配置内容如图↓

AC:DCWS-6028 版本:7.0.5.0
AP:DCWL-7962AP 版本:2.0.5.36

在AC上配置DHCP服务↓

service dhcp /开启DHCP服务/
 !
 ip dhcp excluded-address 192.168.100.254 /排除地址/
 !
 ip dhcp pool vlan100 /配置地址池/
 network-address 192.168.100.0 255.255.255.0 /地址池网段地址/
 lease 2 0 0 /租约时间 日/时/分 /
 default-router 192.168.100.254 /网关地址/
 dns-server 8.8.8.8 /DNS服务器地址/
 !

管理地址ip&网关配置ip↓

interface Vlan100
 ip address 192.168.100.1 255.255.255.0 /管理地址/
 ip address 192.168.100.254 255.255.255.0 secondary /网关地址/

接口配置↓

vlan 1;100 
!
interface Ethernet1/0/1
 switchport mode trunk
 switchport trunk allowed vlan all 
 switchport trunk native vlan 100

因为连接AP的接口本征vlan为100,所以当vlan100过去AP时会去掉vlan100的标签,就变成了不带标签的数据帧,进入ap接口时打上vlan1标签,再设置vlan列表为vlan1,因为在同一个广播域内,就能让ap获取DHCP服务分配过来的地址。

查看AP获取的DCHP地址:在AP下查看↓

DCN-WLAN-AP# get management detail 
Property Value
---------------------------------------------
vlan-id 1 /接口vlan/
interface brvlan1
static-ip 192.168.1.10 /AP默认ip地址/
static-mask 255.255.255.0 /默认掩码/
ip 192.168.100.2 /通过DHCP获取的ip地址/
mask 255.255.255.0 /通过DHCP获取的掩码/
ipv6 
ipv6-prefix-length 0
mac 00:03:0F:30:A1:60
dhcp-status up
dhcpv6-status down
ipv6-status up
ipv6-autoconfig-status up
static-ipv6 
static-ipv6-prefix-length 0
autoconfig-link-local 
autoconfig-ipv6-global-all

AP接口是一个trunk口,vlan 1为本征vlan。

查看AP获取的DCHP地址:AC上查看 ↓

DCWS#show ip dhcp binding /查看DHCP分配表/
Total dhcp binding items: 1, the matched: 1
IP address Hardware address Lease expiration Type
192.168.100.2 00-03-0F-30-A1-60 Thu Jan 20 03:46:00 2005 Dynamic

开启无线,设置管理地址↓

wireless /进入无线配置/
 no auto-ip-assign /关闭无线ip自动选取功能/
 static-ip 192.168.100.1 /设置静态无线ip/
 enable /开启无线功能/

vlan列表默认为vlan1

设置vlan列表:discovery vlan-list xxx(vlan)。

查看无线配置↓

DCWS(config)#show wireless
Administrative Mode............................ Enable /必须此选项/
Operational Status............................. Enabled /必须此选项/
WS IP Address.................................. 192.168.100.1
WS IPv6 Address................................ -----
WS Auto IP Assign Mode ........................ Disable
WS Switch Static IP ........................... 192.168.100.1
WS Switch Static IPv6 ......................... -----
AP Authentication Mode......................... Mac
AP Auto Upgrade Mode........................... Disable
AP Validation Method........................... Local
Client Roam Timeout (secs)..................... 30
Country Code................................... CN - China
Peer Group ID.................................. 1
Cluster Priority............................... 1
Cluster Controller............................. Yes
Cluster Controller IP Address.................. 192.168.100.1
Cluster Controller IPv6 Address................ -----
Wireless System IP control port................ 57775
Wireless Management Protocol................... TLS
AP Client QoS Mode............................. Disable
AP Igmp Snooping Mode.......................... Disable
Switch Provisioning............................ Enable
Network Mutual Authentication Mode............. Disable
Unmanaged AP Re-provisioning Mode.............. Enable
Network Mutual Authentication Status........... Not Started
Regenerate X.509 Certificate Status............ Not In Progress
Keep Alive Interval(ms)........................ 10000
Keep Alive Max Count........................... 3
Force Wifi Compatible.......................... Disable
Statistics Interval(secs)...................... Auto(5)
Rf Scan Report Interval(secs).................. -----

建议项目实施时采用静态指定无线IP地址的方式,防止动态选取时IP地址变化导致无线网络中断

用户配置

wireless
 l2tunnel vlan-list add 1 /此命令用于集中式转发模式下的二层用户隔离,将用户添加到二层用户隔离列表中/
 l2tunnel station-isolation allowed vlan 1 /启动二层用户隔离/
 ap client-qos /开启无线QOS功能/
 network 1 /网络1/
 ssid DCN /网络名称:DCN/
 security mode wpa-personal /加密模式:wpa-personal/
 wpa key encrypted dbcb90d1a2f1c331c2859e93e350a20065272217eec0941f081796539df932e78ced8582004ac005e3b15a3e7f801d0f6a527ff652426e16aaf9d0d211a54f24 /加密后的密码字符串/
!
 network 2 /网络2/
 ssid GUEST /网络名称:GUEST/
 qos max-bandwidth down 2048 /GUEST网络最大下行/下载速度/
 qos max-bandwidth up 1024 /GUEST网络最大上行/上载速度/
 max-clients 10 /最大连接数/

这里要说说为什么用户vlan为1,思路拓扑如图

DHCP分配的地址为vlan100,经过AC的GE_0/0接口出去时,因为接口的pvid为100,所以去掉标签,到达AP接口时,没标签的数据帧打上AP接口上pvid的标签,此时为vlan1,到达ap内部,因为和用户vlan一样所以,用户能获取到ip。

AP配置下发结构图

AP下发配置↓

wireless
 ap profile 1
 hwtype 22 /ap硬件类型/
 ap escape /ap脱离ac可继续工作/
 radio 1 /默认radio 1 处于2.4GHZ/
 mode n-only-g /模式:802.11n/
 vap 0 /vap0默认开启,默认绑定network1/
!
 vap 1 /vap1默认绑定network2,需要手动开启/
 enable
!
!
 radio 2 /默认radio 2 处于5GHZ/
 dot11n channel-bandwidth 40
 vap 0

如果在不同AP广播不同SSID的应用场景下,不要使用Network1配置SSID,并将Network1的默认SSID隐藏,因为vap0默认开启且不能关闭。

ap上查看硬件类型↓

DCN-WLAN-AP# get system detail 
Property Value
---------------------------------------------------------------------------
username admin
model Wireless Infrastructure Platform Reference AP
version 2.0.5.36
altversion 2.0.3.44
protocol-version 2
country CN
nmode-supported Y
forty-mhz-supported-g Y
forty-mhz-supported-a Y
base-mac 00:03:0f:30:a1:60
base-mac-status on
serial-number 13451976
country-code-is-configurable on
device-type 22 /硬件类型/
system-name 
system-contact 
system-location 
band-plan 
lastboot success
reboot-mode cold
apmode fit

AP 注册

AP注册到AC时,AC需要对AP进行认证。

主要认证方式:

MAC认证:通过检查AP的mac地址来决定AP是否能够注册到AC上。默认的认证方式。AC上面通过ap database来添加AP的mac地址。大规模部署时比较麻烦。

None:免认证,即AP自动注册,便于部署。推荐使用这种方式。

Pass-Phase认证:密码认证,AC和AP比对密码,密码一致时AP可以注册到AC上。AP需要做配置,使用不便,用的较少。

默认是MAC认证。

这里使用免认证注册↓

wireless
 ap authentication none

注册成功↓

DCWS(config-wireless)#show wireless ap status
    MAC Address                     Configuration 
 (*) Peer Managed IP Address Profile Status Status Age 
------------------ ---------------------------------------------- 
 00-03-0f-30-a1-60 192.168.100.2 1 Managed Success 0d:00:00:02

Total Access Points............................ 1

注册失败↓

DCWS(config-wireless)#show wireless ap status
 MAC Address                           Configuration 
 (*) Peer Managed IP Address Profile Status Status Age 
------------------ ---------------------------------------------- 
00-03-0f-30-a1-60 192.168.100.2 1 Managed Failure 0d:00:00:10 

Total Access Points............................ 1

成功后进行下发↓

DCWS#wireless ap profile apply 1
All configurations will be send to the aps associated to this profile and associated clients on these aps will be disconnected. 
Are you sure you want to apply the profile configuration? [Y/N] y
AP Profile apply is in progress. /下发成功/

查看手机↓


2 条评论

杰瑞 · 2018年1月9日 下午5:04

six six six

Mr.LJJ · 2018年3月3日 下午6:08

666

发表评论

邮箱地址不会被公开。 必填项已用*标注