技术论坛
AR配置WLAN【FAT模式,双SSID】
更新时间:2022-09-09
适用于:型号中带“W”标识的AR路由器。
组网需求
企业使用无线路由器,希望能够部署不同的SSID为员工和访客提供无线上网服务。
拓扑简图
数据规划
DHCP部署方式:AR作为DHCP服务器为AP和STA分配IP地址。
员工业务:VLAN 10,SSID为“employee”,密码为“huawei@123”,网段为10.10.10.1/24。
访客业务:VLAN 20,SSID为“guest”,密码为“abcd@123”,网段为10.10.20.1/24。
操作步骤
一、配置接口IP和DHCP服务器(为STA分配IP)
<AR> system-view //先从用户视图切换到系统视图再进行配置
[AR] vlan batch 10 20 //创建规划好的业务VLAN
[AR] dhcp enable //打开DHCP总开关
[AR] interface vlanif 10 //创建VLANIF10接口
[AR-Vlanif10] ip address 10.10.10.1 255.255.255.0 //配置IP地址,此IP地址是VLAN10用户的网关地址
[AR-Vlanif10] dhcp select interface //启用接口地址池方式的DHCP服务器功能
[AR-Vlanif10] dhcp server dns-list 114.114.114.114 //配置用户上网时用到的DNS服务器地址
[AR-Vlanif10] quit
[AR] interface vlanif 20 //创建VLANIF20接口
[AR-Vlanif20] ip address 10.10.20.1 255.255.255.0 //配置IP地址,此IP地址是VLAN20用户的网关地址
[AR-Vlanif20] dhcp select interface
[AR-Vlanif20] dhcp server dns-list 114.114.114.114
[AR-Vlanif20] quit
二、配置WLAN业务(提供无线网络)
1. 全局启用dot1x
说明:认证方式为WPA/WAP2-PSK认证时,需要全局启用dot1x特性。
[AR] dot1x enable
2. 配置服务集
·
配置员工网络的服务集(employee)
·
[AR] interface wlan-bss 1 //创建WLAN-BSS1接口并加入相应业务VLAN
[AR-Wlan-Bss1] port hybrid tagged vlan 10
[AR-Wlan-Bss1] quit
[AR] wlan //进入WLAN视图
[AR-wlan-view] security-profile name employee //创建名称为“employee”的安全模板
[AR-wlan-sec-prof-employee] security-policy wpa2 //配置使用WPA2安全策略并设置密码
[AR-wlan-sec-prof-employee] wpa2 authentication-method psk pass-phrase cipher huawei@123 encryption-method ccmp
[AR-wlan-sec-prof-employee] quit
[AR-wlan-view] traffic-profile name employee //创建名称为“employee”的流量模板,参数采用默认配置
[AR-wlan-traffic-prof-employee] quit
[AR-wlan-view] service-set name employee //创建名称为“employee”的服务集,并绑定WLAN-BSS接口、安全模板和流量模板
[AR-wlan-service-set-employee] ssid employee //指定SSID为“employee”
[AR-wlan-service-set-employee] wlan-bss 1
[AR-wlan-service-set-employee] security-profile name employee
[AR-wlan-service-set-employee] traffic-profile name employee
[AR-wlan-service-set-employee] quit
[AR-wlan-view] quit
·
配置访客网络的服务集(guest)
·
[AR] interface wlan-bss 2 //创建WLAN-BSS2接口并加入相应业务VLAN
[AR-Wlan-Bss2] port hybrid tagged vlan 20
[AR-Wlan-Bss2] quit
[AR] wlan
[AR-wlan-view] security-profile name guest //创建名称为“guest”的安全模板
[AR-wlan-sec-prof-guest] security-policy wpa2
[AR-wlan-sec-prof-guest] wpa2 authentication-method psk pass-phrase cipher abcd@123 encryption-method ccmp
[AR-wlan-sec-prof-guest] quit
[AR-wlan-view] traffic-profile name guest //创建名称为“guest”的流量模板,参数采用默认配置
[AR-wlan-traffic-prof-guest] quit
[AR-wlan-view] service-set name guest //创建名称为“guest”的服务集,并绑定WLAN-BSS接口、安全模板和流量模板
[AR-wlan-service-set-guest] ssid guest //指定SSID为“guest”
[AR-wlan-service-set-guest] wlan-bss 2
[AR-wlan-service-set-guest] security-profile name guest
[AR-wlan-service-set-guest] traffic-profile name guest
[AR-wlan-service-set-guest] quit
[AR-wlan-view] quit
3. 配置VAP
[AR] interface wlan-radio 0/0/0
[AR-Wlan-Radio0/0/0] radio-profile name radiof //将射频口绑定默认存在的射频模板“radiof”
[AR-Wlan-Radio0/0/0] service-set name employee //将射频口绑定服务集“employee”
[AR-Wlan-Radio0/0/0] service-set name guest //将射频口绑定服务集“guest”
[AR-Wlan-Radio0/0/0] return