h3c无线控制器ac配置
H3C WX3024H无线AC配置方法
AC控制器配置:
在L3 switch上开启DHCP server功能,AP、无线客户端Client和有线客户端Host都能通过DHCP server自动获取IP地址。 在L3 switch和AC上配置到达对端网段的静态路由。 在AC上配置无线服务,确保Client可以通过配置的无线服务接入网络。 配置注意事项 配置AP的序列号时请确保该序列号与AP唯一对应,AP的序列号可以通过AP设备背面的标签获取。 配置L3 switch和AP相连的接口禁止VLAN 1报文通过,以防止VLAN 1内报文过多。 1 配置AC (1) 配置AC的接口 # 创建VLAN 10及其对应的VLAN接口,并为该接口配置IP地址。AP将获取该IP地址与AC建立CAPWAP隧道。 <AC> system-view [AC] vlan 10 [AC-vlan10] quit [AC] interface vlan-interface10 [AC-Vlan-interface10] ip address 10.152.1.6 255.255.255.0 [AC-Vlan-interface10] quit # 创建VLAN 70,AC需要使用该VLAN转发无线客户端数据报文。 [AC] vlan 70 [AC-vlan70] quit # 配置AC和L3 switch相连的接口GigabitEthernet1/0/1为Trunk类型,禁止VLAN 1报文通过,允许VLAN 10和VLAN 70通过。 [AC] interface gigabitethernet 1/0/1 [AC-GigabitEthernet1/0/1] port link-type trunk [AC-GigabitEthernet1/0/1] undo port trunk permit vlan 1 [AC-GigabitEthernet1/0/1] port trunk permit vlan 10 70 [AC-GigabitEthernet1/0/1] quit (2)配置三层路由 # 配置AC到10.152.7.0网段的静态路由,指定下一跳的IP地址为10.152.1.2。 [AC] ip route-static 10.152.7.0.0 24 10.152.1.2 (3)配置无线服务 # 创建无线服务模板1,并进入无线服务模板视图。 [AC] wlan service-template 1 # 配置SSID为Somidezoffice。 [AC-wlan-st-1] ssid Somidezoffice # 使能服务模板。 [AC-wlan-st-1] service-template enable [AC-wlan-st-1] quit (4)配置AP # 创建手工AP1,名称为officeap1(增加一个ap,增加一个名字),型号名称为WA4320i-ACN。 [AC] wlan ap officeap1 model WA4320i-ACN # 设置AP的序列号为210235A1GPC177000751。 [AC-wlan-ap-officeap1] serial-id 210235A1GPC177000751 # 创建手工AP2 [AC] wlan ap officeap2 model WA4320i-ACN [AC-wlan-ap-officeap2] serial-id 210235A1GPC179001703 以此类推.... # 进入AP的Radio 1视图,并将无线服务模板1绑定到Radio 1(5GHz)上,并指定客户端上线的VLAN为VLAN 70。 [AC-wlan-ap-officeap1] radio 1 [AC-wlan-ap-officeap1-radio-1] service-template 1 vlan 70 # 开启Radio 1的射频功能。 [AC-wlan-ap-officeap1-radio-1] radio enable [AC-wlan-ap-officeap1-radio-1] return # 进入AP的Radio 2视图,并将无线服务模板1绑定到Radio 2(2.4GHz)上,并指定客户端上线的VLAN为VLAN 70。 [AC-wlan-ap-officeap1] radio 2 [AC-wlan-ap-officeap1-radio-2] service-template 1 vlan 70 # 开启Radio 1的射频功能。 [AC-wlan-ap-officeap1-radio-2] radio enable [AC-wlan-ap-officeap1-radio-2] return 以此类推..... # 开启mac白名单,只允许白名单内客户端通过密码认证 [H3C]wlan whitelist mac xxxx-xxxx-xxxx AC配置命令: sysname H3C # vlan 10 # vlan 70 # wlan service-template 1 ssid somidezoffice service-template enable # # interface Vlan-interface10 ip address 10.152.1.6 255.255.255.0 # interface Vlan-interface70 # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 70 # line vty 0 4 authentication-mode scheme user-role network-admin protocol inbound ssh # ip route-static 10.152.7.0 24 10.152.1.2 # snmp-agent snmp-agent local-engineid 800063A28080F62E5885C000000001 snmp-agent community read somidez snmp-agent sys-info version v2c v3 # ssh server enable # local-user admin class manage password simple Somidez_2018 service-type ssh https authorization-attribute user-role network-admin # ip https enable # wlan ap 74ea-cbb4-7ac0 model WA4320i-ACN serial-id 210235A1GPC177000751 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8114080 model WA4320i-ACN serial-id 210235A1GPC179001703 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8114200 model WA4320i-ACN serial-id 210235A1GPC179001715 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8116340 model WA4320i-ACN serial-id 210235A1GPC179001981 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8117740 model WA4320i-ACN serial-id 210235A1GPC179002141 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8114c60 model WA4320i-ACN serial-id 210235A1GPC179001798 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac8114e80 model WA4320i-ACN serial-id 210235A1GPC179001815 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eac81162c0 model WA4320i-ACN serial-id 210235A1GPC179001977 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan ap 74eacbb47ac0 model WA4320i-ACN serial-id 210235A1GPC179000751 radio 1 radio enable service-template 1 vlan 70 radio 2 radio enable service-template 1 vlan 70 # wlan whitelist mac-address 3052-cb02-27ec wlan whitelist mac-address d0fc-cc37-1604
|
|
|
|
三层交换机配置命令:
|
(1) 配置L3 switch的接口
# 创建VLAN 70和VLAN 10,并配置IP地址,用于转发AC和AP间的CAPWAP隧道内的流量。 <L3 switch> system-view [L3 switch] vlan 10 [L3 switch-vlan10] quit [L3 switch] interface vlan-interface 10 [L3 switch-Vlan-interface10] ip address 10.152.1.2 255.255.255.0 [L3 switch-Vlan-interface10] quit [L3 switch] vlan 70 [L3 switch-vlan70] quit [L3 switch] interface vlan-interface 70 [L3 switch-Vlan-interface70] ip address 10.152.7.1 255.255.255.0 [L3 switch-Vlan-interface70] quit
# 配置L3 switch和AC相连的接口GigabitEthernet1/0/1为Trunk类型,允许VLAN10和VLAN 70通过。 [L3 switch] interface gigabitEthernet 1/0/1 [L3 switch-GigabitEthernet1/0/1] port link-type trunk [L3 switch-GigabitEthernet1/0/1] port trunk permit vlan 10 70 [L3 switch-GigabitEthernet1/0/1] quit # 配置L3 switch和AP相连的接口GigabitEthernet1/0/2为Trunk类型,允许所有VLAN通过,当前Trunk口的PVID为70。 [L3 switch] interfac gigabitEthernet 1/0/2 [L3 switch-GigabitEthernet1/0/2] port link-type trunk [L3 switch-GigabitEthernet1/0/2] port trunk permit vlan all [L3 switch-GigabitEthernet1/0/2] port trunk pvid vlan 70 [L3 switch-GigabitEthernet1/0/2] quit
(2)配置DHCP server # 开启DHCP server功能。 [L3 switch] dhcp enable
# 配置DHCP地址池vlan70为AP分配地址范围为10.152.7.0/24,网关地址为10.152.7.1。 [L3 switch] dhcp server ip-pool vlan70 [L3 switch-dhcp-pool-vlan70] network 10.152.7.0mask 255.255.255.0 [L3 switch-dhcp-pool-1] gateway-list 10.152.7.1 # 配置DHCP Option43的内容为AC的十六进制IP地址。 [L3 switch-dhcp-pool-1] option 43 hex 80070000010a980106 [L3 switch-dhcp-pool-1] quit |
继续AC控制器的界面话配置:
- WiFi密码设置:
【网络】--【无线网络】--编辑该ssid
选择加密方式:
- 【无线配置】--【AP管理】
2.1、默认关闭2.4ghzWiFi,开启2.4ghzwifi,【网络】--【AP管理】--【AP】
2.2、AP全局配置固化,全部开启
2.3、AP预配置
2.3.1、开启自动下发功能
至此,H3C AC控制器全部配置完成。