前言:
此刻姐妹们对“ap模式配置是什么意思”大概比较关怀,朋友们都想要知道一些“ap模式配置是什么意思”的相关文章。那么小编在网摘上网罗了一些有关“ap模式配置是什么意思””的相关知识,希望大家能喜欢,各位老铁们一起来学习一下吧!简介
华为的胖AP从配置上面来说与AC真的没啥区别,只是一个是AC最后下发业务给瘦AP,而胖AP的话则是在射频口调用,让无线客户端能够搜索的到该SSID。另外胖AP的话,它是独自运行的,不需要AC来进行统一管理,所以各种WMM、安全模板、策略模板都是在胖AP上面定即可,而且具有三层转发能力,包括路由与DHCP这些功能。
掌握目标
1、华为胖AP的常见配置
2、与AC上面的调用区别
3、双SSID的配置方法
4、总结
拓扑图【无】
这里只是讲解胖AP的配置,拓扑可以是连接二层交换机,也可以是三层交换机,小型网络更可以连接出口路由器,当该设备为一台基础的三层交换机+无线功能的设备就行了。
配置讲解
[AP-Huawei]dhcp enable 全局开启dhcp 功能
Info: The operation may take a few seconds. Please wait for a moment.done.
[AP-Huawei]vlan 10 创建vlan10 (业务vlan)
[AP-Huawei-vlan10]quit
[AP-Huawei]interface vlan 10 对vlan10 配置Ip地址
[AP-Huawei-Vlanif10]ip address 192.168.1.1 24
[AP-Huawei-Vlanif10]dhcp select interface 配置 192.168.1.0/24段为地址池,192.168.1.1 为网关
[AP-Huawei-Vlanif10]quit
[AP-Huawei]interface Wlan-Bss 1 配置BSS接口
[AP-Huawei-Wlan-Bss1]port hybrid pvid vlan 10
[AP-Huawei-Wlan-Bss1]port hybrid untagged vlan 10
[AP-Huawei-Wlan-Bss1]di this
#
interface Wlan-Bss1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
return
[AP-Huawei-Wlan-Bss1]quit
[AP-Huawei]wlan
[AP-Huawei-wlan-view]wmm-profile name ? 配置多媒体模板,名为bangwwei,为系统默认的QOS策略
STRING<1-31> Profile name
[AP-Huawei-wlan-view]wmm-profile name bangwei
[AP-Huawei-wlan-wmm-prof-bangwei]quit
[AP-Huawei-wlan-view]radio-profile name bangwei 本置射频模板,名为bangwwei
[AP-Huawei-wlan-radio-prof-bangwei]wmm-profile name bangwei
[AP-Huawei-wlan-radio-prof-bangwei]quit
[AP-Huawei-wlan-view]traffic-profile name bangwei 配置流量模板,名为bangwwei
[AP-Huawei-wlan-traffic-prof-bangwei]quit
[AP-Huawei-wlan-view]security-profile name bangwei 配置安全模板,名为bangwwei
[AP-Huawei-wlan-sec-prof-bangwei]security-policy wep sta认证策略使用wep认证
Info: If the security-profile bound by lots of ESS, it could take a few minutes.
[AP-Huawei-wlan-sec-prof-bangwei]wep authentication-method ? 配置wep 开认证
open-system Open system
share-key Share key
[AP-Huawei-wlan-sec-prof-bangwei]wep authentication-method open-system
[AP-Huawei-wlan-sec-prof-bangwei]di this
#
return
[AP-Huawei-wlan-sec-prof-bangwei]quit
[AP-Huawei-wlan-view]service-set name bangwei 配置服务集
TEXT<"..."> SSID value
[AP-Huawei-wlan-service-set-bangwei]ssid bangwei 配置ssid,名为bangwei
[AP-Huawei-wlan-service-set-bangwei]security-profile name bangwei 将security-profile绑定到服务集
[AP-Huawei-wlan-service-set-bangwei]traffic-profile name bangwei 将traffic-profile绑定到服务集
[AP-Huawei-wlan-service-set-bangwei]wlan-bss 1 将wlan-bss绑定到服务集
[AP-Huawei-wlan-service-set-bangwei]di this
#
Wlan-Bss 1
ssid bangwei
traffic-profile id 0
security-profile id 0
#
return
[AP-Huawei-wlan-service-set-bangwei]quit
[AP-Huawei-wlan-view]quit
[AP-Huawei]interface Wlan-Radio 0/0/0 配置无线发射接口
[AP-Huawei-Wlan-Radio0/0/0]radio-profile name bangwei 绑定radio-profile
Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y
[AP-Huawei-Wlan-Radio0/0/0]service-set name bangwei 绑定service-set
[AP-Huawei-Wlan-Radio0/0/0]di this
#
interface Wlan-Radio0/0/0
radio-profile id 0
service-set id 0 wlan 1
#
return
[AP-Huawei-Wlan-Radio0/0/0]quit
保存配置:
[AP-Huawei]quit
save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait…………………….
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
以下是简单配置完成之后的,全部配置显示
[AP-Huawei]display current-configuration
#
snmp-agent local-engineid 800007DB03002520130280
undo snmp-agent community complexity-check disable
snmp-agent
#
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
clock timezone Bei Jing Time add 08:00:00
clock daylight-saving-time Day Light Saving Time repeating 12:32 9-23 12:32 11-23 00:00 2005 2005
#
dns resolve
#
vlan batch 10
#
lldp enable
#
dhcp enable
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@)(9#Qv{-)26DK~8<,s>+AA)W%@%@
local-user admin privilege level 15
local-user admin service-type telnet http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/0
#
interface Wlan-Bss1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface NULL0
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@nG-x8y7`+R7hv[PhZC<6,.OK$.ApWidYu9DF5@@IA[D9.ON,%@%@ user-interface vty 0 4 authentication-mode aaa user privilege level 15 user-interface vty 16 20 # wlan wmm-profile name bangwei id 0 traffic-profile name bangwei id 0 security-profile name bangwei id 0 service-set name bangwei id 0 Wlan-Bss 1 ssid bangwei traffic-profile id 0 security-profile id 0 radio-profile name bangwei id 0 wmm-profile id 0 # interface Wlan-Radio0/0/0 radio-profile id 0 service-set id 0 wlan 1 # interface Wlan-Radio0/0/1 # return
关于路由与双SSID的问题
1、如果是要把客户的流量转发给其他设备,需要定义路由,完全可以把胖AP当成是一台基本的三层交换机+无线功能的设备。
配置跟路由器交换机一样 ip route-static 10.0.0.0 255.0.0.0 10.224.3.254
2、双SSID的问题,如果需要配置多个SSID的话,可以在同一个射频口调用多个服务集,这样每个服务集下面的SSID都会通过射频口告诉无线客户端。客户端可以根据SSID来选择连接,比如一个为open只能访问internet,一个为内部的做dot1x认证,其中通过ACL或者其他策略来绑定即可。
比如这里举例的一个服务集为wpa认证,那么可以定义另外一个服务集为dot1x方式的。
service-set name bangwei id 0
Wlan-Bss 1
ssid bangwei
traffic-profile id 0
security-profile id 0
radio-profile name bangwei id 0
wmm-profile id 0
另外一个服务集采用dot1x的方式,包括步骤需要定义radius服务器、安全模板等。
dot1x enable 全局开启dot1x 功能
#
radius-server template jf2 配置radius-server 模板
radius-server shared-key cipher ccieh3c.taobao.com
radius-server authentication 10.32.1.126 1812 weight 80
radius-server retransmit 2
undo radius-server user-name domain-included
#
Aaa 在aaa创建jf2认证模式,采用radius进行认证
authentication-scheme jf2
authentication-mode radius
#
domain jf2.com 创建jf2.com域,并将认证模式和radius模块引入该域
authentication-scheme jf2
radius-server jf2
#
interface Wlan-Bss2 创建第二个无线BSS接口,业务VLAN为2
port hybrid pvid vlan 2
port hybrid untagged vlan 2
dot1x enable 开启dot1x认证功能
dot1x authentication-method eap 认证方法,eap
permit-domain name jf2.com 接入的用户直接进入jf2.com域进行认证
force-domain name jf2.com
#
wlan
#
security-profile name security-2 id 1 配置wpa + dot1x+ccmp认证
security-policy wpa
wpa authentication-method dot1x encryption-method ccmp
#
service-set name jf2 id 2
Wlan-Bss 2
ssid ccieh3c.taobao.com
traffic-profile id 1
security-profile id 1
#
interface Wlan-Radio0/0/0 将第二个service-set服务集绑定到空射接口上
service-set id 2 wlan 2
结尾
总结:关于华为的胖AP的配置思路与AC上面的没多大区别,只要注意AC上面最终策略关联是在AP上面,而胖AP则是在射频口,双SSID的话,就是创建多个服务集即可,每个服务集下面可以不同的策略,也可以有些相同,比如SSID与WLAN-BSS这个必须不相同 ,而流量模板、安全策略这些可以相同 也可以不同,根据需求来决定 ,然后再调用在射频口即可。
上一篇回顾
由浅入深玩转华为WLAN-12安全认证(5)Portal认证
下一篇学习
由浅入深玩转华为WLAN14(1)漫游的概述以及几种方式介绍
标签: #ap模式配置是什么意思