当前位置: 首页 > ops >正文

eNSP实现WDS手拉手业务

ops 2025/6/28 0:58:00

实验准备:建议使用AC6605,AP9131

1.实验拓扑

2.设备配置文件

[SW1]dis cu
#
sysname SW1
#
vlan batch 100 110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http
#
interface Vlanif1
#
interface Vlanif100ip address 192.168.100.2 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 192.168.100.1dhcp server option 43 sub-option 2 ip-address 100.100.100.100
#
interface Vlanif110ip address 192.168.110.254 255.255.255.0dhcp select interface
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 100
#
interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 110
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 100.100.100.100 255.255.255.255 192.168.100.1
#
user-interface con 0screen-length 0
user-interface vty 0 4
#
return
[AC1]dis cu
#sysname AC1
#set memory-usage threshold 0
#
ssl renegotiation-rate 1 
#
vlan batch 100
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm defaultrsa local-key-pair defaultenrollment self-signed
#
ike proposal defaultencryption-algorithm aes-256 dh group14 authentication-algorithm sha2-256 authentication-method pre-shareintegrity-algorithm hmac-sha2-256 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaaauthentication-scheme defaultauthentication-scheme radiusauthentication-mode radiusauthorization-scheme defaultaccounting-scheme defaultdomain defaultauthentication-scheme radiusradius-server defaultdomain default_adminauthentication-scheme defaultlocal-user admin password irreversible-cipher $1a$"cS`6Lb&3!$^"]&G=JxgW'L;>!PR/EBBI0v+aRx`L>kP+)hnTb:$local-user admin privilege level 15local-user admin service-type http
#
interface Vlanif100ip address 192.168.100.1 255.255.255.0
#
interface MEth0/0/1undo negotiation autoduplex half
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 100
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21undo negotiation autoduplex half
#
interface GigabitEthernet0/0/22undo negotiation autoduplex half
#
interface GigabitEthernet0/0/23undo negotiation autoduplex half
#
interface GigabitEthernet0/0/24undo negotiation autoduplex half
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 100.100.100.100 255.255.255.255
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
capwap source interface loopback0
#
user-interface con 0authentication-mode passwordscreen-length 0
user-interface vty 0 4protocol inbound all
user-interface vty 16 20protocol inbound all
#
wlantraffic-profile name defaultsecurity-profile name huaweisecurity wpa-wpa2 psk pass-phrase %^%#Yf+xC1|nAXKr|uTm$nlVsL+J7xU|c3PX3OA2N"#1%^%# aessecurity-profile name defaultsecurity-profile name wds-secsecurity wpa2 psk pass-phrase %^%#E,MN<*nry6*u6XBsTj}~EkJ{5E;VCJ9daGRtUOnK%^%# aessecurity-profile name wlan-netsecurity-profile name default-wdssecurity-profile name default-meshssid-profile name huaweissid huaweissid-profile name defaultssid-profile name wlan-netssid wlan-netvap-profile name huaweiservice-vlan vlan-id 110ssid-profile huaweisecurity-profile huaweivap-profile name defaultvap-profile name wlan-netservice-vlan vlan-id 110ssid-profile wlan-netsecurity-profile wlan-netwds-whitelist-profile name wds-list1peer-ap mac 00e0-fc81-0de0peer-ap mac 00e0-fc58-0f70wds-profile name leafsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-profile name defaultwds-profile name wds-leafsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-profile name wds-rootsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-mode rootmesh-handover-profile name defaultmesh-profile name defaultregulatory-domain-profile name defaultair-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-profile name defaultwireless-access-specificationap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultserial-profile name preset-enjoyor-toeap ap-group name ap1radio 0vap-profile huawei wlan 1radio 1vap-profile huawei wlan 1wds-profile wds-rootwds-whitelist-profile wds-list1radio 2vap-profile huawei wlan 1ap-group name ap2radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1wds-profile wds-leafap-group name ap3radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1wds-profile wds-leafap-group name defaultap-id 0 type-id 47 ap-mac 00e0-fcc2-6a30 ap-sn 210235448310B345A44Eap-name AP1ap-group ap1radio 1channel 40mhz-plus 157coverage distance 4ap-id 1 type-id 47 ap-mac 00e0-fc81-0de0 ap-sn 210235448310F803D93Bap-name AP2ap-group ap2radio 1channel 40mhz-plus 157coverage distance 4ap-id 2 type-id 47 ap-mac 00e0-fc58-0f70 ap-sn 210235448310C5713828ap-name AP3ap-group ap3radio 1channel 40mhz-plus 157coverage distance 4provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return

3.wds重点配置

[AC1-wlan-view]ap-id  0
[AC1-wlan-ap-0]radio 1    
[AC1-wlan-radio-0/1]channel  40mhz-plus 157 
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-radio-0/1]coverage  distance  4
[AC1-wlan-ap-1]radio 1    
[AC1-wlan-radio-1/1]channel  40mhz-plus 157 
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-radio-1/1]coverage  distance  4
[AC1-wlan-view]ap-id  2
[AC1-wlan-ap-2]radio 1    
[AC1-wlan-radio-2/1]channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y    
[AC1-wlan-radio-2/1]coverage  distance  4

[AC1-wlan-view]security-profile  name  wds-sec
[AC1-wlan-sec-prof-wds-sec]security  wpa2 psk  pass-phrase  huawei@123 aes

[AC1-wlan-view]wds-whitelist-profile name  wds-list1 
[AC1-wlan-wds-whitelist-wds-list1]peer-ap  mac  00e0-fc81-0de0 
[AC1-wlan-wds-whitelist-wds-list1]peer-ap  mac  00e0-fc58-0f70


[AC1-wlan-view]wds-profile name  wds-root 
[AC1-wlan-wds-prof-wds-root]wds-mode root 
[AC1-wlan-wds-prof-wds-root]wds-name wlan-wds     
[AC1-wlan-wds-prof-wds-root]vlan tagged  110 
[AC1-wlan-wds-prof-wds-root]security-profile wds-sec
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-view]wds-profile name  leaf 
[AC1-wlan-wds-prof-leaf]wds-mode leaf     #默认为leaf模式,可以不配
[AC1-wlan-wds-prof-leaf]wds-name wlan-wds 
[AC1-wlan-wds-prof-leaf]security-profile  wds-sec
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-wds-prof-leaf]vlan tagged  110

[AC1-wlan-view]ap-group  name  ap1
[AC1-wlan-ap-group-ap1]radio 1
[AC1-wlan-group-radio-ap1/1]wds-whitelist-profile wds-list1


[AC1-wlan-view]ap-group  name  ap1
[AC1-wlan-ap-group-ap1]wds-profile  wds-root radio  1 
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]wds-profile name  leaf 
[AC1-wlan-wds-prof-leaf]wds-mode leaf     #默认为leaf模式,可以不配
[AC1-wlan-wds-prof-leaf]wds-name wlan-wds 
[AC1-wlan-wds-prof-leaf]security-profile  wds-sec
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-wds-prof-leaf]vlan tagged  110

[AC1-wlan-view]ap-group  name  ap2 
[AC1-wlan-ap-group-ap2]wds-profile wds-leaf radio  1 
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]ap-group  name  ap3
[AC1-wlan-ap-group-ap3]wds-profile  wds-leaf radio  1
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]security-profile  name wlan-net 
[AC1-wlan-sec-prof-wlan-net]security open   #此处之所以使用开放因为使用密码连接不起来。使用开放时,STA连接的时候多点击几下即可连接无线网络。

[AC1-wlan-view]ssid-profile  name  wlan-net 
[AC1-wlan-ssid-prof-wlan-net]ssid wlan-net
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]vap-profile  name  wlan-net 
[AC1-wlan-vap-prof-wlan-net]ssid-profile  wlan-net
Info: This operation may take a few seconds, please wait.done.    
[AC1-wlan-vap-prof-wlan-net]security-profile  wlan-net
Info: This operation may take a few seconds, please wait.done.    
[AC1-wlan-vap-prof-wlan-net]service-vlan vlan-id 110
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-view]ap-group  name  ap2    
[AC1-wlan-ap-group-ap2]vap-profile wlan-net wlan  1 radio  0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap2]vap-profile  wlan-net wlan  1 radio  1
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap2]q
[AC1-wlan-view]ap-group  name  ap3    
[AC1-wlan-ap-group-ap3]vap-profile  wlan-net wlan  1 radio  0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap3]vap-profile wlan-net wlan  1 radio  1
Info: This operation may take a few seconds, please wait...done.

4.实验验证

http://www.xdnf.cn/news/12191.html

相关文章:

  • 如何做好一份技术文档?(上篇)
  • Spring AI(11)——SSE传输的MCP服务端
  • Spring Plugin框架应用实践:医院多租户客户端动态路由方案解析
  • App使用webview套壳引入h5(二)—— app内访问h5,顶部被手机顶部菜单遮挡问题,保留顶部安全距离
  • 两个错误教训记录--java变量作用域问题导致变量值异常
  • calico/node is not ready: BIRD is not ready: BGP not established with xxx
  • sumatraPDF设置深色界面
  • ArcGIS Maps SDK for JavaScript:使用图层过滤器只显示FeatureLayer的部分要素
  • LG P9990 [Ynoi Easy Round 2023] TEST_90 Solution
  • 风机下引线断点检测算法实现
  • 免费wordpress模板下载
  • Astro深度解析:颠覆传统的前端架构革命,打造极致性能的现代Web应用
  • KMP 算法中 next 数组的构建函数 get_next
  • linux-------------------------进程间通信(上)
  • QMetaObject::invokeMethod调用失败
  • 摄像机ISP处理流程
  • 【面经分享】京东
  • springboot实现查询学生
  • Spring @Scheduled vs XXL-JOB vs DolphinScheduler vs Airflow:任务调度框架全景对比
  • 电子电路:什么是扩散电容?
  • PC 360安全浏览器
  • Spring Boot + MyBatis 集成支付宝支付流程
  • Hive的Parquet格式优化方法
  • AI应用工程师面试
  • html+css+js趣味小游戏~MissileGame街机挑战(附源码)
  • Hive SQL常见操作
  • 人工智能--大型语言模型的存储
  • 窗口聚合窗口聚合
  • YOLOv11 | 注意力机制篇 | 混合局部通道注意力MLCA与C2PSA机制
  • 【photoshop】专色浓度和专色密度