華為WLAN無線漫遊配置
阿新 • • 發佈:2018-07-30
threshold undo ble 傳輸介質 業務 conf 密碼 station 華為 1、基本概念
無線局域網WLAN(Wireless Local Area Network)廣義上是指以無線電波、激光、紅外線等來代替有線局域網中的部分或全部傳輸介質所構成的網絡
WLAN技術是基於802.11標準系列的,即利用高頻信號(例如2.4GHz或5GHz)作為傳輸介質的無線局域網
華為WLAN業務的基本概念:
工作站STA(Station):支持802.11標準的終端設備。例如帶無線網卡的電腦、支持WLAN的手機等
無線控制器AC(Access Controller):在集中式網絡架構中,AC對無線局域網中的所有AP進行控制和管理。例如,AC可以通過與認證服務器交互信息來為WLAN用戶提供認證服務
接入點AP(Access Point):為STA提供基於802.11標準的無線接入服務,起到有線網絡和無線網絡的橋接作用
瘦接入點FIT AP(FIT Access Point):在集中式網絡架構的瘦接入點(FIT AP)架構中提供STA的無線接入服務,區別於傳統的FAT AP,只提供可靠、高性能的無線連接功能,其他的增強功能統一在AC上集中配置
中心AP(Central Access Point):在集中式網絡架構的敏捷分布Wi-Fi方案架構中,中心AP代理AC分擔對RU的集中管理和協同功能,如STA上線、配置下發、RU之間的STA漫遊。
遠端單元RU(Remote unit):在集中式網絡架構的敏捷分布Wi-Fi方案架構中,遠端單元作為中心AP的遠端射頻模塊,負責空口802.11報文的收發
無線接入點控制與規範CAPWAP(Control And Provisioning of Wireless Access Points):由RFC5415協議定義的,實現AP和AC之間的互通的一個通用封裝和傳輸機制
射頻信號:提供基於802.11標準的WLAN技術的傳輸介質,是具有遠距離傳輸能力的高頻電磁波。本文指的射頻信號是2.4G或5G頻段的電磁波。
虛擬接入點VAP(Virtual Access Point):是AP設備上虛擬出來的業務功能實體。用戶可以在一個AP上創建不同的VAP來為不同的用戶群體提供無線接入服務。
服務集標識符SSID(Service Set Identifier):表示無線網絡的標識,用來區分不同的無線網絡。例如,當我們在筆記本電腦上搜索可接入無線網絡時,顯示出來的網絡名稱就是SSID
2、配置直連二層組網隧道轉發
(1)拓撲圖
(2)配置參數規劃
| 配置項 | 用途 | 數據 |
|---|---|---|
| AP管理VLAN | AC與AP通信VLAN | VLAN10 |
| STA業務VLAN | STA用戶上網通信VLAN | VLAN100 |
| DHCP服務器 | 分發IP地址 | AC作為DHCP為AP和STA分配IP地址 |
| AP地址池 | AP分發的IP地址池 | 10.0.0.2-10.0.0.254/24 |
| STA地址池 | STA分發的IP地址池 | 100.0.0.3-100.0.0.254/24 |
| CAPWAP地址 | AP與AC通用的封裝和傳輸機制 | VLANIF10:10.0.0.1/24 |
| AP組 | 實現多AP統一管理配置 | ap-group1 引用模板:VAP模板wlan-vap、域管理模板default 射頻模板wlan-radio2g/wlan-radio5g |
| 域管理模板 | 提供對AP的國家碼,調優信道集合和調優帶寬 | default 國家碼:cn |
| SSID | 配置無線網絡名稱SSID名稱 | wlan-ssid SSID名稱:test_wifi |
| 安全模板 | 配置WLAN安全策略,對終端進行身份認證 | wlan-security 安全策略:PWA-WPA2 PSK AES SSID密碼:abc123456 |
| VAP模板 | 為STA提供無線接入服務 | wlan-vap 轉發模式:隧道模式 業務VLAN:VLAN100 引用模板:SSID:wlan-ssid 安全模板:wlan-security |
| 射頻模板 | 用於優化射頻參數,提供信道切換業務不中斷功能 | wlan-radio2g/wlan-radio5g 引用模板:RRM模板:wlan-rrm |
| RRM模板 | 動態添加射頻資源來使用無線信號的環境變化,調整無線信號覆蓋範圍和降低射頻信號幹擾 | wlan-rrm 智能漫遊信噪比30和速率百分比30 |
(3)操作步驟
R1路由器:配置GE 0/0/1接口為交換接口並添加VLAN100將接口加入VLAN100,VLANIF100地址100.0.0.1/24,此地址為STA終端的網關地址
<Huawei>undo terminal monitor #不顯示日誌 <Huawei>system-view [Huawei]sysname R1 [R1]user-interface console 0 [R1-ui-console0]idle-timeout 0 0 #不超時 [R1-ui-console0]quit [R1]vlan batch 100 [R1]interface Vlanif 100 [R1-Vlanif100]ip address 100.0.0.1 24 [R1-Vlanif100]undo shutdown [R1-Vlanif100]quit [R1]interface GigabitEthernet 0/0/1 [R1-GigabitEthernet0/0/1]portswitch #轉換為交換接口 [R1-GigabitEthernet0/0/1]port link-type trunk #trunk模式 [R1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 #加入vlan [R1-GigabitEthernet0/0/1]quit
switch交換機:配置接口為trunk,配置GE0/0/2和GE0/0/3缺省VLAN為VLAN 10,並將接口加入到VLAN 10
[Switch]vlan batch 10 [Switch]interface GigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1]port link-type trunk [Switch-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 [Switch-GigabitEthernet0/0/1]quit [Switch]port-group 1 #創建端口組 [Switch-port-group-1]group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 #加入端口 [Switch-GigabitEthernet0/0/3]port link-type trunk #配置接口模板trunk [Switch-port-group-1]port trunk pvid vlan 10 #缺省VLAN [Switch-port-group-1]port trunk allow-pass vlan 10 #加入VLAN [Switch-port-group-1]port-isolate enable #開啟端口過濾 [Switch-port-group-1]quit
AC配置網絡互通:
[AC]vlan batch 10 100 [AC]interface GigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1]port link-type trunk [AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 [AC-GigabitEthernet0/0/1]quit [AC]interface GigabitEthernet 0/0/2 [AC-GigabitEthernet0/0/2]port link-type trunk [AC-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 [AC-GigabitEthernet0/0/2]quit
AC配置DHCP服務器:VLANIF10分發AP的IP地址,VLANIF100分發STA的IP地址
[AC]interface Vlanif 10 [AC-Vlanif10]ip address 10.0.0.1 24 [AC-Vlanif10]dhcp select interface [AC-Vlanif10]quit [AC]interface Vlanif 100 [AC-Vlanif100]ip address 100.0.0.2 24 [AC-Vlanif100]dhcp select interface #接口地址池 [AC-Vlanif100]dhcp server gateway-list 100.0.0.1 #STA業務網關地址 [AC-Vlanif100]dhcp server dns-list 8.8.8.8 [AC-Vlanif100]quit [AC]ip route-static 0.0.0.0 0.0.0.0 100.0.0.1 #默認路由
AC配置AP上線:
配置AC的源接口CAPWAP
[AC]capwap source interface Vlanif 10
創建AP組:
[AC]wlan [AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]quit
創建域管理模板:
[AC-wlan-view]regulatory-domain-profile name default [AC-wlan-regulate-domain-default]country-code cn [AC-wlan-regulate-domain-default]quit [AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]regulatory-domain-profile default #將域管理模板加入到AP組中 Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-group1]quit
創建SSID模板:
[AC-wlan-view]ssid-profile name wlan-ssid [AC-wlan-ssid-prof-vlan-ssid]ssid test_wifi [AC-wlan-ssid-prof-vlan-ssid]quit
創建安全模板:
[AC-wlan-view]security-profile name wlan-security [AC-wlan-sec-prof-wlan-security]security wpa-wpa2 psk pass-phrase abc123456 aes [AC-wlan-sec-prof-wlan-security]quit
創建VAP模板:
[AC-wlan-view]vap-profile name wlan-vap [AC-wlan-vap-prof-wlan-vap]forward-mode tunnel [AC-wlan-vap-prof-wlan-vap]service-vlan vlan-id 100 [AC-wlan-vap-prof-wlan-vap]security-profile wlan-security [AC-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid [AC-wlan-vap-prof-wlan-vap]quit
配置AP組引用VAP模板,並在射頻0和1上引用VAP模板
[AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 0 [AC-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 1 [AC-wlan-ap-group-ap-group1]quit
#配置AP上線:
[AC-wlan-view]display unauthorized-ap record #查看未確認上線AP [AC-wlan-view]ap-confirm all #將所有AP上線 [AC-wlan-view]display ap all #顯示所有上線AP [AC-wlan-view]ap-id 0 #進入AP視圖 [AC-wlan-ap-0]ap-name area_1 [AC-wlan-ap-0]ap-group ap-group1 #將AP加入到組 [AC-wlan-ap-0]quit [AC-wlan-view]ap-id 1 [AC-wlan-ap-1]ap-name area_2 [AC-wlan-ap-1]ap-group ap-group1 [AC-wlan-ap-1]quit
創建RRM模板:
[AC-wlan-view]rrm-profile name wlan-rrm [AC-wlan-rrm-prof-wlan-rrm]smart-roam enable [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold check-snr check-rate [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold snr 30 [AC-wlan-rrm-prof-wlan-rrm]smart-roam roam-threshold rate 30 [AC-wlan-rrm-prof-wlan-rrm]quit
創建2G射頻模板:並引用RRM模板
[AC-wlan-view]radio-2g-profile name wlan-radio2g [AC-wlan-radio-2g-prof-wlan-radio2g]rrm-profile wlan-rrm [AC-wlan-radio-2g-prof-wlan-radio2g]quit
創建5G射頻模板:並引用RRM模板
[AC-wlan-view]radio-5g-profile name wlan-radio5g [AC-wlan-radio-5g-prof-wlan-radio5g]rrm-profile wlan-rrm [AC-wlan-radio-5g-prof-wlan-radio5g]quit
在AP組中引用2G和5G模板
[AC-wlan-view]ap-group name ap-group1 [AC-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio 0 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group1]radio-5g-profile wlan-radio5g radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group1]quit
驗證結果:
查看VAP射頻模板應用
<AC>display vap all Info: This operation may take a few seconds, please wait. WID : WLAN ID ------------------------------------------------------------------------------ AP ID AP name RfID WID BSSID Status Auth type STA SSID ------------------------------------------------------------------------------ 0 area_1 0 1 00E0-FC51-74B0 ON WPA/WPA2-PSK 0 test_wifi 0 area_1 1 1 00E0-FC51-74C0 ON WPA/WPA2-PSK 0 test_wifi 1 area_2 0 1 00E0-FC1D-1390 ON WPA/WPA2-PSK 0 test_wifi 1 area_2 1 1 00E0-FC1D-13A0 ON WPA/WPA2-PSK 0 test_wifi ------------------------------------------------------------------------------ Total: 4
查看已連接的STA客戶端
[AC]display station ssid test_wifi Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) -------------------------------------------------------------------------------- --------- STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP a ddress -------------------------------------------------------------------------------- --------- 5489-9875-54a4 1 area_2 0/1 2.4G - -/- - 100 100. 0.0.21 5489-988d-6dc9 0 area_1 1/1 5G 11a 0/0 - 100 100. 0.0.90 -------------------------------------------------------------------------------- --------- Total: 2 2.4G: 1 5G: 1
查看智能漫遊配置
[AC]display rrm-profile name wlan-rrm ------------------------------------------------------------ ...... Smart-roam : enable Smart-roam check SNR : enable Smart-roam standing SNR threshold(dB) : 30 Smart-roam SNR quick-kickoff-threshold(dB) : 15 Smart-roam check rate : enable AMC policy : auto-balance Smart-roam rate threshold(%) : 30 Smart-roam rate quick-kickoff-threshold(%) : 20 Smart-roam high level SNR margin(dB) : 15 Smart-roam low level SNR margin(dB) : 6 Smart-roam SNR check interval(s) : 3 Smart-roam unable roam client expire time(m) : 120 Zero-roam roam check high threshold : 40 Zero-roam roam check low threshold : 35 Zero-roam roam check interval(ms) : 700 Zero-roam report interval(ms) : 400 ------------------------------------------------------------
結果截圖:
華為WLAN無線漫遊配置