H3C WA6620X-FIT不要AC开局配置实例

近期采购一批H3C的WA6620无线接入AP，但是没有采购AC。由于项目着急上线，只能先把这个设备拿来先用胖模式开起来。为了防止后期配置丢失找不到，就记录下来，方便后期查找配置。

一、组网需求：

如下图所示，使用H3C Wi-Fi6无线接入点、PoE交换机和三层交换机实现多台FAT AP与交换机配合组网。具体要求如下：

1、L3 switch作为DHCP server为无线客户端Client分配IP地址。

2、L2 switch通过PoE方式给AP供电。

3、Client通过VLAN 100接入无线网络。

4、使用手工配置静态IP地址的方式，为AP规划地址。

5、要求客户端可以在FAT AP内漫游，也可以跨FAT AP漫游。

二、配置思路：

配置思路
· 配置FAT AP和上层网络设备实现二层互通。

· 在L3 switch上开启DHCP server功能，为Client提供地址。FAT AP的地址由管理员手动配置，Client通过DHCP server自动获取IP地址。

· 在L2 switch上开启PoE功能，为AP设备供电。

· 配置FAT AP的国家码，保证射频符合当地法律。

· 配置FAT AP漫游组，实现跨FAT AP漫游。

三、配置步骤：

3.3.1 配置L3 switch
(1) 配置L3 switch的接口

# 配置VLAN及接口。

<L3 switch>system-view

[L3 switch] vlan 100

[L3 switch-vlan100] quit

[L3 switch] interface vlan-interface 100

[L3 switch-Vlan-interface1] ip address 10.100.2.111 255.255.0.0

[L3 switch-Vlan-interface1] quit

# 配置L3 Switch和L2 Switch相连的接口GigabitEthernet1/0/2为Trunk类型，并允许VLAN 100通过。

[L3 switch] interface gigabitethernet 1/0/2

[L3 switch-GigabitEthernet1/0/2] port link-type trunk

[L3 switch-GigabitEthernet1/0/2] port trunk permit vlan 100

[L3 switch-GigabitEthernet1/0/2] quit

(2) 配置DHCP server

# 配置DHCP地址池100为Client分配地址，范围为10.100.2.0/16，网关地址为10.100.2.111，禁止分配的IP地址为10.100.2.112、10.100.2.121~10.100.2.124。

[L3 switch] dhcp server ip-pool 100

[L3 switch-dhcp-pool-100] network 10.100.2.0 mask 255.255.0.0

[L3 switch-dhcp-pool-100] gateway-list 10.100.2.111

[L3 switch-dhcp-pool-100] forbidden-ip 10.100.2.112

[L3 switch-dhcp-pool-100] forbidden-ip-range 10.100.2.121 10.100.2.124

[L3 switch-dhcp-pool-100] quit

# 开启DHCP server功能。

[L3 switch] dhcp enable

3.3.2 配置L2 switch
(1) 配置L2 Switch 2的接口

# 配置VLAN及接口。

<L2 switch> system-view

[L2 switch] interface vlan-interface 100

[L2 switch-Vlan-interface100] ip address 10.100.2.112 255.255.0.0

[L2 switch-Vlan-interface100] quit

[L2 switch] vlan 100

[L2 switch-vlan100] quit

# 配置L2 Switch和L3 Switch相连的接口GigabitEthernet1/0/1为Trunk类型，并允许VLAN 100通过。

[L2 switch] interface gigabitethernet 1/0/1

[L2 switch-GigabitEthernet1/0/1] port link-type trunk

[L2 switch-GigabitEthernet1/0/1] port trunk permit vlan 100

[L2 switch-GigabitEthernet1/0/1] quit

# 配置L2 Switch与FAT AP相连的接口为Access类型，将接口加入VLAN 100，并开启PoE远程供电功能，以GigabitEthernet1/0/2为例。

[L2 switch] interface range gigabitethernet 1/0/2

[L2 switch-GigabitEthernet1/0/2] port access vlan 100

[L2 switch-GigabitEthernet1/0/2] poe enable

[L2 switch-GigabitEthernet1/0/2] quit

3.3.3 配置FAT AP
说明：本配置以FAT AP 1为例，FAT AP 2～4的配置与FAT AP 1类似，请参考下文进行配置。

(1) 配置国家码（如果缺省配置与举例中相同，请忽略此配置）

<AP> system-view

[AP] wlan global-configuration

[AP-wlan-global-configuration] region-code JP

This operation may reset the radio parameters. Continue? [Y/N]:y

[AP-wlan-global-configuration] quit

(2) 配置FAT AP的接口

# 配置VLAN及接口。

[AP] interface vlan-interface 100

[AP-Vlan-interface100] ip address 10.100.2.121 255.255.0.0

[AP-Vlan-interface100] quit

[AP] vlan 100

[AP-vlan100] quit

# 配置FAT AP和L2 Switch相连的接口GigabitEthernet1/0/1为Access类型，将接口加入VLAN 100。

[AP] interface gigabitethernet 1/0/1

[AP-GigabitEthernet1/0/1] port link-type access

[AP-GigabitEthernet1/0/1] port access vlan 100

[AP-GigabitEthernet1/0/1] quit

(3) 配置无线服务模板

# 创建无线服务模板service1，并进入无线服务模板视图。

[AP] wlan service-template service1

# 配置SSID为service。

[AP-wlan-st-service1] ssid service

# 配置无线服务模板的VLAN为100。

[AP-wlan-st-service1] vlan 100

# 配置AKM为PSK，配置PSK密钥，使用明文的字符串12345678作为共享密钥。

[AP-wlan-st-service1] akm mode psk

[AP-wlan-st-service1] preshared-key pass-phrase simple 12345678

# 配置CCMP为加密套件，配置RSN为安全信息元素。

[AP-wlan-st-service1] cipher-suite ccmp

[AP-wlan-st-service1] security-ie rsn

# 开启无线服务模板。

[AP-wlan-st-service1] service-template enable

[AP-wlan-st-service1] quit

# 将无线服务模板service1绑定到WLAN-Radio 1/0/1接口。

[AP] interface wlan-radio 1/0/1

[AP-WLAN-Radio1/0/1] undo shutdown

[AP-WLAN-Radio1/0/1] service-template service1

[AP-WLAN-Radio1/0/1] quit

# 将无线服务模板service1绑定到WLAN-Radio 1/0/2接口。

[AP] interface wlan-radio 1/0/2

[AP-WLAN-Radio1/0/2] undo shutdown

[AP-WLAN-Radio1/0/2] service-template service1

[AP-WLAN-Radio1/0/2] quit

(4) 配置漫游组

# 创建漫游组office。

[AP] wlan mobility group office

# 配置漫游组IADTP隧道IP地址类型为IPv4。

[AP-wlan-mg-office] tunnel-type ipv4

# 配置FAT AP加入漫游组时建立IADTP隧道的源IP地址为设备自身的IP地址。

[AP-wlan-mg-office] source ip 10.100.2.121

# 通过漫游组成员自动添加功能，添加漫游组内的AP成员。

[AP-wlan-mg-office] member auto-discovery

# 开启漫游组功能。

[AP-wlan-mg-office] group enable

[AP-wlan-mg-office] quit

#关闭自带的wifi

wlan service-template 16
undo service-template enable
save
yes

#配置登录相关账户信息

telnet server enable
ip http enable
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
authentication-mode scheme
local-user admin
password simple 12345678
authorization-attribute user-role network-admin
service-type telnet http https terminal

3.4 验证配置
客户端从AP 1漫游至AP 2后，可以通过命令行查看客户端的漫游信息。

# 在AP 1查看漫游组信息。

[AP1] display wlan mobility group

Mobility group name: office

Tunnel type: IPv4

Source IPv4: 10.100.2.121

Source IPv6: Not configured

Authentication method: Not configured

Mobility group status: Enabled

Member entries: 1

IP address State Online time

10.100.2.122 Up 00hr 00min 12sec

10.100.2.123 Up 00hr 00min 15sec

10.100.2.124 Up 00hr 00min 20sec

# 在AP 2查看漫游组信息。

[AP2] display wlan mobility group

Mobility group name: office

Tunnel type: IPv4

Source IPv4: 10.100.2.122

Source IPv6: Not configured

Authentication method: Not configured

Mobility group status: Enabled

Member entries: 1

IP address State Online time

10.100.2.121 Up 00hr 00min 05sec

10.100.2.123 Up 00hr 00min 15sec

10.100.2.124 Up 00hr 00min 20sec

# 在AP 1上通过display wlan mobility roam-track mac-address可以查看到客户端在AP 1初始上线，随后漫游到AP 2上。

[AP1] display wlan mobility roam-track mac-address bce2-659a-3232

Total entries : 2

Current entries: 2

BSSID Created at Online time AP IP address RID AP name

74ea-c8fd-c200 2016-06-14 11:12:28 00hr 06min 56sec 10.100.2.122 2 ap2

74ea-c8fd-c1e0 2016-06-14 11:11:28 00hr 03min 30sec 127.0.0.1 1 ap1

# 在AP 1上通过display wlan mobility roam-out可以查看到客户端漫出到AP 2上漫出信息。

[AP1] display wlan mobility roam-out

Total entries: 1

MAC address BSSID VLAN ID Online time FA IP address

bce2-659a-3232 74ea-c8fd-c200 1 00hr 01min 59sec 10.100.2.122

# 在AP 2上通过display wlan client可以查看到客户端关联的AP为AP 2，漫游状态为AP间漫游。

[AP2] display wlan client verbose

Total number of clients: 1

MAC address : bce2-659a-3232

IPv4 address : 10.100.2.125

IPv6 address : N/A

Username : N/A

AID : 978

Radio ID : 2

Channel : 36

SSID : service

BSSID : 74ea-c8fd-c200

VLAN ID : 100

VLAN ID2 : N/A

Sleep count : 49

……

Roam status : Inter-AP roam

Key derivation : N/A

PMF status : N/A

Forwarding policy name : Not configured

Online time : 0days 0hours 0minutes 54seconds

FT status : Inactive

# 在AP 2上通过display wlan mobility roam-in命令可以查看到客户端从AP 2漫入的漫入信息。

[AP2] display wlan mobility roam-in

Total entries: 1

MAC address BSSID VLAN ID HA IP address

bce2-659a-3232 74ea-c8fd-c200 100 10.100.2.121

附带配置AP命令：

sys
ap-mode cloud
reboot

sys
wlan global-configuration
region-code CN
y
quit

vlan 300
int g 1/0/1
port link-type access
port access vlan 300
int vlan 300
ip address 10.10.10.10 24
quit

wlan service-template service1
ssid scan
vlan 300
akm mode psk
preshared-key pass-phrase simple 12345678
cipher-suite ccmp
security-ie rsn
service-template enable
quit

interface WLAN-Radio 1/0/1
undo shutdown
service-template service1
option client reject enable rssi 45
option client reconnect enable rssi 20
quit

interface wlan-radio 1/0/2
undo shutdown
service-template service1
quit

wlan mobility group office
tunnel-type ipv4
source ip 10.10.10.10
member auto-discovery
group enable

telnet server enable
ip http enable
line vty 0 63
authentication-mode scheme
user-role network-admin
user-role network-operator
authentication-mode scheme
local-user admin
password simple hcai@12345
authorization-attribute user-role network-admin
service-type telnet http https terminal

wlan service-template 16
undo service-template enable
save
y