無線部分
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiIyVGduV2YfNWawNyZuBnLwEGZ2MDZkNTOwUGNxIWMiRzMzQTMzImN1YjYjJjYkhzLc52YucWbp5GZzNmLn9Gbi1yZtl2Lc9CX6MHc0RHaiojIsJye.png)
1、配置AC端口類型以及vlanif 接口IP位址,并在S1、S2的OSPF區域0中宣告AC的直連網段,但這些接口不能轉發OSPF封包
[AC1]dis cu
#
sysname AC1
#
vlan batch 7 10 20 12
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 7 10 20 12
#
interface Vlanif7
ip address 172.16.7.1 255.255.255.0
#
[AC2]dis cu
#
sysname AC2
#
vlan batch 8 10 20 12
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 8 10 20 12
#
interface Vlanif7
ip address 172.16.8.2 255.255.255.0
#
[S1-ospf-100]di th
#
ospf 100 router-id 10.0.0.1
silent-interface Vlanif7
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 172.16.79.7 0.0.0.0
network 172.16.107.7 0.0.0.0
network 172.16.78.7 0.0.0.0
network 172.16.17.7 0.0.0.0
network 172.16.7.7 0.0.0.0
#
[S2-ospf-100]di th
#
ospf 100 router-id 10.0.0.8
silent-interface Vlanif8
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 172.16.78.8 0.0.0.0
network 172.16.89.8 0.0.0.0
network 172.16.108.8 0.0.0.0
network 172.16.28.8 0.0.0.0
network 172.16.8.8 0.0.0.0
#
2、WLAN業務需求:
- SSID:HUAWEI
AC1、AC2:
wlan
ssid-profile name SSID
ssid HUAWEI
- 轉發模式:隧道轉發
AC1、AC2:
vap-profile name VAP
forward-mode tunnel
service-vlan vlan-pool sta_pool
ssid-profile SSID
security-profile SEC
- 業務vlan:vlan池(包含VLAN10,20),基于hash配置設定
AC1:
vlan pool sta_pool
vlan 10 20
assignment hash
#
AC2:
vlan pool sta_pool
vlan 10 20
assignment hash
#
- 安全配置:wpa-wpa2;密碼[email protected];加密算法:AES
AC1、AC2:
wlan
security-profile name SEC
security wpa-wpa2 psk pass-phrase Huawei@123 aes
5)建立CAPWAP隧道
[AC1]capwap source interface Vlanif 7
[AC1]ip route-static 0.0.0.0 0 172.16.7.7
[AC2]capwap source interface Vlanif 8
[AC2]ip route-static 0.0.0.0 0 172.16.28.8
5)配置AP上線
AC1、AC2
ap auth-mode mac-auth
ap-id 1 ap-mac aabb-cc00-0100
ap-name ap-1
vap-profile VAP wlan 1 radio 0
vap-profile VAP wlan 1 radio 1
ap-id 2 ap-mac aabb-cc00-0200
ap-name ap-2
vap-profile VAP wlan 1 radio 0
vap-profile VAP wlan 1 radio 1
3、 配置AC1為AP1的主AC,AC2為備份AC;AC2為AP2的主AC,AC1為備份AC
#AC1、AC2:
wlan
ap-system-profile name AP1
primary-access ip-address 172.16.7.1
backup-access ip-address 172.16.8.2
#
ap-system-profile name AP2
primary-access ip-address 172.16.8.2
backup-access ip-address 172.16.7.1
#
ap-id 1
ap-system-profile AP1
ap-id 2
ap-system-profile AP2
#
ac protect enable
4、将主用AC上的WLAN資訊通過備份鍊路批量備份和實時備份到備用AC上,實作當主用AC故障時,備用AC接替主用AC繼續工作,保證使用者業務不中斷
AC1:
hsb-service 0
service-ip-port local-ip 172.16.12.1 peer-ip 172.16.12.2 local-data-port 10240 peer-data-port 10240
#
hsb-service-type ap hsb-service 0
AC2:
hsb-service 0
service-ip-port local-ip 172.16.12.2 peer-ip 172.16.12.1 local-data-port 10240 peer-data-port 10240
#
hsb-service-type ap hsb-service 0