最近一个项目十分恶心,反复去了好多次都没解决问题,最后在求助的情况下解决了问题,今天闲来无事进行一下总结,希望以后大家在遇到类似问题的时候会有所帮助,少走弯路。
环境如下:
无线AP:华为AP7110DN-AGN 无线控制器:华为L-AC6605-16AP
交换机:华为S5700-28P-LI-AC 路由器:华为AR0M0022BA00
配置过程如下:
路由器配置:
<router>dis cu
[V200R003C01SPC900]
#
sysname router
#
snmp-agent local-engineid 800007DB034846FBDD5110
snmp-agent
#
http timeout 3
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
dhcp enable 启用dhcp服务
#
undo dhcp server bootp
#
pki realm default
enrollment self-signed
#
#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255 配置acl
#
ip pool ip-pool1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.2 192.168.1.10 配置dhcp地址池等相关信息
lease day 999 hour 0 minute 0
dns-list 202.99.160.68
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$=i~>Xp&aY+*2cEVcS-A23Uwe%$%$
local-user admin service-type http
#
firewall zone Local
priority 64
#
nat address-group 1 10.48.183.249 10.48.183.249 nat地址
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0 配置内网接口IP地址
dhcp select global
#
interface GigabitEthernet0/0/2
ip address 10.48.183.241 255.255.255.0 配置外网接口地址和地址映射
nat outbound 2000
#
interface Cellular0/0/0
link-protocol ppp
#
interface Cellular0/0/1
link-protocol ppp
#
interface NULL0
#
interface LoopBack1
#
ip route-static 0.0.0.0 0.0.0.0 10.48.183.254 配置默认静态路由
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$v)eUQb:a@@Dq>LQ]8_~(,.6ebgw1T<1nDK(Bi*MIy)4I.6h,%$%$
user-interface vty 0 4 配置远程telnet登陆
#
wlan ac
#
voice
#
diagnose
#
return
交换机配置:
<switch>dis cu
#
!Software Version V200R001C00SPC300
sysname switch
#
vlan batch 100 to 101 800 配置通信vlan和管理vlan
#
undo http server enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$I6.ASV)hJET,p"Dn.YM%3aXO%$%$
local-user admin service-type http
#
interface Vlanif1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 800
port trunk allow-pass vlan 101 800
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 800
port trunk allow-pass vlan 101 800 配置交换机连接无线AP的接口模式
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 800
port trunk allow-pass vlan 101 800
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 800
port trunk allow-pass vlan 101 800
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 101 800 配置交换机连接无线控制器的接口模式
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/15 配置交换机与服务器连接的接口模式
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 101
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface GigabitEthernet0/0/25
#
interface GigabitEthernet0/0/26
#
interface GigabitEthernet0/0/27
#
interface GigabitEthernet0/0/28
#
interface NULL0
#
interface LoopBack1
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$@T4G)wr!n@xWkW1=!S>W,G>5dOgs,@68!%p,d{O)k‘f!>MD~%$%$
user-interface vty 0 4
user-interface vty 16 20
#
return
无线控制器配置:
[V200R003C00SPC300]
#
sysname AC-LSW
#
snmp-agent local-engineid 800007DB03DCD2FC9AF55A
undo snmp-agent community complexity-check disable
snmp-agent
#
http server enable 启动http服务,用来通过web方式访问无线控制器
http secure-server enable
#
info-center timestamp log format-date
#
vlan batch 101 800 新建相应的vlan
#
dhcp enable 启动dhcp服务
#
diffserv domain default
#
pki realm default
enrollment self-signed
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@4SD!O#B"vE‘%R>6/v7]F@KaN%@%@
local-user admin privilege level 15
local-user admin service-type http 配置web登陆用户
#
interface Vlanif1
#
interface Vlanif101
ip address 192.168.1.18 255.255.255.0 配置远程管理地址
#
interface Vlanif800
ip address 172.1.1.1 255.255.255.0 配置无线AP的管理地址池并通过dhcp下发ip地址给AP
dhcp select interface
#
interface MEth0/0/1
ip address 192.168.0.1 255.255.255.0 配置管理接口的ip地址,用来进行系统版本的升级
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 101 800 设置与交换机连接接口的端口类型和允许的vlan
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface Wlan-Ess0
port hybrid pvid vlan 101
port hybrid untagged vlan 101 配置wlan-ess虚接口
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 配置默认路由,用于远程管理
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$"GCEA{F!GFFR9-UtLm#Y,;,-8xu`X~H8=;M/;;ZHZm/B;,0,%$%$ 配置console接口认证
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password cipher %$%$vr‘(L4QuvI^ojOS1^jg7~.ZM>[&xDt.~xUj&P.1UJ[nY.ZP~%$%$
user-interface vty 16 20 配置vty接口的认证,用于远程管理
#
wlan
wlan ac source interface vlanif800 配置无线AP的管理vlan
ap-auth-mode no-auth 配置无线vlan的认证方式
ap id 4 type-id 28 mac 04f9-38e8-6f80 sn 210235555310E3000596 添加相应的无线AP
ap id 5 type-id 28 mac 04f9-38ea-35a0 sn 210235555310E3000992
ap id 6 type-id 28 mac 04f9-38e5-78a0 sn 210235555310E3000446
ap id 7 type-id 28 mac 04f9-38ea-35c0 sn 210235555310E3000993
wmm-profile name huawei-ap id 0 配置vmm-profile名称
traffic-profile name huawei-ap id 0 配置traffic-profile名字
security-profile name huawei-ap id 0 配置security-profile名字
security-policy wpa2 配置安全模板的认证方式
wpa2 authentication-method psk pass-phrase cipher %@%@bkz|%Dyw"RFrgoE‘@yxR@QNf%@%@ encryption-method ccmp 配置无线AP的加密方式和相应的密码(会影响网速)
sta-load-balance enable 启用负载均衡功能
service-set name huawei id 0 配置服务集模板
forward-mode tunnel
wlan-ess 0
ssid DHJS208 配置ssid为DHJS208
traffic-profile id 0
security-profile id 0
service-vlan 101 服务vlan101
radio-profile name huawei-ap id 0
radio-type 80211n 强制设置radio的类型为802.11n,这样只有网卡的速率可以到133Mbps,如果不设置速率只能达到54Mbps这样会影响网速
wmm-profile id 0
#
return
本文出自 “闲的蛋疼” 博客,谢绝转载!
无线环境+一体机(52台)+联想传奇软件,布布扣,bubuko.com
原文:http://manlicui.blog.51cto.com/924370/1433357