大型園區網建設（無線部分）

無線部分

1、配置AC端口類型以及vlanif 接口IP位址，并在S1、S2的OSPF區域0中宣告AC的直連網段，但這些接口不能轉發OSPF封包

[AC1]dis cu
#
 sysname AC1
#
vlan batch 7 10 20 12
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 7 10 20 12
#
interface Vlanif7
 ip address 172.16.7.1 255.255.255.0
#
           

[AC2]dis cu
#
 sysname AC2
#
vlan batch 8 10 20 12 
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 8 10 20 12
#
interface Vlanif7
 ip address 172.16.8.2 255.255.255.0
#
           

[S1-ospf-100]di th
#
ospf 100 router-id 10.0.0.1
 silent-interface Vlanif7
 area 0.0.0.0
  authentication-mode md5 1 plain huawei
  network 172.16.79.7 0.0.0.0
  network 172.16.107.7 0.0.0.0
  network 172.16.78.7 0.0.0.0
  network 172.16.17.7 0.0.0.0
  network 172.16.7.7 0.0.0.0
#
           

[S2-ospf-100]di th
#
ospf 100 router-id 10.0.0.8
 silent-interface Vlanif8
 area 0.0.0.0
  authentication-mode md5 1 plain huawei
  network 172.16.78.8 0.0.0.0
  network 172.16.89.8 0.0.0.0
  network 172.16.108.8 0.0.0.0
  network 172.16.28.8 0.0.0.0
  network 172.16.8.8 0.0.0.0
#
           

2、WLAN業務需求：

1. SSID:HUAWEI

AC1、AC2：
wlan
 ssid-profile name SSID
  ssid HUAWEI
           

1. 轉發模式:隧道轉發

AC1、AC2：
vap-profile name VAP
  forward-mode tunnel
  service-vlan vlan-pool sta_pool
  ssid-profile SSID
  security-profile SEC
           

1. 業務vlan:vlan池(包含VLAN10,20)，基于hash配置設定

AC1：
vlan pool sta_pool
 vlan 10 20
 assignment hash
#
           

AC2：
vlan pool sta_pool
 vlan 10 20
 assignment hash
#
           

1. 安全配置:wpa-wpa2；密碼[email protected]；加密算法:AES

AC1、AC2：
wlan
 security-profile name SEC
 security wpa-wpa2 psk pass-phrase Huawei@123 aes
           

5）建立CAPWAP隧道

[AC1]capwap source interface  Vlanif 7
[AC1]ip route-static 0.0.0.0 0 172.16.7.7
           

[AC2]capwap source interface Vlanif 8
[AC2]ip route-static 0.0.0.0 0 172.16.28.8
           

5）配置AP上線

AC1、AC2
ap auth-mode mac-auth
ap-id 1 ap-mac  aabb-cc00-0100
 ap-name ap-1
 vap-profile VAP wlan 1 radio 0
 vap-profile VAP wlan 1 radio 1

ap-id 2 ap-mac aabb-cc00-0200
 ap-name ap-2
 vap-profile VAP wlan 1 radio 0
 vap-profile VAP wlan 1 radio 1
           

3、 配置AC1為AP1的主AC，AC2為備份AC；AC2為AP2的主AC，AC1為備份AC

#AC1、AC2：
wlan
 ap-system-profile name AP1
  primary-access ip-address 172.16.7.1
  backup-access ip-address 172.16.8.2
#
 ap-system-profile name AP2
  primary-access ip-address 172.16.8.2
  backup-access ip-address 172.16.7.1
 #
 ap-id 1
  ap-system-profile AP1
 ap-id 2
  ap-system-profile AP2
#
  ac protect enable
           

4、将主用AC上的WLAN資訊通過備份鍊路批量備份和實時備份到備用AC上，實作當主用AC故障時，備用AC接替主用AC繼續工作，保證使用者業務不中斷

AC1:
hsb-service 0
 service-ip-port local-ip 172.16.12.1 peer-ip 172.16.12.2 local-data-port 10240 peer-data-port 10240
#
hsb-service-type ap hsb-service 0
           

AC2:
hsb-service 0
 service-ip-port local-ip 172.16.12.2 peer-ip 172.16.12.1 local-data-port 10240 peer-data-port 10240
#
hsb-service-type ap hsb-service 0