酒店 AC+AP 无线网络覆盖解决方案
每个房间采用面板上 ap, 房间走道采用吸顶式 ap,AC 统一管理.
瘦 AP 和无线控制器系统有非常强大的集中管理功能, 所有的关于无线网络的配置都可以通过配置无线控制器器统一完成.
每层楼的 ap 都接到各层楼的 POE 交换机
华为 AC 官方手册: http://support.huawei.com/hedex/hdx.do?docid=EDOC1000121401&lang=zh
逻辑拓扑如下:
管理 vlan: 200 业务 vlan:100
DHCP 服务器: AC 为 AP 分配地址: 192.168.200.0/24 , 汇聚层 SW 为客户端分配地址 172.16.0.1/22
AC 其他详情配置, 请参考官方手册:
POE 交换机设置:
- [POE]vlan batch 100 200
- interface Ethernet0/0/1
- description POE to SW
- port link-type trunk
- port trunk allow-pass vlan 100 200
- interface Ethernet0/0/2
- description POE to AP
- port link-type trunk
- port trunk pvid vlan 200
- port trunk allow-pass vlan 100 200
- port-isolate enable group 1
SW 核心交换机配置:
- vlan batch 100 200 300
- interface GigabitEthernet0/0/1
- description SW to POE
- port link-type trunk
- port trunk allow-pass vlan 100 200 300
- interface GigabitEthernet0/0/23
- description SW to AC
- port link-type trunk
- port trunk allow-pass vlan 100 200
- [SW]dhcp enable
- interface GigabitEthernet0/0/24
- description SW to FW
- port link-type access
- port default vlan 300
- interface Vlanif100
- ip address 172.16.0.1 255.255.252.0
- dhcp select interface
- dhcp server dns-list 114.114.114.114 223.5.5.5
- interface Vlanif 300
- ip address 192.168.100.253 255.255.255.0
- ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 #设置默认路由指向防火墙
AC 配置:
- vlan batch 100 200
- interface GigabitEthernet0/0/1
- port link-type trunk
- port trunk allow-pass vlan 100 200
- [AC]dhcp enable
- interface Vlanif200
- ip address 192.168.200.254 255.255.255.0
- dhcp select interface
- dhcp server dns-list 114.114.114.114 223.5.5.5
- [AC]wlan
- [AC-wlan-view]ap-group name ap-group1
- [AC-wlan-ap-group-ap-group1]quit
- [AC-wlan-view]regulatory-domain-profile name default
- [AC-wlan-regulate-domain-default]country-code cn
- [AC-wlan-regulate-domain-default]quit
- [AC-wlan-view]ap-group name ap-group1
- [AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
- Warning: Modifying the country code will clear channel, power and antenna gain c
- onfigurations of the radio and reset the AP. Continue?[Y/N]:y
- [AC-wlan-ap-group-ap-group1]quit
- [AC-wlan-view]quit
- [AC]capwap source interface Vlanif 200 (这里的 vlan 是管理 ap 的 vlan)
ap auth-mode 命令缺省情况下为 MAC 认证, 如果之前没有修改其缺省配置, 可以不用执行 ap auth-mode mac-auth.
- [AC]wlan
- [AC-wlan-view] ap auth-mode mac-auth
- [AC-wlan-view] ap-id 0 ap-mac 00e0-fc51-6e60
- [AC-wlan-ap-0]ap-name area_1
- [AC-wlan-ap-0]ap-group ap-group1
- Warning: This operation may cause AP reset. If the country code changes, it will
- clear channel, power and antenna gain configurations of the radio, Whether to c
- ontinue? [Y/N]:y
- [AC-wlan-ap-0] quit
[AC-wlan-ap-0]display ap all 查看上线的 ap
- [AC-wlan-view]security-profile name laotang
- [AC-wlan-sec-prof-laotang]security wpa-wpa2 psk pass-phrase a1234567 aes
- [AC-wlan-sec-prof-laotang]quit
- [AC-wlan-view]ssid-profile name laotang
- [AC-wlan-ssid-prof-laotang]ssid laotang
- [AC-wlan-ssid-prof-laotang]quit
- [AC-wlan-view]vap-profile name laotang
- [AC-wlan-vap-prof-laotang]forward-mode direct-forward
- [AC-wlan-vap-prof-laotang]service-vlan vlan-id 100
- [AC-wlan-vap-prof-laotang]security-profile laotang
- [AC-wlan-vap-prof-laotang]ssid-profile laotang
- [AC-wlan-vap-prof-laotang]quit
- [AC-wlan-view]ap-group name ap-group1
- [AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 0
- [AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 1
- [AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view] display vap ssid wlan-net 查询
此时的 ap 已经开放信号了
笔记本已经可以连上了
接着配置防火墙, 路由器, 因为华为模拟器防火墙支持 web 端配置, 所有这里我们采用 web 端配置.
游览器输入管理地址进行配置 (建议用火狐)
1. 根据快速向导进行配置
2. 选择手动时间
3. 根据实际情况选择上网模式
4. 根据实际情况选择局域网接口
5. 由于我的核心交换机已经配置好 dhcp, 这里就不需要开启 dhcp 了
6. 向导已经完成了
7. 接下来把防火墙的策略打开
8. 然后设置 nat 进行转换
ip route-static 172.16.0.0 255.255.252.0 192.168.100.253 设置静态路由指向核心交换机
接口模式下允许 ping: service-manage ping permit
由于我的破笔记本太渣了, 中途死机了, 导致实验中断, 后面不能测试!!!!
来源: http://blog.51cto.com/laotang6/2160739