华为AC简单配置

之前对本站的的另外的一篇帖子进行学习过有些地方会有雷同

拓扑图

管理vlan10 业务vlan20

第一步配置AC

VLAN10管理

VLAN20业务

[AC6005]sysname AC1
[AC1]dhcp enable

//创建vlan,给两个vlan配置ip
[AC1]vlan batch 10 20

[AC1]int vlan 10
[AC1-Vlanif10]ip ad 192.168.10.254 24

[AC1-Vlanif10]dhcp select interface
[AC1-Vlanif10]int vlan 20
[AC1-Vlanif20]ip add 192.168.20.254 24

[AC1-Vlanif20]dhcp select global
[AC1-Vlanif20]quit
//给业务vlan20配置一个地址池
[AC1]ip pool vlan20
[AC1-ip-pool-vlan20]netw 192.168.20.0 mask 24
[AC1-ip-pool-vlan20]gateway 192.168.20.254
[AC1-ip-pool-vlan20]dns 8.8.8.8
[AC1-ip-pool-vlan20]quit
//定义管理vlan10
[AC1]capwap source interface Vlanif 10
//连接交换机的接口配置成trunk模式再允许两个vlan通过
[AC1]int g0/0/01

[AC1-GigabitEthernet0/0/1]port link-type trunk

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20

[AC1-GigabitEthernet0/0/1]quit
[AC1]wlan
//定义管理模板
[AC1-wlan-view]regulatory-domain-profile name eng-domain
[AC1-wlan-regulate-domain-eng-domain]country-code CN
Info: The current country code is same with the input country code.
[AC1-wlan-regulate-domain-eng-domain]quit

//定义SSID模板
[AC1-wlan-view]ssid
[AC1-wlan-view]ssid-profile name eng-ssid
[AC1-wlan-ssid-prof-eng-ssid]ssid eng
[AC1-wlan-ssid-prof-eng-ssid]quit

//定义VAP模板
[AC1-wlan-view]vap-profile name eng-vap
[AC1-wlan-vap-prof-eng-vap]forward-mode tunnel
[AC1-wlan-vap-prof-eng-vap]ssid-profile eng-ssid
[AC1-wlan-vap-prof-eng-vap]service-vlan vlan-id 20 //定义业务vlan为20
[AC1-wlan-vap-prof-eng-vap]quit
//创建AP组
[AC1-wlan-view]ap-group name eng-group
[AC1-wlan-ap-group-eng-group]regulatory-domain-profile eng-domain //绑定管理模板
[AC1-wlan-ap-group-eng-group]vap-profile eng-vap wlan 1 radio 0 //绑定射频卡0
[AC1-wlan-ap-group-eng-group]vap-profile eng-vap wlan 1 radio 1 //绑定射频卡1
[AC1-wlan-ap-group-eng-group]quit
//配置ap
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fcfd-1e00 //MAC地址是AP的MAC地址
[AC1-wlan-ap-0]ap-group eng-group //绑定到ap组
[AC1-wlan-ap-0]ap-name AP1
[AC1-wlan-ap-0]
<AC1>sa

第二步交换机配置

[LSW1]
[LSW1]int g0/0/24 //连接AC的接口
[LSW1-GigabitEthernet0/0/24]port link-type trunk
[LSW1-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 20
[LSW1-GigabitEthernet0/0/1]port link-type trunk //连接AP的接口
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[LSW1-GigabitEthernet0/0/1]port trunk pvid vlan 10

安全方面

上面配置的配置没有安全模板,下面用户想接入wifi是不用认证的,接下来在AC上配置一个安全模板

[AC1]wlan
[AC1-wlan-view]security-profile name eng-security //创建安全模板
[AC1-wlan-sec-prof-eng-security]security wpa-wpa2 psk pass-phrase 12345678 aes //选择认证协议-设置密钥-选择加密算法

[AC1-wlan-sec-prof-eng-security]quit

[AC1-wlan-view] vap-profile name eng-vap
[AC1-wlan-vap-prof-eng-vap] security-profile eng-security //绑定安全模板
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait…done.
[AC1-wlan-vap-prof-eng-vap]dis th
#
forward-mode tunnel
service-vlan vlan-id 20
ssid-profile eng-ssid
security-profile eng-security
#

原文链接:https://blog.csdn.net/qq_41340908/article/details/117385543?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522167034651316800182743105%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=167034651316800182743105&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-15-117385543-null-null.nonecase&utm_term=%E5%8D%8E%E4%B8%BA

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发
头像
文明发言,共建和谐米科社区
提交
头像

昵称

取消
昵称表情图片

    暂无评论内容