华为ac+fit无线2层漫游配置案例

在这里插入图片描述

ap的管理dhcp在ac上，业务dhcp在汇聚交换机上、并且带2层漫游

R1:
interface GigabitEthernet0/0/0
ip address 11.1.1.1 255.255.255.0

ip route-static 12.2.2.0 255.255.255.0 11.1.1.2
ip route-static 192.168.0.0 255.255.0.0 11.1.1.2

lsw1:
vlan batch 100 200 300

interface Vlanif100
ip address 13.1.1.1 255.255.255.0

interface Vlanif200
ip address 12.2.2.1 255.255.255.0

interface Vlanif300
ip address 11.1.1.2 255.255.255.0

interface GigabitEthernet0/0/1
port link-type access
port default vlan 300

interface GigabitEthernet0/0/2
port link-type access
port default vlan 200

interface GigabitEthernet0/0/3
port link-type access
port default vlan 100

ospf 1 router-id 1.1.1.1
silent-interface GigabitEthernet0/0/1
silent-interface GigabitEthernet0/0/3
area 0.0.0.0
network 12.2.2.0 0.0.0.255
network 13.1.1.0 0.0.0.255
network 11.1.1.0 0.0.0.255

Lsw2:
vlan batch 10 20 200 1000
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8

interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8

interface Vlanif200
ip address 12.2.2.2 255.255.255.0

interface Vlanif1000 (给ap自动获取管理地址)
ip address 192.168.110.1 255.255.255.0 这个是管理ap的网关和ac上的dhcp呼应
dhcp select relay
dhcp relay server-ip 13.1.1.2

interface GigabitEthernet0/0/1
port link-type access
port default vlan 200

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 1000

ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 12.2.2.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.100.0 0.0.0.255

lsw3:
vlan batch 10 20 1000
interface MEth0/0/1

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 1000

interface Ethernet0/0/2
port link-type access
port default vlan 10

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 1000
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 1000

interface Ethernet0/0/4
port link-type trunk
port trunk pvid vlan 1000
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20 1000

interface GigabitEthernet0/0/2
port link-type access
port default vlan 10

ac:
vlan batch 100

aaa
local-user yu password cipher admin123
local-user yu privilege level 15
local-user yu service-type http

http server enable 不打这两个命令,web开不了
http secure-server enable

interface Vlanif100
ip address 13.1.1.2 255.255.255.0
dhcp select global

ip pool ap
gateway-list 192.168.110.1
network 192.168.110.0 mask 255.255.255.0
option 43 sub-option 3 ascii 13.1.1.2

interface GigabitEthernet0/0/1
port link-type access
port default vlan 100

interface GigabitEthernet0/0/2
port link-type access
port default vlan 100

ip route-static 0.0.0.0 0.0.0.0 13.1.1.1

capwap source interface vlanif100 这个vlan是ac控制器和汇聚交换机连接vlan

display ip pool interface vlanif1000 used //在ap管理dhcp设备上查看dhcp的ap物理地址

wlan
ap auth-mode mac-auth 用ap的网卡地址验证
ap-id 1 type-id 69 ap-mac 00e0-fc2e-2990 第一个ap就用1，ap2050编号69

配置WLAN业务(都要先进入wlan命令下配置)
（1）配置员工网络的VAP模板（employee）
[AC-wlan-view] security-profile name employee //创建名为“employee”的安全模板
[AC-wlan-sec-prof-employee] security wpa2 psk pass-phrase huawei@123 aes //设置无线密码。如果出现提示信息，则输入y确认
[AC-wlan-sec-prof-employee] quit
[AC-wlan-view] ssid-profile name employee //创建名为“employee”的SSID模板
[AC-wlan-ssid-prof-employee] ssid employee //指定SSID为“employee”。如果出现提示信息，则输入y确认
[AC-wlan-ssid-prof-employee] quit
[AC-wlan-view] vap-profile name employee //创建名为“employee”的VAP模板，引用安全模板和SSID模板，如果有两个ap不在同一个vlan这玩意就要弄两个模板，一个模板对应一个业务vlan，其它的可以共用一个模板，例如：射频板板，安全密码模板，ssid模板，
[AC-wlan-vap-prof-employee] security-profile employee
[AC-wlan-vap-prof-employee]forward-mode direct-forward //用直接转发
[AC-wlan-vap-prof-employee] ssid-profile employee
[AC-wlan-vap-prof-employee] service-vlan vlan-id 20 //指定VAP对应的业务VLAN
[AC-wlan-vap-prof-employee] quit

配置漫游模板，名为rrm
rrm-profile name rrm
smart-roam enable
smart-roam roam-threshold check-snr check-rate
smart-roam roam-threshold snr 30
smart-roam roam-threshold rate 30

创建2g模板，关联rrm漫游模板
radio-2g-profile name 2g
rrm-profile rrm

创建5g模板，关联rrm漫游模板
radio-5g-profile name 5g
rrm-profile rrm

创建ap模板名为ap，关联vap模板，并且关联射频模板2g和5g
ap-group name ap
radio 0
radio-2g-profile 2g
vap-profile employee wlan 1
radio 1
radio-5g-profile 5g
vap-profile employee wlan 1

把ap关联ap组，化进ap组之后，ap会重启，
重启完成后会有wifi的范围圈圈出来，此时就可以打开电脑进行连接
ap-id 1 //这个就是前面ap-id 1 type-id 69 ap-mac 00e0-fc2e-2990 和个1对应
ap-group ap
ap-id 2
ap-group ap

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：/a/172120.html

如若内容造成侵权/违法违规/事实不符，请联系我们进行投诉反馈qq邮箱809451989@qq.com，一经查实，立即删除！