eNSP网络构建—配置无线网络

需求分析
对于小型局域网中, 对于接入设备的需求,需要在局域网中部署无线网络,通过无线控制器AC管理网
络中所有的无线AP设备，下发无线配置信息。无线网络发布2 4G和5G信号,满足不同设备的连接使用。

拓扑图：
注意:
防火墙使用USG5500 ,路由器使用AR2220 , AC使用AC6005 , AP使用AP2050。

拓扑描述：
防火墙连接外网地址为192.168.12.9/24，路由器与核心交换机通联地址为192.168.2.0/24。
防火墙安全规则只允许网络中无线网络中地址可以访问外网。
配置路由器与防火墙之间连接地址为192.168.5.0/24网段，配置与交换机胡同地址为192.168.2.2/24。
核心交换机配置vlan3为连接无线网络设备，网关地址为172.16.3.1/24，配置vlan1002为连接路由器，ip地址为192.168.2.1/24。
AC控制器管理地址为192.168.3.1/24，设置vlan1003为AC和AP之间管理VLAN，配置DHCP地址池，使AP可以自动获取管理地址。

1.S2交换机配置

<Huawei> system-view
[Huaweilsysname S2
[S2]vlan batch 3 1003
[S2]interface GigabitEthernet 0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk pvid vlan 1003
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan 3 1003 
[S2-GigabitEthernet0/0/2]quit
[S2]interface GigabitEthernet 0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk
[S2-GigabitEthernet0/0/3]port trunk pvid vlan 1003
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan 3 1003
[S2-GigabitEthernet0/0/3]quit
[S2]interface GigabitEthernet 0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003

2.S1交换机配置

<Huawei>system-view
[Huawei]sysname S1
[S1]vlan batch 3 1002 1003
[S1]interface GigabitEthernet 0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 3 1003
[S1-GigabitEthernet0/0/2]quit
[S1Jinterface GigabitEthernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 3 1003
[S1-GigabitEthernet0/0/3]quit
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 1002
[S1-GigabitEthernet0/0/1]quit
[S1]dhcp enable
[S1]interface Vlanif 3
[S1-Vlanif3]ip address 172.16.3.1 24
[S1-Vlanif3]dhcp select interface
[S1-Vlanif3]dhcp server dns-list 114.114.114.114 223.5.5.5
[S1-Vlanif3]quit
[S1]interface Vlanif 1002
[S1-Vlanif1002]ip address 192.168.2.1 24
[S1-Vlanif1002]quit
[S1]ip route-static 0.0.0.0 0 192.168.2.2

3.R1交换机配置

<Huawei>sys
[Huawei]sysname R1
[R1]inter GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[R1-GigabitEthernet0/0/0]quit
[R1]inter GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.5.2 24
[R1-GigabitEthernet0/0/1]quit
[R1]ip route-static 0.0.0.0 0 192.168.5.1
[R1]ip route-static 172.16.3.0 255.255.255.0 192.168.2.1

4.FW防火墙配置

<SRG>sys
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/1
[SRGzone-trust]quit
[SRG]firewall zone untrust
[SRG-zone-untrust]add inter GigabitEthernet 0/0/2
[SRG-zone-untrust]quit
[SRG]interface GigabitEthernet 0/0/1
[SRG-GigabitEthernet0/0/1]ip address 192.168.5.1 24
[SRG-GigabitEthernet0/0/1]quit
[SRG]interface GigabitEthernet 0/0/2
[SRG-GigabitEthernet0/0/2]ip address 192.168.88.9 24
[SRG-GigabitEthernet0/0/2]quit
[SRG]ip route-static 0.0.0.0 0 192.168.5.2
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.3.0 0.0.0.255
[SRG-policy-interzone-trust-untrust-outbound-0]quit
[SRG-policy-interzone-trust-untrust-outbound]quit
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.3.0 0.0.0.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/2

5.AC配置

<AC6005>sys
[AC6005]sysname AC
[AC]vlan batch 3 1003
[AC]inter GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
[AC-GigabitEthernet0/0/1]quit
[AC]dhcp enable
[AC]inter Vlanif 1003
[AC-Vlanif1003]ip address 192.168.3.1 24
[AC-Vlanif1003]dhcp select interface
[AC-Vlanif1003]quit
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel,  power and antenna gain configurations of the radio and reset the AP.  Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 1003
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc1f-4810  //在AP上使用display arp查询
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country  code changes, it will clear channel, power and antenna gain configurations of the  radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0]quit
[AC-wlan-view]ap-id 1 ap-mac 0e0-fca1-57b0 
[AC-wlan-ap-1]ap-name area_2
[AC-wlan-ap-1]ap-group ap-group1
Warning: This operation may cause AP reset. If the country  code changes, it will clear channel, power and antenna gain configurations of the  radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-1]quit
[AC-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
--------------------------------------------------------------------------------
------------------
ID   MAC            Name   Group     IP            Type            State STA Upt
ime
--------------------------------------------------------------------------------
------------------
0    00e0-fc1f-4810 area_1 ap-group1 192.168.3.153 AP2050DN        nor   1   1H:
28M:57S
1    00e0-fca1-57b0 area_2 ap-group1 192.168.3.246 AP2050DN        nor   1   1H:
28M:54S
--------------------------------------------------------------------------------
------------------
Total: 2
[AC-wlan-view]security-profile name ssid_name	
[AC-wlan-sec-prof-ssid_name]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-ssid_name]quit
[AC-wlan-view]ssid-profile name ssid_name
[AC-wlan-ssid-prof-ssid_name]ssid ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-ssid_name]quit
[AC-wlan-view]vap-profile name ssid_name
[AC-wlan-vap-prof-ssid_name]forward-mode direct-forward 
[AC-wlan-vap-prof-ssid_name]service-vlan vlan-id 3
Info: This operation may take a few seconds, please wait.done.	
[AC-wlan-vap-prof-ssid_name]security-profile ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-ssid_name]ssid-profile ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-ssid_name]quit
[AC-wlan-view]ap-group name ap-group1	
[AC-wlan-ap-group-ap-group1]vap-profile ssid_name wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]vap-profile ssid_name wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]quit

配置完成后，可见AP有了wifi信号覆盖区。

R1ping外网

STA1 Ping 外网

STA2 Ping 外网