2. 技术
    3. 华为局域网wlan配置,多个vlan段

    华为局域网wlan配置,多个vlan段

    技术2026-01-20  8

    交换机sw2配置 创建vlanvlan batch 10 20 30 40 50 60 70 进入接口,trunk模式 interface gigabitethernet g0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 60 批量创建接口加入trunk模式,pvid为10 port-group group-member g0/0/2 to g0/0/6 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 60 port trunk pvid vlan 10

    交换机sw1配置 批量创建vlan10 20 30 40 50 60 70 vlan batch 10 20 30 40 50 60 70 交换机sw1核心交换机,为用户的网关,也为dhcp服务器 进入vlan接口,创建IP地址 interface vlanif 10 ip address 192.168.10.2 24 quit interface vlanif 20 ip address 192.168.20.1 24 quit interface vlanif 30 ip address 192.168.30.1 24 quit interface vlanif 40 ip address 192.168.40.1 24 quit interface vlanif 50 ip address 192.168.50.1 24 quit interface vlanif 60 ip address 192.168.60.1 24 quit 开启dhcp服务 dhcp enable 创建ip地址池 ip pool vlan20 network 192.168.20.0 mask 24 gateway-list 192.168.20.1 quit ip pool vlan30 network 192.168.30.0 mask 24 gateway-list 192.168.30.1 quit ip pool vlan40 network 192.168.40.0 mask 24 gateway-list 192.168.40.1 quit ip pool vlan50 network 192.168.50.0 mask 24 gateway-list 192.168.50.1 quit ip pool vlan60 network 192.168.60.0 mask 24 gateway-list 192.168.60.1 quit 进入vlan接口,开启全局模式 interface vlanif 20 dhcp select global quit interface vlanif 30 dhcp select global quit interface vlanif 40 dhcp select global quit interface vlanif 50 dhcp select global quit interface vlanif 60 dhcp select global quit

    与路由器AC、sw2接口配置 interface gigabitethernet 0/0/1 port link-type access port default vlan 70

    interface gigabitethernet 0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 30 40 50 60

    iinterface gigabitethernet 0/0/3 port link-type access port default vlan 10 默认路由 ip route-static 0.0.0.0 0 192.168.70.1

    AC的配置 创建vlan10 vlan batch 10 开启dhcp服务 dhcp enable 进入vlan10接口 interface Vlanif10 ip address 192.168.10.1 255.255.255.0 dhcp select interface quit 进入g0/0/1接口 interface GigabitEthernet0/0/1 接口为access模式并加入vlan10 port link-type access port default vlan 10 AC到路由器的静态路由 ip route-static 192.168.70.0 255.255.255.0 192.168.10.2 进入无线 wlan 创建AP组 ap-group name vlan20 quit ap-group name vlan30 quit ap-group name vlan40 quit ap-group name vlan50 quit ap-group name vlan60 quit 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板 regulatory-domain-profile name default country-mode cn quit ap-group name vlan20 regulatory-domain-profile default quit ap-group name vlan30 regulatory-domain-profile default quit ap-group name vlan40 regulatory-domain-profile default quit ap-group name vlan50 regulatory-domain-profile default quit ap-group name vlan60 regulatory-domain-profile default quit quit 配置AC源接口 capwap source interface vlanif 10 进入无线 wlan MAC地址认证,并将AP加入组vlan20 ap auth-mode mac-auth ap-id 1 ap-mac 00e0-fc53-1a40 ap-name 1 ap-group vlan20 quit ap-id 2 ap-mac 00e0-fcde-5c30 ap-name 2 ap-group vlan30 quit ap-id 3 ap-mac 00e0-fc60-2040 ap-name 3 quit ap-group vlan40 ap-id 4 ap-mac 00e0-fc14-2590 ap-name 4 ap-group vlan50 quit ap-id 5 ap-mac 00e0-fc60-6ec0 ap-name 6 ap-group vlan60 quit 将AP插上电后,输入display ap all 查看“State”字段是否显示nor“,如显示“nor”表示AP正常上线 display ap all 配置安全模板,设置密码 security-profile name vlan20 security wpa-wap2 psk pass-phrase 12345678 aes quit security-profile name vlan30 security wpa-wpa2 psk pass-phrase 12345678 aes quit security-profile name vlan40 security wpa-wpa2 psk pass-phrase 12345678 aes quit security-profile name vlan50 security wpa-wpa2 psk pass-phrase 12345678 aes quit security-profile name vlan60 security wpa-wpa2 psk pass-phrase 12345678 aes quit 创建ssid模板 ssid-profile name vlan20 ssid HUAWEI quit ssid-profile name vlan30 ssid HUAWEI quit ssid-profile name vlan40 ssid HUAWEI quit ssid-profile name vlan50 ssid HUAWEI quit ssid-profile name vlan60 ssid HUAWEI quit 创建VAP模板,配置业务数据转发模式、业务vlan,引用ssid模板和安全模板 vap-profile name vlan20 forward-mode direct-forward ssid-profile vlan20 security-prifile vlan20 service-vlan vlanid 20 quit vap-profile name vlan30 forward-mode direct-forward ssid-prodile vlan30 security-profile vlan30 service-vlan vlan-id 30 quit vap-profile name vlan40 ssid-profile vlan40 security-profile vlan40 service-vlan vlan-id 40 forward-mode direct-forward quit vap-profile name vlan50 security-profile vlan50 ssid-profile vlan50 service-vlan vlan-id 50 forward-mode direct-forward quit vap-profile name vlan60 service-vlan vlan-id 60 ssid-profile vlan60 security-profile vlan60 forward-mode direct-forward quit 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板的配置 ap-group name vlan20 vap-profile vlan20 wlan 1 radio 0 vap-profile vlan20 wlan 1 radio 1 quit ap-group name vlan30 vap-profile vlan30 wlan 1 radio 0 vap-profile vlan30 wlan 1 radio 1 quit ap-group name vlan40 vap-profile vlan40 wlan 1 radio 0 vap-profile vlan40 wlan 1 radio 1 quit ap-group name vlan50 vap-profile vlan50 wlan 1 radio 0 vap-profile vlan50 wlan 1 radio 1 quit ap-group name vlan60 vap-profile vlan60 wlan 1 radio 0 vap-profile vlan60 wlan 1 radio 1 quit 通过命令display vap ssid HUAWEI可查询AP是否在VAP创建成功 通过命令display station ssid HUAWEI可查询用户分别接入无线网络

    路由器ar1配置 接口配置 interface gigabitethernet 0/0/1 ip address 192.168.70.1 24 配置到达sw1的静态路由 ip route-static 192.168.20.0 24 192.168.70.2 ip route-static 192.168.30.0 24 192.168.70.2 ip route-static 192.168.40.0 24 192.168.70.2 ip route-static 192.168.50.0 24 192.168.70.2 ip route-static 192.168.60.0 24 192.168.70.2

    Processed: 0.043, SQL: 9