1、网络拓扑图
2、核心配置
2.1 DHCP 中继配置
1)dhcp server配置
ip pool ***
network 网段 mask 子网掩码
gateway-list 网关地址
dhs-list DNS服务器地址
lease day 8 租期
2)出接口配置
int g0/0/1
dhcp select global
3)中继接口
int vlanif xx
dhcp select relay
dhcp relay server-ip xxx//指定DHCP服务器的地址
2.2 AC配置
capwap source interface vlanif20 #指定AC与AP建立 CAPWAP 隧道的源接口
wlan #进入 WLAN 的配置模式
security-profile name Huawei-AP3030 #创建并进入 安全模板视图
security wpa2 psk pass-phrase P@ssw0rd aes-tkip #指定加密使用的方式及密钥
ssid-profile name Huawei-AP3030 # 创 建 并 进 入 SSID模板视图
ssid Huawei-AP3030 #指定SSID的名称
vap-profile name Huawei-AP3030 # 创 建 并 进 入 VAP模板视图
service-vlan vlan-id 666 # 配 置 VAP 的 业 务 VLAN 为 VLAN 666
ssid-profile Huawei-AP3030 #绑定SSID模板
security-profile Huawei-AP3030 #绑定安全模板
ap-group name Huawei-AP3030 #创建并进入AP组
radio 0 #指定射频ID
vap-profile Huawei-AP3030 wlan 1 # 将 VAP 与 WLAN配置做绑定
ap-id 1 type-id 45 ap-mac 00E0-FC48-4D40 #配置第 一台AP的ID值,类型值,以及AP的MAC地址
ap-name AP1 #为第一台AP命名
ap-group Huawei-AP3030 #将AP加入进AP组
3、具体配置
3.1DHCP server配置
<RTA>display current-configuration
[V200R003C00]
#
sysname RTA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
dhcp enable
#
ip pool vlan100
gateway-list 192.168.100.254
network 192.168.100.0 mask 255.255.255.0
lease day 8 hour 0 minute 0
dns-list 8.8.8.8
option 43 sub-option 2 ip-address 192.168.2.1
#
ip pool vlan666
gateway-list 172.16.1.1
network 172.16.1.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<RTA>
3.2 中继配置
[SWA]display current-configuration
#
sysname SWA
#
vlan batch 10 20 100 666
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.1.2 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.1.1
#
interface Vlanif666
ip address 172.16.1.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.1.1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[SWA]
3.3AC配置
<AC>display current-configuration
#
sysname AC
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 20 100 666
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$Y;p,R/W_~@$v$@[WsX'^V<.<3%(.[
K0">kzK|%K;'W7iZ%]j$A6$
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
undo negotiation auto
duplex half
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.2
#
capwap source interface vlanif20
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security-profile name default-mesh
security-profile name huawei-ap3030
security wpa2 psk pass-phrase %^%#+2lC4kahi17v"*0}MOV>1{(c1ia`fX`(~rC5&{t@%^%#
aes-tkip
ssid-profile name default
ssid-profile name huawei-ap3030
ssid huawei-ap3030
vap-profile name default
vap-profile name Huawei-AP3030
service-vlan vlan-id 666
ssid-profile huawei-ap3030
security-profile huawei-ap3030
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap-group name default
ap-group name Huawei-AP3030
radio 0
vap-profile Huawei-AP3030 wlan 1
ap-id 1 type-id 45 ap-mac 00e0-fc63-4550 ap-sn 2102354483101780BE72
ap-name ap1
ap-group Huawei-AP3030
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return
<AC>
说明:密码为P@ssw0rd