華為eNSP模擬無線wifi實驗，AC/AP實驗

阿新 • • 發佈：2022-05-11

先看拓撲圖，配置完畢的狀態：

1.配置出口路由器/核心交換機/AC的IP地址、埠（略）

## 配置出口路由器的介面
<AR>sys
[AR]int g 0/0/0
[AR-GigabitEthernet0/0/0]ip ad 10.0.0.2 24

## 配置AC
<AC1>sys
[AC1]vlan batch 10
[AC1]int vlanif 10
[AC1-Vlanif10]ip ad 172.16.1.2 24 # 與核心交換機直連的IP地址
[AC1-Vlanif10]int g 0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan all

## 配置核心交換機
[LSW1]vlan batch 5 10 # 建立vlan5和10

[LSW1]int vlanif 1
[LSW1-Vlanif1]ip ad 10.0.0.1 24 # 與路由器直連的IP地址

[LSW1-Vlanif1]int vlanif 5
[LSW1-Vlanif5]ip ad 192.168.0.1 24 # AP的閘道器地址，稍後要用到

[LSW1-Vlanif5]int vlanif 10
[LSW1-Vlanif10]ip ad 172.16.1.1 24 # 與AC直連的地址

[LSW1-Vlanif10]int g 0/0/4  
[LSW1-GigabitEthernet0/0/4]port link-type trunk 
[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all

2.配置AC/出口路由器的路由，使其能相互通訊。

## AC的靜態路由
[AC1]ip route-static 0.0.0.0 0 172.16.1.1

## 出口路由器的靜態路由
[AR]ip route-static 0.0.0.0 0 10.0.0.1

## 在AC上ping一下路由器，測試網路是否聯通：
<AC1>ping 10.0.0.2
PING 10.0.0.2: 56  data bytes, press CTRL_C to break
  Reply from 10.0.0.2: bytes=56 Sequence=1 ttl=254 time=60 ms
  Reply from 10.0.0.2: bytes=56 Sequence=2 ttl=254 time=30 ms
  Reply from 10.0.0.2: bytes=56 Sequence=3 ttl=254 time=40 ms
  Reply from 10.0.0.2: bytes=56 Sequence=4 ttl=254 time=40 ms
  Reply from 10.0.0.2: bytes=56 Sequence=5 ttl=254 time=50 ms

## 確認無誤再進行下一步

3.配置核心交換機DHCP，使其能分配IP地址給AP

## 配置與AP相連的埠
[LSW1]port-group group-member g0/0/1 to g0/0/3 # 埠組
[LSW1-port-group]port link-type trunk
[LSW1-port-group]port trunk allow-pass vlan all
[LSW1-port-group]port trunk pvid vlan 5
[LSW1-port-group]quit

## 配置DHCP地址池
[LSW1]dhcp enable # 使能DHCP
[LSW1]ip pool vlan5 # 建立地址池
[LSW1-ip-pool-vlan5]network 192.168.0.0 mask 24 # 配置要分配的網段
[LSW1-ip-pool-vlan5]gateway-list 192.168.0.1 # 配置要分配的閘道器地址
[LSW1-ip-pool-vlan5]option 43 sub-option 3 ascii 172.16.1.2 # 將AC的IP地址下發給AP
[LSW1-ip-pool-vlan5]quit

[LSW1]int vlanif 5
[LSW1-Vlanif5]dhcp select global #在介面上下發IP地址

## 看看AP的地址有沒有上來
<guest1>dis ip int bri
Interface                         IP Address/Mask      Physical   Protocol  
NULL0                             unassigned           up         up(s)     
Vlanif1                           192.168.0.252/24     up         up

## ping一下AC看看通不通
<guest1>ping 172.16.1.2
  PING 172.16.1.2: 56  data bytes, press CTRL_C to break
    Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=254 time=30 ms
    Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=254 time=20 ms
    Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=254 time=10 ms
    Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=254 time=20 ms
    Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=254 time=40 ms

## 確認無誤，進行下一步

4.註冊AP

以下配置，可能會彈出的警告，都選Y就行

## 指定capwap協議的信令源地址
[AC1]capwap source interface Vlanif 10
[AC1]wlan # 進入wlan檢視
[AC1-wlan-view]ap auth-mode mac-auth # 配置AC的驗證方式為MAC驗證

## 建立域配置並配置國家碼，使AP的射頻特性符合國家的法律法規要求
[AC1-wlan-view]regulatory-domain-profile name CN # 建立域配置
[AC1-wlan-regulate-domain-CN]country-code CN # 國家碼：中國
[AC1-wlan-regulate-domain-CN]quit

## 建立AP-group
[AC1-wlan-view]ap-group name guest # 建立guest組
[AC1-wlan-ap-group-guest]regulatory-domain-profile CN # 關聯剛才的域配置
[AC1-wlan-ap-group-guest]quit
[AC1-wlan-ap-group-work]ap-group name work # 建立work組
[AC1-wlan-ap-group-work]regulatory-domain-profile CN # 關聯剛才的域配置
[AC1-wlan-ap-group-work]quit

## 基於mac地址註冊AP
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc61-3600 # 加入AP。mac地址可以通過檢視核心交換機的mac地址表，或者右鍵AP開啟設定檢視
[AC1-wlan-ap-1]ap-name guest1 # 將AP名字更改為guest1
[AC1-wlan-ap-1]ap-group guest # 將AP加入剛才配置的guest組
[AC1-wlan-ap-1]quit

[AC1-wlan-view]ap-id 2 ap-mac 00e0-fc56-18b0
[AC1-wlan-ap-1]ap-name guest2
[AC1-wlan-ap-1]ap-group guest
[AC1-wlan-ap-1]quit

[AC1-wlan-view]ap-id 3 ap-mac 00e0-fce3-7a10
[AC1-wlan-ap-1]ap-name work1
[AC1-wlan-ap-1]ap-group work
[AC1-wlan-ap-1]quit

## 到此處AP會自動重啟，且AP名字會被更改（如果沒有自動重啟，可以自己手動重啟）
## 重啟完在AC上檢視AP是否註冊成功：
[AC1-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [1]
--------------------------------------------------------------------------------
ID   MAC            Name    Group IP            Type            State STA Uptime
--------------------------------------------------------------------------------
1    00e0-fc61-3600 guest1  guest 192.168.0.252 AP9131DN        nor   0   1M:3S
2    00e0-fc56-18b0 guest2  guest -             -               idle  0   -
3    00e0-fce3-7a10 work1   work  -             -               idle  0   -
--------------------------------------------------------------------------------
Total: 1

## 可以看到state為nor，說明註冊成功；餘下兩臺裝置顯示為idle，說明註冊失敗（只是因為我還沒重啟，想給大家看看沒註冊成功的狀態）
## 等三臺裝置全部上線，確認無誤再進行下一步

5.分配無線引數

[AC1]vlan pool sta-pool101 # 新建vlan地址池，名稱為sta-pool101
[AC1-vlan-pool-sta-pool101]vlan 101
[AC1-vlan-pool-sta-pool101]quit

[AC1]vlan pool sta-pool102
[AC1-vlan-pool-sta-pool102]vlan 102
[AC1-vlan-pool-sta-pool102]quit

## 安全配置（WIFI密碼）
[AC1]wlan
[AC1-wlan-view]security-profile name guest # 新建安全配置，名稱為guest
[AC1-wlan-sec-prof-guest]security wpa2 psk pass-phrase a12345678 aes # 配置加密方式為wpa2-psk，aes密文存放
[AC1-wlan-sec-prof-guest]quit

[AC1-wlan-view]security-profile name work
[AC1-wlan-sec-prof-work]security wpa2 psk pass-phrase a12345678 aes
[AC1-wlan-sec-prof-work]quit

## SSID配置（WIFI名稱）
[AC1-wlan-view]ssid-profile name guest # 新建SSID配置，名稱為guest
[AC1-wlan-ssid-prof-guest]ssid guest # 配置SSID名為guest
[AC1-wlan-ssid-prof-guest]quit

[AC1-wlan-view]ssid-profile name work
[AC1-wlan-ssid-prof-work]ssid work
[AC1-wlan-ssid-prof-work]quit

## 虛擬接入點（vpa）配置
[AC1-wlan-view]vap-profile name guest # 新建vap配置，名稱為guest
[AC1-wlan-vap-prof-guest]service-vlan vlan-pool sta-pool101  # 應用vlan地址池
[AC1-wlan-vap-prof-guest]security-profile guest # 應用安全配置
[AC1-wlan-vap-prof-guest]ssid-profile guest # 應用SSID
[AC1-wlan-vap-prof-guest]quit

[AC1-wlan-view]vap-profile name work
[AC1-wlan-vap-prof-work]service-vlan vlan-pool sta-pool102
[AC1-wlan-vap-prof-work]security-profile work
[AC1-wlan-vap-prof-work]ssid-profile work
[AC1-wlan-vap-prof-work]quit

## 開啟無線電訊號
[AC1-wlan-view]ap-group name guest
[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 0 # 應用虛擬接入點配置，wlanid為1，radio 0意思是使用2.4GHz的頻段
[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 1 # 配置雙射頻，radio 1=5GHz
[AC1-wlan-ap-group-guest]quit

[AC1-wlan-view]ap-group name work
[AC1-wlan-ap-group-work]vap-profile work wlan 1 radio 0
[AC1-wlan-ap-group-work]vap-profile work wlan 1 radio 1

6.配置客戶端使用的地址池，結束。檢驗配置成果。

## 配置核心交換機
[LSW1]vlan batch 101 102
[LSW1]ip pool 101
[LSW1-ip-pool-101]network 192.168.10.0 mask 24
[LSW1-ip-pool-101]gateway-list 192.168.10.1
[LSW1-ip-pool-101]quit

[LSW1]ip pool 102
[LSW1-ip-pool-102]network 192.168.20.0 mask 24
[LSW1-ip-pool-102]gateway-list 192.168.20.1
[LSW1-ip-pool-102]quit

[LSW1]int vlanif 101
[LSW1-Vlanif101]ip ad 192.168.10.1 24
[LSW1-Vlanif101]dhcp select global 

[LSW1]int vlanif 102
[LSW1-Vlanif102]ip ad 192.168.20.1 24
[LSW1-Vlanif102]dhcp select global

## 在終端裝置連線AP，並輸入密碼
## 然後測試一下網路連通性：
STA>ipconfig
Link local IPv6 address...........: ::
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.254
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.1
Physical address..................: 54-89-98-F0-37-1A
DNS server........................:

## 以上可以看到終端自動獲取的IP地址資訊是正確的
## 再ping一下出口路由器和AC：
STA>ping 10.0.0.2
Ping 10.0.0.2: 32 data bytes, Press Ctrl_C to break
From 10.0.0.2: bytes=32 seq=1 ttl=254 time=219 ms
From 10.0.0.2: bytes=32 seq=2 ttl=254 time=282 ms
From 10.0.0.2: bytes=32 seq=3 ttl=254 time=203 ms
From 10.0.0.2: bytes=32 seq=4 ttl=254 time=204 ms
From 10.0.0.2: bytes=32 seq=5 ttl=254 time=218 ms

STA>ping 172.16.1.2
Ping 172.16.1.2: 32 data bytes, Press Ctrl_C to break
From 172.16.1.2: bytes=32 seq=1 ttl=254 time=266 ms
From 172.16.1.2: bytes=32 seq=2 ttl=254 time=218 ms
From 172.16.1.2: bytes=32 seq=3 ttl=254 time=203 ms
From 172.16.1.2: bytes=32 seq=4 ttl=254 time=266 ms
From 172.16.1.2: bytes=32 seq=5 ttl=254 time=203 ms