酒店AC+AP无线网络覆盖解决方案
每个房间采用面板上ap,房间走道采用吸顶式ap,AC统一管理。
瘦 AP和无线控制器系统有非常强大的集中管理功能,所有的关于无线网络的配置都可以通过配置无线控制器器统一完成。
每层楼的ap都接到各层楼的POE交换机
华为AC官方手册:http://support.huawei.com/hedex/hdx.do?docid=EDOC1000121401&lang=zh
逻辑拓扑如下:
管理vlan: 200 业务vlan:100
DHCP服务器: AC为AP分配地址:192.168.200.0/24 , 汇聚层SW为客户端分配地址172.16.0.1/22
AC其他详情配置,请参考官方手册:
POE交换机设置:
[POE]vlan batch 100 200
interface Ethernet0/0/1
description POE to SW
port link-type trunk
port trunk allow-pass vlan 100 200
interface Ethernet0/0/2
description POE to AP
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 100 200
port-isolate enable group 1
SW核心交换机配置:
vlan batch 100 200 300
interface GigabitEthernet0/0/1
description SW to POE
port link-type trunk
port trunk allow-pass vlan 100 200 300
interface GigabitEthernet0/0/23
description SW to AC
port link-type trunk
port trunk allow-pass vlan 100 200
[SW]dhcp enable
interface GigabitEthernet0/0/24
description SW to FW
port link-type access
port default vlan 300
interface Vlanif100
ip address 172.16.0.1 255.255.252.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
interface Vlanif 300
ip address 192.168.100.253 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 #设置默认路由指向防火墙
AC配置:
vlan batch 100 200
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
[AC]dhcp enable
interface Vlanif200
ip address 192.168.200.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 200 (这里的vlan 是管理ap的vlan)
ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc51-6e60
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0] quit
[AC-wlan-ap-0]display ap all 查看上线的ap
[AC-wlan-view]security-profile name laotang
[AC-wlan-sec-prof-laotang]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-laotang]quit
[AC-wlan-view]ssid-profile name laotang
[AC-wlan-ssid-prof-laotang]ssid laotang
[AC-wlan-ssid-prof-laotang]quit
[AC-wlan-view]vap-profile name laotang
[AC-wlan-vap-prof-laotang]forward-mode direct-forward
[AC-wlan-vap-prof-laotang]service-vlan vlan-id 100
[AC-wlan-vap-prof-laotang]security-profile laotang
[AC-wlan-vap-prof-laotang]ssid-profile laotang
[AC-wlan-vap-prof-laotang]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 0
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view] display vap ssid wlan-net 查询
此时的ap已经开放信号了
笔记本已经可以连上了
接着配置防火墙,路由器,因为华为模拟器防火墙支持web端配置,所有这里我们采用web端配置。
游览器输入管理地址进行配置(建议用火狐)
1.根据快速向导进行配置
2.选择手动时间
3.根据实际情况选择上网模式
4.根据实际情况选择局域网接口
5.由于我的核心交换机已经配置好dhcp,这里就不需要开启dhcp了
6.向导已经完成了
7.接下来把防火墙的策略打开
8.然后设置nat进行转换
ip route-static 172.16.0.0 255.255.252.0 192.168.100.253 设置静态路由指向核心交换机
接口模式下允许ping: service-manage ping permit
由于我的破笔记本太渣了, 中途死机了, 导致实验中断, 后面不能测试!!!!
来源:51CTO
作者:老唐6
链接:https://blog.51cto.com/laotang6/2160739