h3c無線ac設置方法?
H3C WX3024H無線AC配置方法
AC控制器配置:
在L3 switch上開啟DHCP server功能,AP、無線客戶端Client和有線客戶端Host都能通過DHCP server自動獲取IP地址。
在L3 switch和AC上配置到達對端網段的靜態路由。
在AC上配置無線服務,確保Client可以通過配置的無線服務接入網絡。
配置注意事項
配置AP的序列號時請確保該序列號與AP唯一對應,AP的序列號可以通過AP設備背面的標簽獲取。
配置L3 switch和AP相連的接口禁止VLAN 1報文通過,以防止VLAN 1內報文過多。
1 配置AC
(1) 配置AC的接口
# 創建VLAN 10及其對應的VLAN接口,并為該接口配置IP地址。AP將獲取該IP地址與AC建立CAPWAP隧道。
<AC> system-view
[AC] vlan 10
[AC-vlan10] quit
[AC] interface vlan-interface10
[AC-Vlan-interface10] ip address 10.152.1.6 255.255.255.0
[AC-Vlan-interface10] quit
# 創建VLAN 70,AC需要使用該VLAN轉發無線客戶端數據報文。
[AC] vlan 70
[AC-vlan70] quit
# 配置AC和L3 switch相連的接口GigabitEthernet1/0/1為Trunk類型,禁止VLAN 1報文通過,允許VLAN 10和VLAN 70通過。
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[AC-GigabitEthernet1/0/1] port trunk permit vlan 10 70
[AC-GigabitEthernet1/0/1] quit
(2)配置三層路由
# 配置AC到10.152.7.0網段的靜態路由,指定下一跳的IP地址為10.152.1.2。
[AC] ip route-static 10.152.7.0.0 24 10.152.1.2
(3)配置無線服務
# 創建無線服務模板1,并進入無線服務模板視圖。
[AC] wlan service-template 1
# 配置SSID為Somidezoffice。
[AC-wlan-st-1] ssid Somidezoffice
# 使能服務模板。
[AC-wlan-st-1] service-template enable
[AC-wlan-st-1] quit
(4)配置AP
# 創建手工AP1,名稱為officeap1(增加一個ap,增加一個名字),型號名稱為WA4320i-ACN。
[AC] wlan ap officeap1 model WA4320i-ACN
# 設置AP的序列號為210235A1GPC177000751。
[AC-wlan-ap-officeap1] serial-id 210235A1GPC177000751
# 創建手工AP2
[AC] wlan ap officeap2 model WA4320i-ACN
[AC-wlan-ap-officeap2] serial-id 210235A1GPC179001703
以此類推....
# 進入AP的Radio 1視圖,并將無線服務模板1綁定到Radio 1(5GHz)上,并指定客戶端上線的VLAN為VLAN 70。
[AC-wlan-ap-officeap1] radio 1
[AC-wlan-ap-officeap1-radio-1] service-template 1 vlan 70
# 開啟Radio 1的射頻功能。
[AC-wlan-ap-officeap1-radio-1] radio enable
[AC-wlan-ap-officeap1-radio-1] return
# 進入AP的Radio 2視圖,并將無線服務模板1綁定到Radio 2(2.4GHz)上,并指定客戶端上線的VLAN為VLAN 70。
[AC-wlan-ap-officeap1] radio 2
[AC-wlan-ap-officeap1-radio-2] service-template 1 vlan 70
# 開啟Radio 1的射頻功能。
[AC-wlan-ap-officeap1-radio-2] radio enable
[AC-wlan-ap-officeap1-radio-2] return
以此類推.....
# 開啟mac白名單,只允許白名單內客戶端通過密碼認證
[H3C]wlan whitelist mac xxxx-xxxx-xxxx
AC配置命令:
sysname H3C
#
vlan 10
#
vlan 70
#
wlan service-template 1
ssid somidezoffice
service-template enable
#
#
interface Vlan-interface10
ip address 10.152.1.6 255.255.255.0
#
interface Vlan-interface70
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 70
#
line vty 0 4
authentication-mode scheme
user-role network-admin
protocol inbound ssh
#
ip route-static 10.152.7.0 24 10.152.1.2
#
snmp-agent
snmp-agent local-engineid 800063A28080F62E5885C000000001
snmp-agent community read somidez
snmp-agent sys-info version v2c v3
#
ssh server enable
#
local-user admin class manage
password simple Somidez_2018
service-type ssh https
authorization-attribute user-role network-admin
#
ip https enable
#
wlan ap 74ea-cbb4-7ac0 model WA4320i-ACN
serial-id 210235A1GPC177000751
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114080 model WA4320i-ACN
serial-id 210235A1GPC179001703
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114200 model WA4320i-ACN
serial-id 210235A1GPC179001715
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8116340 model WA4320i-ACN
serial-id 210235A1GPC179001981
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8117740 model WA4320i-ACN
serial-id 210235A1GPC179002141
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114c60 model WA4320i-ACN
serial-id 210235A1GPC179001798
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac8114e80 model WA4320i-ACN
serial-id 210235A1GPC179001815
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eac81162c0 model WA4320i-ACN
serial-id 210235A1GPC179001977
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan ap 74eacbb47ac0 model WA4320i-ACN
serial-id 210235A1GPC179000751
radio 1
radio enable
service-template 1 vlan 70
radio 2
radio enable
service-template 1 vlan 70
#
wlan whitelist mac-address 3052-cb02-27ec
wlan whitelist mac-address d0fc-cc37-1604
三層交換機配置命令:
(1) 配置L3 switch的接口
# 創建VLAN 70和VLAN 10,并配置IP地址,用于轉發AC和AP間的CAPWAP隧道內的流量。
<L3 switch> system-view
[L3 switch] vlan 10
[L3 switch-vlan10] quit
[L3 switch] interface vlan-interface 10
[L3 switch-Vlan-interface10] ip address 10.152.1.2 255.255.255.0
[L3 switch-Vlan-interface10] quit
[L3 switch] vlan 70
[L3 switch-vlan70] quit
[L3 switch] interface vlan-interface 70
[L3 switch-Vlan-interface70] ip address 10.152.7.1 255.255.255.0
[L3 switch-Vlan-interface70] quit
# 配置L3 switch和AC相連的接口GigabitEthernet1/0/1為Trunk類型,允許VLAN10和VLAN 70通過。
[L3 switch] interface gigabitEthernet 1/0/1
[L3 switch-GigabitEthernet1/0/1] port link-type trunk
[L3 switch-GigabitEthernet1/0/1] port trunk permit vlan 10 70
[L3 switch-GigabitEthernet1/0/1] quit
# 配置L3 switch和AP相連的接口GigabitEthernet1/0/2為Trunk類型,允許所有VLAN通過,當前Trunk口的PVID為70。
[L3 switch] interfac gigabitEthernet 1/0/2
[L3 switch-GigabitEthernet1/0/2] port link-type trunk
[L3 switch-GigabitEthernet1/0/2] port trunk permit vlan all
[L3 switch-GigabitEthernet1/0/2] port trunk pvid vlan 70
[L3 switch-GigabitEthernet1/0/2] quit
(2)配置DHCP server
# 開啟DHCP server功能。
[L3 switch] dhcp enable
# 配置DHCP地址池vlan70為AP分配地址范圍為10.152.7.0/24,網關地址為10.152.7.1。
[L3 switch] dhcp server ip-pool vlan70
[L3 switch-dhcp-pool-vlan70] network 10.152.7.0mask 255.255.255.0
[L3 switch-dhcp-pool-1] gateway-list 10.152.7.1
# 配置DHCP Option43的內容為AC的十六進制IP地址。
[L3 switch-dhcp-pool-1] option 43 hex 80070000010a980106
[L3 switch-dhcp-pool-1] quit
繼續AC控制器的界面話配置:
WiFi密碼設置:【網絡】--【無線網絡】--編輯該ssid
選擇加密方式:
【無線配置】--【AP管理】
2.1、默認關閉2.4ghzWiFi,開啟2.4ghzwifi,【網絡】--【AP管理】--【AP】
2.2、AP全局配置固化,全部開啟
2.3、AP預配置
2.3.1、開啟自動下發功能
