换机通用配置方式方法

   华为交换机通用配置方式方法 1,CONSOLE口接入 专用的CONSOLE线,一端连接交换机的CONSOLE口,另一端连接电脑的串口,打开电脑的超级终端进行 连入交换机后(交换机有默认用户和密码),出 ...

最新文章

1. rhel6ACL权限
2. 【百度联盟峰会】李彦宏详解AI时代思维方式，算法驱动的降维攻击
3. document对象相关信息
4. 大规模神经网络最新文献综述：训练高效DNN、节省内存使用、优化器设计
5. python itertools模块位置_Python高效编程之itertools模块详解
6. 《深入浅出vue.js》阅读笔记之数组变化侦测
7. 2021-2025年中国云计费行业市场供需与战略研究报告
8. 图文并茂，UML2组件图讨论内容
9. 算法萌新如何学好动态规划（二）
10. 一款开源的 macOS 外接显示器必备工具
11. linux 文件可视化工具下载,Linux 可视化管理工具
12. Java如何调用webservice
13. 网络层—简单的arp断网
14. 一分钟让你明白货币贬值现象
15. Python爬取m3u8格式视频并解密ts文件合并转为mp4格式
16. 求符号函数sgn(x)的c++程序
17. 程序员之问——为什么聊天软件app大多采用绿色？
18. service层的意义
19. (十)Intellij 远程调试 a bug
20. C语言：到底是不是太胖了

热门文章

1. cuda必须装在c盘吗_软件安装到C盘会影响计算机运行速度吗？一个问题引发的思考...
2. Android UI系列之侧滑粘稠效果的实现
3. /dev/sr0 3.7G 3.7G 0 100% /media/CentOS_6.8_Final
4. Web Workers简要概述
5. 白下高新区妇联、科协举办亲子活动，小朋友们走进云创大数据
6. 吴恩达机器学习笔记——含一个隐藏层的神经网络
7. 使用DPDK优化VirtIO和OVS网络
8. python numpy是什么_Python库Numpy里ndarray.ndim 是什么意思？
9. linux (ubuntu)安装包安装sublime
10. echarts正负极柱状图