前言
WLAN是指 应用无线通信技术将计算机设备互连起来,以无线信道作为传输媒介的计算机局域网。WLAN是有线联网方式的重要补充和延伸,并逐渐成为计算机网路中的至关组成部分。
基本概念 [*]
ISM及其频段
ISM频段范围为2.4~2.4835GHz ISM频段实际上就是WLAN使用的频段 ISM频段各国规定不尽相同
信道划分以及使用范围
IEEE802.11协议在2.4GHz频段定义了14个信道,每个信道的频宽为22MHZ。两个相邻的信道中心频率的间隔是5MHZ(信道13与信道14除外) 信道1中心频率是2.412GHz
如上图所示 信道1与信道2,3,4,5都有交叠,这就意味着,如果某处有两个无线设备在同时工作,且信道为1至5随机两个,那么这两个无线设备发出的信号会互相干扰 为了最大限度的利用频段资源,可以使用<1,6,,11>、<2,7,12>、<3,8,13>、<4,9,14>这四组互不干扰的信道进行无线覆盖,由于部分国家只开放了12~14信道频段,所以一般情况下都使用1、6、11三个信道
capwp协议
AP-AC 建立连接使用capwp隧道
| 作用 |
|---|
| ap-ac之间的状态维护 |
| ac下发业务配置给ap |
| 通过隧道转发模式ap-ac之间交互 |
WLAN网络报文发送机制
CSMA/CA 载波侦听多点接入/避免冲突
空口即空中接口,是指通过无线信号连接移动终端与接入点
WLAN网络构成 [**]
WLAN基本元素
- SSID服务集群识别码
用来区分不同的网络,无线网卡设置了不同的SSID就可以进入不同的网络,SSID通常由AP广播出来,通过系统自带扫描功能可以查看当前区域内的SSID <WIFI的名称>
- BSS基本服务集
使用相同的服务识别码(SSID)的一个单一访问点以及一个无线设备群组,组成一个基本服务组。必须相同的SSID。使用不同的SSID设备彼此之间不能进行通信
- BSSID无线设备识别符
SSID+设备MAC 用于标记唯一的设备 (华三设备BSSID为AP的mac地址)
- ESS扩展服务集
使用相同的服务识别码(SSID)的多个访问点以及一个无线设备群组,组成一个扩展群组 同一ESS内的不同访问点可以使用不同的信道,尽可能的减少各访问点之间的干扰。 <从一个AP<访问点>信号范围走向另一个AP信号范围> 漫游技术: 在PC端保持不作任何变化的同时,完成AP的切换。
WLAN典型组网
二层组网与三层组网
- 二层组网: AP-AC相同网段 通过AP通过ARP广播寻找AC
- 三层组网: AP-AC不同网段 通过DHCP/指定AC IP地址 寻找AC
AP数据转发模式
- 本地转发 AP的业务数据走本地 需要下发AP配置 AP上行接口放行业务VLAN
- 集中转发 AP的业务数据转发给AC 由AC负责集中转发 AP无需配置 保持默认即可
AC连接方式
- 直连式组网 AC同时充当核心交换机的功能 部署在数据主要通道上
- 旁挂式组网 旁挂在核心交换机旁
WLAN基本配置 [***]
- 配置DHCP服务
- AC直连开启DHCP服务 或者 2. AC旁挂 核心交换机/DHCP服务器开启DHCP服务
- 创建AP组
AP组常用于多个AP的通用配置
- 配置AC的国家码(域管理模板)
设置发送功率,信道等 采用什么国家的规定等
- 配置capwp源端口/源地址
华为需要配置源端口 华三不需要 主要用于AP-AC通信隧道
5.配置AP上线自动升级 【可选】 6. 配置AP认证模式
模拟器因无法输入密码 所以采用无认证 AAA认证需要AAA服务器dotlx 通常使用WPA2认证或者MAC
WLAN配置举例
基本配置
SWA配置
// 划分VLAN
[SWA]vlan 10
[SWA-vlan10]port GigabitEthernet 1/0/1
[SWA-vlan10]qu
[SWA]vlan 20
[SWA-vlan20]port GigabitEthernet 1/0/2
[SWA-vlan20]qu
// 创建VLAN
[SWA]vlan 40
[SWA-vlan40]qu
[SWA]vlan 50
[SWA-vlan50]qu
[SWA]vlan 60
[SWA-vlan60]qu
[SWA]vlan 70
[SWA-vlan70]qu
// 开启dhcp服务
[SWA]dhcp enable
// 配置IP地址
[SWA]interface Vlan-interface 10
[SWA-Vlan-interface10]ip address 192.168.10.2 24
[SWA-Vlan-interface10]qu
[SWA]interface Vlan-interface 20
[SWA-Vlan-interface20]ip address 192.168.20.254 24
[SWA-Vlan-interface20]qu
[SWA]interface Vlan-interface 30
[SWA-Vlan-interface30]ip address 192.168.30.254 24
[SWA-Vlan-interface30]qu
[SWA]interface Vlan-interface 40
[SWA-Vlan-interface40]ip address 192.168.40.254 24
[SWA-Vlan-interface40]dhcp select relay // 开启DHCP中继模式
[SWA-Vlan-interface40]dhcp relay server-address 192.168.20.1 // 指定DHCP中继地址
[SWA-Vlan-interface40]qu
[SWA]interface Vlan-interface 50
[SWA-Vlan-interface50]ip address 192.168.50.254 24
[SWA-Vlan-interface50]dhcp select relay
[SWA-Vlan-interface50]dhcp relay server-address 192.168.20.1
[SWA-Vlan-interface50]qu
[SWA]interface Vlan-interface 60
[SWA-Vlan-interface60]ip address 192.168.60.254 24
[SWA-Vlan-interface60]dhcp select relay
[SWA-Vlan-interface60]dhcp relay server-address 192.168.20.1
[SWA-Vlan-interface60]qu
[SWA]interface Vlan-interface 70
[SWA-Vlan-interface70]ip address 192.168.70.254 24
[SWA-Vlan-interface70]dhcp select relay
[SWA-Vlan-interface70]dhcp relay server-address 192.168.20.1
[SWA-Vlan-interface70]qu
// 修改G1/0/3 G1/0/11 G1/0/12 为Trunk
[SWA]interface GigabitEthernet 1/0/3
[SWA-GigabitEthernet1/0/3]port link-type trunk
[SWA-GigabitEthernet1/0/3]port trunk pvid vlan 30
[SWA-GigabitEthernet1/0/3]port trunk permit vlan all
[SWA-GigabitEthernet1/0/3]qu
[SWA]interface GigabitEthernet 1/0/11
[SWA-GigabitEthernet1/0/11]port link-type trunk
[SWA-GigabitEthernet1/0/11]port trunk pvid vlan 40
[SWA-GigabitEthernet1/0/11]port trunk permit vlan 40 50 60
[SWA-GigabitEthernet1/0/11]qu
[SWA]interface GigabitEthernet 1/0/12
[SWA-GigabitEthernet1/0/12]port link-type trunk
[SWA-GigabitEthernet1/0/12]port trunk pvid vlan 40
[SWA-GigabitEthernet1/0/12]port trunk permit vlan 40 70
[SWA-GigabitEthernet1/0/12]qu
// 配置出口路由
[SWA]ip route-static 0.0.0.0 0 192.168.10.1
RTA配置
// 配置IP地址
[RTA]interface GigabitEthernet 0/0
[RTA-GigabitEthernet0/0]ip address 12.0.0.2 24
[RTA-GigabitEthernet0/0]qu
[RTA]interface GigabitEthernet 0/1
[RTA-GigabitEthernet0/1]ip address 192.168.10.1 24
[RTA-GigabitEthernet0/1]qu
// 配置ACL与应用ACL
[RTA]acl basic 2000
[RTA-acl-ipv4-basic-2000]rule permit
[RTA-acl-ipv4-basic-2000]qu
[RTA]interface GigabitEthernet 0/0
[RTA-GigabitEthernet0/0]nat outbound 2000
[RTA-GigabitEthernet0/0]qu
// 配置出口路由与回程路由
[RTA]ip route-static 0.0.0.0 0 12.0.0.1
[RTA]ip route-static 192.168.0.0 16 192.168.10.2
PEA配置
// 配置IP地址
[PEA]interface LoopBack 0
[PEA-LoopBack0]ip address 1.1.1.1 32
[PEA-LoopBack0]qu
[PEA]interface GigabitEthernet 0/0
[PEA-GigabitEthernet0/0]ip address 12.0.0.1 24
[PEA-GigabitEthernet0/0]qu
DHCP配置
// 配置IP地址
[DHCP]interface GigabitEthernet 0/2
[DHCP-GigabitEthernet0/2]ip address 192.168.20.1 24
[DHCP-GigabitEthernet0/2]qu
// 配置DHCP服务
[DHCP]dhcp enable
[DHCP]dhcp server ip-pool vlan40
[DHCP-dhcp-pool-vlan40]network 192.168.40.0 mask 255.255.255.0
[DHCP-dhcp-pool-vlan40]gateway-list 192.168.40.254
[DHCP-dhcp-pool-vlan40]dns-list 1.1.1.1 // dns服务器根据实际情况而定[可选]
[DHCP-dhcp-pool-vlan40]forbidden-ip 192.168.40.254 // 不参与分配的IP地址
[DHCP-dhcp-pool-vlan40]option 43 hex 8007000001C0A81E01 // DHCP方式发现AC
[DHCP-dhcp-pool-vlan40]qu
[DHCP]dhcp server ip-pool vlan50
[DHCP-dhcp-pool-vlan50]network 192.168.50.0 mask 255.255.255.0
[DHCP-dhcp-pool-vlan50]gateway-list 192.168.50.254
[DHCP-dhcp-pool-vlan50]qu
[DHCP]dhcp server ip-pool vlan60
[DHCP-dhcp-pool-vlan60]network 192.168.60.0 mask 255.255.255.0
[DHCP-dhcp-pool-vlan60]gateway-list 192.168.60.254
[DHCP-dhcp-pool-vlan60]qu
[DHCP]dhcp server ip-pool vlan70
[DHCP-dhcp-pool-vlan70]network 192.168.70.0 mask 255.255.255.0
[DHCP-dhcp-pool-vlan70]gateway-list 192.168.70.254
[DHCP-dhcp-pool-vlan70]qu
// 配置出口路由
[DHCP]ip route-static 0.0.0.0 0 192.168.20.254
AC1配置
// 创建VLAN与配置VLAN
[AC1]vlan 30
[AC1-vlan30]qu
[AC1]vlan 40
[AC1-vlan40]qu
[AC1]vlan 50
[AC1-vlan50]qu
[AC1]vlan 60
[AC1-vlan60]qu
[AC1]vlan 70
[AC1-vlan70]qu
[AC1]interface GigabitEthernet 1/0/3
[AC1-GigabitEthernet1/0/3]port link-type trunk
[AC1-GigabitEthernet1/0/3]port trunk pvid vlan 30
[AC1-GigabitEthernet1/0/3]port trunk permit vlan all
[AC1-GigabitEthernet1/0/3]qu
// 配置IP地址
[AC1]interface Vlan-interface 30
[AC1-Vlan-interface30]ip address 192.168.30.1 24
[AC1-Vlan-interface30]qu
// 配置出口路由
[AC1]ip route-static 0.0.0.0 0 192.168.30.254
无线配置
AP手动上线
[AC1]wlan ap AP1 model WA6320-HCL // 手动指定设备型号
[AC1-wlan-ap-AP1]Dserial-id H3C_1E-8C-6A-43-06-00 // 手动指定设备SN码
// AP查询设备SN码
[AP1]display device manuinfo
DEVICE_ID:Slot ID:0
DEVICE_NAME:Simware
DEVICE_SERIAL_NUMBER:H3C_1e-8c-6a-43-06-00
MAC_ADDRESS:1e-8c-6a-43-06-04
MANUFACTURING_DATE:2014-7-16
VENDOR_NAME:H3C
Subslot 1:
The operation is not supported on the specified slot or subslot.
Subslot 2:
The operation is not supported on the specified slot or subslot.
Subslot 3:
The operation is not supported on the specified slot or subslot.
Subslot 4:
The operation is not supported on the specified slot or subslot.
Subslot 5:
The operation is not supported on the specified slot or subslot.
Subslot 6:
The operation is not supported on the specified slot or subslot.
Subslot 7:
The operation is not supported on the specified slot or subslot.
Subslot 8:
The operation is not supported on the specified slot or subslot.
Power 1:
DEVICE_ID:Power ID:1
DEVICE_NAME:Simware
DEVICE_SERIAL_NUMBER:H3C_1e-8c-6a-43-06-00 // 此处为设备SN码
MANUFACTURING_DATE:2014-7-16
VENDOR_NAME:H3C
[AP1]
// AP查询设备型号
[AP1]display version
H3C Comware Software, Version 7.1.064, Alpha 7165
Copyright (c) 2004-2023 New H3C Technologies Co., Ltd. All rights reserved.
H3C WA6320-HCL uptime is 0 weeks, 0 days, 0 hours, 14 minutes // 设备型号
Last reboot reason: User reboot
Boot image: flash:/simware-cmw710-boot-a6429.bin
Boot image version: 7.1.064, Alpha 7165
Compiled May 22 2023 16:00:00
Boot image: flash:/simware-cmw710-system-a6429.bin
Boot image version: 7.1.064, Alpha 7165
Compiled May 22 2023 16:00:00
4M bytes Nor Flash Memory
512M bytes Nand Flash Memory
Config Register points to Nand Flash
Hardware Version is Ver.B
CPLD Version is 007
BootRom Version is 108
[SubSlot 0] 24GE+4SFP Plus Hardware Version is Ver.B
[SubSlot 1] No Module
[AP1]
AP自动上线
[AC1] wlan auto-ap enable // 开启自动AP功能
[AC1] wlan auto-persistent enable // 开启AP自动固化功能
// 稍等片刻 AP自动上线
[AC1]display wlan ap all
Total number of APs: 2
Total number of connected APs: 2
Total number of connected manual APs: 2
Total number of connected auto APs: 0
Total number of connected common APs: 2
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 60000
Remaining APs: 59998
Total AP licenses: 60000
Local AP licenses: 60000
Server AP licenses: 0
Remaining local AP licenses: 59998
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
1e8c-6a43-0600 1 R/M WA6320-HCL H3C_1E-8C-6A-43-06-00
1e8c-9437-0700 2 R/M WA6320-HCL H3C_1E-8C-94-37-07-00
[AC1]
[AC1]wlan rename-ap 1e8c-6a43-0600 AP1 // 修改名字 默认为设备MAC地址
[AC1]wlan rename-ap 1e8c-9437-0700 AP2 // 修改名字
[AC1]display wlan ap all
Total number of APs: 2
Total number of connected APs: 2
Total number of connected manual APs: 2
Total number of connected auto APs: 0
Total number of connected common APs: 2
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 60000
Remaining APs: 59998
Total AP licenses: 60000
Local AP licenses: 60000
Server AP licenses: 0
Remaining local AP licenses: 59998
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
AP1 1 R/M WA6320-HCL H3C_1E-8C-6A-43-06-00
AP2 2 R/M WA6320-HCL H3C_1E-8C-94-37-07-00
[AC1]
// 配置WLAN模板
[AC1]wlan service-template vlan50 // 模板默认集中转发
[AC1-wlan-st-vlan50]ssid SSID-1 // 配置ssid
[AC1-wlan-st-vlan50]client forwarding-location ap vlan 50 // 本地转发 业务vlan60
[AC1-wlan-st-vlan50]service-template enable // 开启模板
[AC1-wlan-st-vlan50]exit
[AC1]wlan service-template vlan60
[AC1-wlan-st-vlan60]ssid SSID-2
[AC1-wlan-st-vlan60]client forwarding-location ap vlan 60
[AC1-wlan-st-vlan60]service-template enable
[AC1-wlan-st-vlan60]exit
[AC1]wlan service-template vlan70
[AC1-wlan-st-vlan70]ssid SSID-3
[AC1-wlan-st-vlan70]service-template enable
[AC1-wlan-st-vlan70]exit
[AC1]wlan ap AP1
[AC1-wlan-ap-AP1]map-configuration flash:/SSID-AP1.cfg // 下发配置
[AC1-wlan-ap-AP1]radio 1 // 进入射频1
[AC1-wlan-ap-AP1-radio-1]service-template vlan50 vlan 50 // 模板绑定为VLAN50
[AC1-wlan-ap-AP1-radio-1]service-template vlan60 vlan 60 // 模板绑定为VLAN60
[AC1-wlan-ap-AP1-radio-1]radio enable // 开启射频
[AC1-wlan-ap-AP1-radio-1]qu
[AC1-wlan-ap-AP1]qu
[AC1]wlan ap AP2
[AC1-wlan-ap-AP2]radio 1
[AC1-wlan-ap-AP2-radio-1]service-template vlan70 vlan 70
[AC1-wlan-ap-AP2-radio-1]radio enable
[AC1-wlan-ap-AP2-radio-1]qu
[AC1-wlan-ap-AP2]qu
SSID-AP1.cfg
sys
#
vlan50
#
vlan 60
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk permit vlan 1 50 60
#
Phone上线
如果Phone不上线 AC关闭模板 undo service-template enable 再打开即可
连通性测试
华为无线配置参考脚本
[AC6605]wlan #进入无线配置视图
[AC6605-wlan-view]
[AC6605-wlan-view]regulatory-domain-profile name office-domain #创建域管理模板,名称为office-domain
[AC6605-wlan-regulate-domain-office-domain]country-code CN #配置国家代码
[AC6605-wlan-regulate-domain-office-domain]quit
[AC6605-wlan-view]ssid-profile name office-ssid #创建SSID模板,名称为office-ssid
[AC6605-wlan-ssid-prof-office-ssid]ssid office #配置SSID名称为office
[AC6605-wlan-ssid-prof-office-ssid]quit
[AC6605-wlan-view]security-profile name office-security #创建安全策略,名称为office-security
[AC6605-wlan-sec-prof-office-security]security wpa-wpa2 psk pass-phrase 12345678 aes #SSID密码为12345678
[AC6605-wlan-view]vap-profile name office-vap #创建VAP模板
[AC6605-wlan-vap-prof-office-vap]forward-mode direct-forward #配置业务数据转发模式
[AC6605-wlan-vap-prof-office-vap]security-profile office-security #绑定安全策略
[AC6605-wlan-vap-prof-office-vap]ssid-profile office-ssid #绑定SSID模板
[AC6605-wlan-vap-prof-office-vap]service-vlan vlan-id 101 #绑定业务VLAN(用户用的vlan)
[AC6605-wlan-view]ap-group name office-ap-group #创建AP组,名称为office-ap-group
[AC6605-wlan-ap-group-office-ap-group]regulatory-domain-profile office-domain #绑定域模板
[AC6605-wlan-ap-group-office-ap-group]vap-profile office-vap wlan 1 radio 0 #绑定vap模板到射频卡0上
[AC6605-wlan-ap-group-office-ap-group]vap-profile office-vap wlan 1 radio 1 #绑定vap模板到射频卡1上
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fc10-14d0 添加AP,APmac
[AC6605-wlan-ap-0]ap-group office-ap-group #添加到AP组中
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fcb9-0f90 添加AP,APmac
[AC6605-wlan-ap-0]ap-group office-ap-group #添加到AP组中
