酒店AC+AP無線網絡覆蓋解決方案
每個房間採用面板上ap,房間走道採用吸頂式ap,AC統一管理。
瘦 AP和無線控制器系統有非常強大的集中管理功能,所有的關於無線網絡的配置都可以通過配置無線控制器器統一完成。
每層樓的ap都接到各層樓的POE交換機
華爲AC官方手冊:http://support.huawei.com/hedex/hdx.do?docid=EDOC1000121401&lang=zh
邏輯拓撲如下:
管理vlan: 200 業務vlan:100
DHCP服務器: AC爲AP分配地址:192.168.200.0/24 , 匯聚層SW爲客戶端分配地址172.16.0.1/22
AC其他詳情配置,請參考官方手冊:
POE交換機設置:
[POE]vlan batch 100 200
interface Ethernet0/0/1
description POE to SW
port link-type trunk
port trunk allow-pass vlan 100 200
interface Ethernet0/0/2
description POE to AP
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 100 200
port-isolate enable group 1
SW核心交換機配置:
vlan batch 100 200 300
interface GigabitEthernet0/0/1
description SW to POE
port link-type trunk
port trunk allow-pass vlan 100 200 300
interface GigabitEthernet0/0/23
description SW to AC
port link-type trunk
port trunk allow-pass vlan 100 200
[SW]dhcp enable
interface GigabitEthernet0/0/24
description SW to FW
port link-type access
port default vlan 300
interface Vlanif100
ip address 172.16.0.1 255.255.252.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
interface Vlanif 300
ip address 192.168.100.253 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 #設置默認路由指向防火牆
AC配置:
vlan batch 100 200
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
[AC]dhcp enable
interface Vlanif200
ip address 192.168.200.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 200 (這裏的vlan 是管理ap的vlan)
ap auth-mode命令缺省情況下爲MAC認證,如果之前沒有修改其缺省配置,可以不用執行ap auth-mode mac-auth。
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc51-6e60
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0] quit
[AC-wlan-ap-0]display ap all 查看上線的ap
[AC-wlan-view]security-profile name laotang
[AC-wlan-sec-prof-laotang]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-laotang]quit
[AC-wlan-view]ssid-profile name laotang
[AC-wlan-ssid-prof-laotang]ssid laotang
[AC-wlan-ssid-prof-laotang]quit
[AC-wlan-view]vap-profile name laotang
[AC-wlan-vap-prof-laotang]forward-mode direct-forward
[AC-wlan-vap-prof-laotang]service-vlan vlan-id 100
[AC-wlan-vap-prof-laotang]security-profile laotang
[AC-wlan-vap-prof-laotang]ssid-profile laotang
[AC-wlan-vap-prof-laotang]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 0
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view] display vap ssid wlan-net 查詢
此時的ap已經開放信號了
筆記本已經可以連上了
接着配置防火牆,路由器,因爲華爲模擬器防火牆支持web端配置,所有這裏我們採用web端配置。
遊覽器輸入管理地址進行配置(建議用火狐)
1.根據快速嚮導進行配置
2.選擇手動時間
3.根據實際情況選擇上網模式
4.根據實際情況選擇局域網接口
5.由於我的核心交換機已經配置好dhcp,這裏就不需要開啓dhcp了
6.嚮導已經完成了
7.接下來把防火牆的策略打開
8.然後設置nat進行轉換
ip route-static 172.16.0.0 255.255.252.0 192.168.100.253 設置靜態路由指向核心交換機
接口模式下允許ping: service-manage ping permit
由於我的破筆記本太渣了, 中途死機了, 導致實驗中斷, 後面不能測試!!!!