AC + AP 三层无线漫游配置方案为实现小区内各楼宇无线网络统一管控，核心机房部署 AC 无线控制器，所有 AP 采

网络拓扑

为实现小区内各楼宇无线网络统一管控，核心机房部署 AC 无线控制器，所有 AP 采用瘦模式工作。楼宇汇聚交换机与核心机房通过万兆光纤互联，汇聚交换机向下千兆接入 AP。整体采用 AC + 瘦 AP 集中式架构，由 AC 统一管理、配置及漫游控制。

DHCP Option 43 字段
CAPWAP 控制隧道（UDP 5246）和数据隧道（UDP 5247）
DHCP中继以及 DHCP服务器链路可达无线业务网关
无线用户隔离组播抑制等网络优化

第一步打通链路

core

#
vlan 101 to 103
#
interface Vlan-interface101
 ip address 172.19.101.1 255.255.255.0
#
interface Vlan-interface102
 ip address 172.19.102.1 255.255.255.0
#
interface Vlan-interface103
 ip address 172.19.103.1 255.255.255.0
#
interface GigabitEthernet1/0/4
 port link-mode route
 combo enable fiber
 ip address 10.10.10.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port trunk pvid vlan 103
 combo enable fiber
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 101
 combo enable fiber
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 102
 combo enable fiber
#
 ip route-static 0.0.0.0 0 10.10.10.1
 ip route-static 172.16.10.0 24 172.19.103.2
 ip route-static 172.16.20.0 24 172.19.103.2
 ip route-static 172.19.111.0 24 172.19.101.2
 ip route-static 172.19.112.0 24 172.19.102.2

AC

#
vlan 103
#
interface Vlan-interface103
 ip address 172.19.103.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port trunk pvid vlan 103
 combo enable fiber
#
 ip route-static 0.0.0.0 0 172.19.103.1

1F

#
vlan 101
#
vlan 111
#
interface Vlan-interface101
 ip address 172.19.101.2 255.255.255.0
#
interface Vlan-interface111
 ip address 172.19.111.254 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port trunk pvid vlan 111
 combo enable fiber
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 101
 combo enable fiber
#
ip route-static 0.0.0.0 0 172.19.101.1

2F

#
vlan 102
#
vlan 112 
#
interface Vlan-interface102
 ip address 172.19.102.2 255.255.255.0
#
interface Vlan-interface112
 ip address 172.19.112.254 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port trunk pvid vlan 112
 combo enable fiber
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 102
 combo enable fiber
#
 ip route-static 0.0.0.0 0 172.19.102.1

R1

#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 10.10.10.1 255.255.255.0
#
 ip route-static 172.16.0.0 16 10.10.10.2

第二步 DHCP服务

Core 无线业务DHCP

#
 dhcp enable
#
dhcp server ip-pool vlan10
 gateway-list 172.16.10.254
 network 172.16.10.0 mask 255.255.255.0
#
dhcp server ip-pool vlan20
 gateway-list 172.16.20.254
 network 172.16.20.0 mask 255.255.255.0

AC DHCP中继

# 
vlan 10
# 
vlan 20
#
 dhcp enable
#
interface Vlan-interface10
 ip address 172.16.10.254 255.255.255.0
 dhcp select relay
 dhcp relay server-address 172.19.103.1
#
interface Vlan-interface20
 ip address 172.16.20.254 255.255.255.0
 dhcp select relay
 dhcp relay server-address 172.19.103.1

1F 管理VLAN DHCP

#
 dhcp enable
#
dhcp server ip-pool vlan111
 gateway-list 172.19.111.254
 network 172.19.111.0 mask 255.255.255.0
 option 43 hex 8007000001ac136702

2F 管理VLAN DHCP

#
 dhcp enable
#
dhcp server ip-pool vlan112
 gateway-list 172.19.112.254
 network 172.19.112.0 mask 255.255.255.0
 option 43 hex 8007000001ac136702

第三步 AP上线与无线配置

AC

#
 wlan auto-ap enable
 wlan auto-persistent enable
#
wlan service-template 1
 ssid office
 user-isolation enable
 multicast-optimization enable
 ipv6 multicast-optimization enable
 service-template enable
#
wlan ap AP1 model WA6320-HCL 
 serial-id H3C_74-82-7E-26-05-00
 vlan 10
 radio 1
  radio enable
  service-template 1 vlan 10
 radio 2
 gigabitethernet 1
#
wlan ap AP2 model WA6320-HCL 
 serial-id H3C_74-82-84-B5-06-00
 vlan 20
 radio 1
  radio enable
  service-template 1 vlan 20
 radio 2
 gigabitethernet 1

第四步客户端测试

客户端上线情况

[AC]dis wlan client 
Total number of clients: 1

MAC address    User name            AP name               R IP address      VLAN
00e0-0702-1235 N/A                  AP1                   1 172.16.10.1     10  
[AC]

无线漫游验证

[AC]dis wlan mobility roam-track mac-address 00e0-0702-1235
Total entries: 3
Current entries: 3
BSSID            Created at          Online time   AC IP address   RID AP name
7482-84b5-0610   2026-04-21 17:09:41 00h 00m 36s   127.0.0.1       1   AP2           
7482-7e26-0510   2026-04-21 17:08:45 00h 00m 50s   127.0.0.1       1   AP1           
7482-7e26-0510   2026-04-21 16:18:27 00h 49m 49s   127.0.0.1       1   AP1           
[AC]

AC + AP 三层无线漫游 配置方案

网络拓扑

第一步 打通链路

core

AC

1F

2F

R1

第二步 DHCP服务

Core 无线业务DHCP

AC DHCP中继

1F 管理VLAN DHCP

2F 管理VLAN DHCP

第三步 AP上线与无线配置

AC

第四步 客户端测试

客户端上线情况

无线漫游验证

AC + AP 三层无线漫游配置方案

第一步打通链路

第四步客户端测试