(eNSP）配置WDS手拉手业务

1.实验拓扑

2.基础配置

[SW1]dis cu
#
sysname SW1
#
vlan batch 10 100 110 120
#
dhcp enable
#
interface Vlanif10ip address 192.168.10.2 255.255.255.0
#
interface Vlanif100ip address 192.168.100.2 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 192.168.100.1
#
interface Vlanif110ip address 192.168.110.1 255.255.255.0dhcp select interface
#
interface Vlanif120ip address 192.168.120.1 255.255.255.0dhcp select interface
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 10
#
interface GigabitEthernet0/0/2port link-type accessport default vlan 100
#
interface GigabitEthernet0/0/3port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 110 120
#
ip route-static 8.8.8.8 255.255.255.255 192.168.10.1
#

[SW2]dis cu
#
sysname SW2
#
vlan batch 10
#
interface Vlanif10ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 10
#
interface LoopBack0ip address 8.8.8.8 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 192.168.10.2
#

[AC1]dis cu
#sysname AC1
#
vlan batch 100 110 120
#
vlan pool 1vlan 110 120
#
interface Vlanif100ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
capwap source interface vlanif100
#
wlansecurity-profile name huaweisecurity wpa-wpa2 psk pass-phrase %^%#+hOW~@wYj$]V3"In*EC:{%%+9w/N"SS{rHLdV>IT%^%# aessecurity-profile name wds-secsecurity wpa2 psk pass-phrase %^%#LVE>*]9}2D)gSDUcuSE*Gxkk.'X4)UZtd|'.@cW;%^%# aessecurity-profile name wlan-netssid-profile name huaweissid huaweissid-profile name wlan-netssid wlan-netvap-profile name huaweiservice-vlan vlan-pool 1ssid-profile huaweisecurity-profile huaweivap-profile name wlan-netservice-vlan vlan-pool 1ssid-profile wlan-netsecurity-profile wlan-netwds-whitelist-profile name wds-list1peer-ap mac 00e0-fc65-7800wds-profile name wds-leafsecurity-profile wds-secvlan tagged 110 120wds-name wlan-wdswds-profile name wds-rootsecurity-profile wds-secvlan tagged 110 120wds-name wlan-wdswds-mode rootap-group name ap1radio 0vap-profile huawei wlan 1radio 1vap-profile huawei wlan 1wds-profile wds-rootwds-whitelist-profile wds-list1radio 2vap-profile huawei wlan 1ap-group name ap2radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1wds-profile wds-leafradio 2vap-profile wlan-net wlan 1ap-id 0 type-id 47 ap-mac 00e0-fce0-3dd0 ap-sn 210235448310B80C4479ap-name AP1ap-group ap1radio 1channel 40mhz-plus 157coverage distance 4ap-id 1 type-id 47 ap-mac 00e0-fc65-7800 ap-sn 210235448310555B520Aap-name AP2ap-group ap2radio 1channel 40mhz-plus 149coverage distance 4
#

3.wds重点配置

（在WDS网络中，建立WDS链路的射频必须为同一信道。）

[AC1-wlan-view]ap-id  1

[AC1-wlan-ap-1]di th
#
  ap-name AP2
  ap-group ap2
  radio 1
   channel 40mhz-plus 149
   coverage distance 4
#
return

[AC1-wlan-view]ap-id  0 
[AC1-wlan-ap-0]dis th
#
  ap-name AP1
  ap-group ap1
  radio 1
   channel 40mhz-plus 157
   coverage distance 4
#
return

#配置WDS链路使用的安全模板“wds-sec”，“wds-sec”的安全策略为WPA2+PSK+AES。

[AC1-wlan-view]security-profile  name  wds-sec
[AC1-wlan-sec-prof-wds-sec]di th
#
  security wpa2 psk pass-phrase %^%#LVE>*]9}2D)gSDUcuSE*Gxkk.'X4)UZtd|'.@cW;%^%# aes
#
return

# 配置WDS白名单。配置AP_1绑定的WDS白名单“wds-list1”，仅允许AP_2接入

[AC1-wlan-view]wds-whitelist-profile name  wds-list1
[AC1-wlan-wds-whitelist-wds-list1]di th
#
  peer-ap mac 00e0-fc65-7800
#
return

# 配置WDS模板“wds-root”。网桥标识为“wlan-wds”，网桥模式为“root”，引用安全模板“wds-sec”，以tagged形式允许无线业务VLAN101通过。

[AC1-wlan-view]wds-profile name  wds-root
[AC1-wlan-wds-prof-wds-root]di th
#
  security-profile wds-sec
  vlan tagged 110 120
  wds-name wlan-wds
  wds-mode root
#
return

# 配置WDS模板“wds-leaf”。网桥标识为“wlan-wds”，网桥模式为“leaf”，引用安全模板“wds-sec”，以tagged形式允许无线业务VLAN101通过。

[AC1-wlan-view]wds-profile name  wds-leaf 
[AC1-wlan-wds-prof-wds-leaf]di th
#
  security-profile wds-sec
  vlan tagged 110 120
  wds-name wlan-wds
#
return

# 配置AP组“ap-group1”的射频1引用WDS白名单“wds-list1”。

[AC1-wlan-ap-group-ap1]radio 1
[AC1-wlan-group-radio-ap1/1]di th
#
   wds-whitelist-profile wds-list1
#
return

# 配置AP组“ap-group1”，引用WDS模板“wds-root”。

[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] wds-profile wds-root radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y

# 配置AP组“ap-group2”，引用WDS模板“wds-leaf”。

[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] wds-profile wds-leaf radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y

配置WLAN业务参数

# 创建名为“wlan-net”的安全模板，并配置安全策略。

[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] security open  #在ensp模拟器里面此处建议设置为开放，否则很难连接无线。
[AC-wlan-sec-prof-wlan-net] quit

# 创建名为“wlan-net”的SSID模板，并配置SSID名称为“wlan-net”。

[AC-wlan-view] ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit

# 创建名为“wlan-net”的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板。

[AC-wlan-view] vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net] forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-pool 1
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit

[AC1-wlan-view]ap-group  name  ap2 
[AC1-wlan-ap-group-ap2]di th
#
  radio 0
   vap-profile wlan-net wlan 1
  radio 1
   vap-profile wlan-net wlan 1
   wds-profile wds-leaf
  radio 2
   vap-profile wlan-net wlan 1
#
return

4.验证