华为配置CAPWAP双栈覆盖业务示例

配置CAPWAP双栈覆盖业务示例

组网图形

图1 配置CAPWAP双栈覆盖业务示例组网图

业务需求
组网需求
数据规划
配置思路
配置注意事项
操作步骤
配置文件

业务需求

企业用户接入WLAN网络，以满足移动办公的最基本需求。且在覆盖区域内移动发生漫游时，不影响用户的业务使用。区域1（AP1覆盖的范围）为IPv4网络，区域2（AP2覆盖的范围）为IPv6网络，AC和AP之间配置IPV4和IPV6 CAPWAP双协议栈，AC可以同时管理IPv4和IPv6的AP。

组网需求

AC组网方式：直连二层组网。
DHCP部署方式：AC作为DHCP服务器为AP和STA分配IPv4和IPv6地址。
业务数据转发方式：隧道转发。

数据规划

表1 AC数据规划表
配置项	数据
DHCP服务器	AC作为DHCP服务器为STA和AP分配IPv4和IPv6地址
AP的IP地址池	IPv4地址池：10.23.100.2～10.23.100.254/24 IPv6地址池：FC01::2～FC01::FFFF:FFFF:FFFF:FFFF/64
STA的IP地址池	IPv4地址池：10.23.101.2～10.23.101.254/24 IPv6地址池：FC02::2～FC01::FFFF:FFFF:FFFF:FFFF/64
AC的源接口IP地址	IPv4源接口，VLANIF100：10.23.100.1/24 IPv6源接口，VLANIF200：FC01::1/64
AP组	名称：ap-group_ipv4 引用模板：VAP模板wlan-net、域管理模板default 名称：ap-group_ipv6 引用模板：VAP模板wlan-net、域管理模板default
域管理模板	名称：default 国家码：中国
SSID模板	名称：wlan-net SSID名称：wlan-net
安全模板	名称：wlan-net 安全策略：WPA-WPA2+PSK+AES 密码：a1234567
VAP模板	名称：wlan-net 转发模式：隧道转发业务VLAN：VLAN101 引用模板：SSID模板wlan-net、安全模板wlan-net

配置思路

配置AP、AC和周边网络设备之间实现网络互通。
在AC上配置DHCPv4和DHCPv6服务器为AP分配IP地址，配置DHCPv6和DHCPv4服务器为STA分配IP地址。
配置AP上线。
1. 创建AP组，按照区域进行AP组划分，将同一区域的AP都加入同一AP组中，并限制AP上线的IP版本号。
2. 配置AC的系统参数，包括国家码、AC与AP之间通信的源接口。
3. 配置AP上线的认证方式并离线导入AP，实现AP正常上线。
配置WLAN业务参数，实现STA访问WLAN网络功能。

配置注意事项

纯组播报文由于协议要求在无线空口没有ACK机制保障，且无线空口链路不稳定，为了纯组播报文能够稳定发送，通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入，则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击，建议配置组播报文抑制功能。配置前请确认是否有组播业务，如果有，请谨慎配置限速值。
- 业务数据转发方式采用直接转发时，建议在直连AP的交换机接口上配置组播报文抑制。
- 业务数据转发方式采用隧道转发时，建议在AC的流量模板下配置组播报文抑制。
建议在与AP直连的设备接口上配置端口隔离，如果不配置端口隔离，尤其是业务数据转发方式采用直接转发时，可能会在VLAN内形成大量不必要的广播报文，导致网络阻塞，影响用户体验。
隧道转发模式下，管理VLAN和业务VLAN不能配置为同一VLAN，且AP和AC之间只能放通管理VLAN，不能放通业务VLAN。
V200R021C00版本开始，配置CAPWAP源接口或源地址时，会检查和安全相关的配置是否已存在，包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码，均已存在才能成功配置，否则会提示用户先完成相关的配置。
V200R021C00版本开始，AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能，添加AP时AP会上线失败，此时需要先开启CAPWAP DTLS不认证方式（capwap dtls no-auth enable）让AP上线，以便AP获取安全凭证，AP上线后应及时关闭该功能（undo capwap dtls no-auth enable），避免未授权AP上线。

操作步骤

配置周边设备

# 配置接入交换机SwitchA的GE0/0/3接口加入VLAN100和VLAN200，GE0/0/1接口加入VLAN100，GE0/0/2接口加入VLAN200。GE0/0/1的缺省VLAN为VLAN100，GE0/0/2的缺省VLAN为VLAN200。

<span style="color:#333333"><span style="background-color:#dddddd"><HUAWEI> <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1146903825190921">system-view</strong>
[HUAWEI] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b463515027190921">sysname SwitchA</strong>
[SwitchA] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b684133584190921">vlan batch 100 200</strong>
[SwitchA] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b349530513190921">interface gigabitethernet 0/0/1</strong>
[SwitchA-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1802463456190921">port link-type trunk</strong>
[SwitchA-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2124958755190921">port trunk pvid vlan 100</strong>
[SwitchA-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1108429115190921">port trunk allow-pass vlan 100</strong>
[SwitchA-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1000224051190921">port-isolate enable</strong>
[SwitchA-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b954510642190921">quit</strong>
[SwitchA] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b401575179190921">interface gigabitethernet 0/0/2</strong>
[SwitchA-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b380788726190921">port link-type trunk</strong>
[SwitchA-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1264265401190921">port trunk pvid vlan 200</strong>
[SwitchA-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b99983235190921">port trunk allow-pass vlan 200</strong>
[SwitchA-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1929474773190921">port-isolate enable</strong>
[SwitchA-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1004340122190921">quit</strong>
[SwitchA] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1024798479190921">interface gigabitethernet 0/0/3</strong>
[SwitchA-GigabitEthernet0/0/3] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b304393179190921">port link-type trunk</strong>
[SwitchA-GigabitEthernet0/0/3] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b135158159190921">port trunk allow-pass vlan 100 200</strong>
[SwitchA-GigabitEthernet0/0/3] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2113434684190921">quit</strong></span></span>

# 配置Router的接口GE1/0/0加入VLAN101，创建接口VLANIF101并配置IPv4地址为10.23.101.2/24，IPv6地址为FC02::2/64。

<span style="color:#333333"><span style="background-color:#dddddd"><Huawei> <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b801752566190921">system-view</strong>
[Huawei] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2046819583190921">sysname Router</strong>
[Router] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1047582369190921">ipv6</strong>
[Router] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b975131926190921">vlan batch 101</strong>
[Router] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b274648767190921">interface gigabitethernet 1/0/0</strong>
[Router-GigabitEthernet1/0/0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b170732701190921">port link-type trunk</strong>
[Router-GigabitEthernet1/0/0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1177536734190921">port trunk allow-pass vlan 101</strong>
[Router-GigabitEthernet1/0/0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b623966701190921">quit</strong>
[Router] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b317992853190921">interface vlanif 101</strong>
[Router-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b315213745190921">ip address 10.23.101.2 24</strong>
[Router-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b753826984190921">ipv6 enable</strong>
[Router-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b267641225190921">ipv6 address fc02::2/64</strong>
[Router-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b104793727190921">quit</strong></span></span>

配置AC与其它网络设备互通

# 配置AC的接口GE0/0/1加入VLAN100和VLAN200，GE0/0/2加入VLAN101。

<span style="color:#333333"><span style="background-color:#dddddd"><HUAWEI> <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b409287315190921">system-view</strong>
[HUAWEI] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b258544766190921">sysname AC</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b462287671190921">vlan batch 100 101 200</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1272913455190921">interface gigabitethernet 0/0/1</strong>
[AC-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2071743092190921">port link-type trunk</strong>
[AC-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1616165139190921">port trunk allow-pass vlan 100 200</strong>
[AC-GigabitEthernet0/0/1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b659029378190921">quit</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1073059659190921">interface gigabitethernet 0/0/2</strong>
[AC-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1788644183190921">port link-type trunk</strong>
[AC-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b193824250190921">port trunk allow-pass vlan 101</strong>
[AC-GigabitEthernet0/0/2] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b463825630190921">quit</strong></span></span>

配置DHCP服务器为STA和AP分配IP地址

# 在AC上配置VLANIF100接口为AP提供IPv4地址。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2031153250190921">dhcp enable</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1919289615190921">interface vlanif 100</strong>
[AC-Vlanif100] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1992126686190921">ip address 10.23.100.1 24</strong>
[AC-Vlanif100] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b919882756190921">dhcp select interface</strong>
[AC-Vlanif100] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b491849206190921">quit</strong></span></span>

# 在AC上配置VLANIF200接口为AP提供IPv6地址。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b282758585190921">ipv6</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1551206228190921">dhcp enable</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1500838037190921">dhcpv6 pool ap_pool</strong>
[AC-dhcpv6-pool-ap_pool] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1095101125190921">address prefix fc01::/64</strong>
[AC-dhcpv6-pool-ap_pool] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b841316139190921">quit</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b594802203190921">interface vlanif 200</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b515676449190921">ipv6 enable</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b848332534190921">ipv6 address fc01::1/64</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1463722663190921">undo ipv6 nd ra halt</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b816660201190921">ipv6 nd autoconfig managed-address-flag</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b645244955190921">ipv6 nd autoconfig other-flag</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b252317981190921">dhcpv6 server ap_pool</strong>
[AC-Vlanif200] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b706748190190921">quit</strong></span></span>

# 配置VLANIF101接口下的DHCPv4服务器和DHCPv6服务器为STA提供IP地址。

DNS服务器地址请根据实际需要配置。常用配置方法如下：

对于IPv4
- 接口地址池场景，需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
- 全局地址池场景，需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
对于IPv6

在IPv6地址池视图下执行命令dns-server ipv6-address。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b641090635190921">dhcpv6 pool sta_pool</strong>
[AC-dhcpv6-pool-sta_pool] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1751044090190921">address prefix fc02::/64</strong>
[AC-dhcpv6-pool-sta_pool] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1722622819190921">quit</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b367244197190921">interface vlanif 101</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1714639538190921">ipv6 enable</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1200084554190921">ip address 10.23.101.1 24</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b185655870190921">dhcp select interface</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1006631249190921">ipv6 address fc02::1/64</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b498718114190921">undo ipv6 nd ra halt</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b458421855190921">ipv6 nd autoconfig managed-address-flag</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b963188944190921">ipv6 nd autoconfig other-flag</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b785579188190921">dhcpv6 server sta_pool</strong>
[AC-Vlanif101] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b984519419190921">quit</strong></span></span>

配置AP上线

# 创建AP组，按照区域进行AP组划分，将同一区域的AP都加入同一AP组中，并限制AP上线的IP版本号。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b365287240190921">wlan</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1447263166190921">ap-group name ap-group_ipv4</strong>
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1817702868190921">ap ip version ipv4</strong>
Warning: This operation may cause AP offline, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b493869597190921">y</strong> 
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1754560141190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1397728233190921">ap-group name ap-group_ipv6</strong>
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1797571532190921">ap ip version ipv6</strong>
Warning: This operation may cause AP offline, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1300257284190921">y</strong> 
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1806089294190921">quit</strong></span></span>

# 创建域管理模板，在域管理模板下配置AC的国家码并在AP组下引用域管理模板。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1471718217190921">regulatory-domain-profile name default</strong>
[AC-wlan-regulate-domain-default] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1546732354190921">country-code cn</strong>
[AC-wlan-regulate-domain-default] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b551047239190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1222516225190921">ap-group name ap-group_ipv4</strong>
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b171327823190921">regulatory-domain-profile default</strong>
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b17491131153716">y</strong>  
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2043440440190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b112872736190921">ap-group name ap-group_ipv6</strong>
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b112345448190921">regulatory-domain-profile default</strong>
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b17491131153716_1">y</strong>  
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2076171109190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1606241424190921">quit</strong></span></span>

# 配置AC的源接口。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b729907539190921">capwap double-stack enable</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b383709760190921">capwap source interface vlanif 100</strong>
[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1791385488190921">capwap source interface vlanif 200</strong></span></span>

# 在AC上离线导入AP，并将AP分别加入AP组“ap-group_ipv4”和“ap-group_ipv6”中。假设AP1的MAC地址为dcd2-fcf6-76a0，AP2的MAC地址为60de-4476-e360。

ap auth-mode命令缺省情况下为MAC认证，如果之前没有修改其缺省配置，可以不用执行ap auth-mode mac-auth。

举例中使用的AP为AP5030DN，具有射频0和射频1两个射频。AP5030DN的射频0为2.4GHz射频，射频1为5GHz射频。

<span style="color:#333333"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1685093122190921">wlan</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b810555749190921">ap auth-mode mac-auth</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1890175338190921">ap-id 0 ap-mac dcd2-fcf6-76a0</strong>
[AC-wlan-ap-0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b589690059190921">ap-name ap1</strong>
Warning: This operation may cause AP reset. Continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b460951517190906">y</strong>  
[AC-wlan-ap-0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1423457549190921">ap-group ap-group_ipv4</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b1651706244190906">y</strong>  
[AC-wlan-ap-0] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2049187955190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2095850087190921">ap-id 1 ap-mac 60de-4476-e360</strong>
[AC-wlan-ap-1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b558610791190921">ap-name ap2</strong>
Warning: This operation may cause AP reset. Continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b460951517190906_1">y</strong>  
[AC-wlan-ap-1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1953558661190921">ap-group ap-group_ipv6</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0175818418_b1651706244190906_1">y</strong>  
[AC-wlan-ap-1] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b2026336380190921">quit</strong></span></span>

# 将AP上电后，当执行命令display ap all查看到AP的“State”字段为“nor”时，表示AP正常上线。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b532733656190921">display ap all</strong>
Total AP information:
nor  : normal          [2]
Extrainfo : Extra information
P  : insufficient power supply
----------------------------------------------------------------------------------------------------
ID   MAC            Name    Group          IP              Type       State STA Uptime      ExtraInfo
----------------------------------------------------------------------------------------------------
0    dcd2-fcf6-76a0 ap1     ap-group_ipv4  10.23.100.138   AP5030DN   nor   0   4H:49M:11S  P
1    60de-4476-e360 ap2     ap-group_ipv6  FC01::9         AP5030DN   nor   0   6H:3M:40S   -
----------------------------------------------------------------------------------------------------
Total: 2, printed: 2</span></span>

配置WLAN业务参数

# 开启设备处理STA IPv6业务的功能。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b846697653190921">sta-ipv6-service enable</strong></span></span>

# 创建名为“wlan-net”的安全模板，并配置安全策略。

举例中以配置WPA-WPA2+PSK+AES的安全策略为例，密码为“a1234567”，实际配置中请根据实际情况，配置符合实际要求的安全策略。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1991067776190921">security-profile name wlan-net</strong>
[AC-wlan-sec-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b851752672190921">security wpa-wpa2 psk pass-phrase a1234567 aes</strong>
[AC-wlan-sec-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b337241812190921">quit</strong></span></span>

# 创建名为“wlan-net”的SSID模板，并配置SSID名称为“wlan-net”。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b69022931190921">ssid-profile name wlan-net</strong>
[AC-wlan-ssid-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b36723145190921">ssid wlan-net</strong>
[AC-wlan-ssid-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1738903244190921">quit</strong></span></span>

# 创建名为“wlan-net”的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1922555320190921">vap-profile name wlan-net</strong>
[AC-wlan-vap-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b13690656190921">forward-mode tunnel</strong>
[AC-wlan-vap-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1155220284190921">service-vlan vlan-id 101</strong>
[AC-wlan-vap-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1928564414190921">security-profile wlan-net</strong>
[AC-wlan-vap-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b889800077190921">ssid-profile wlan-net</strong>
[AC-wlan-vap-prof-wlan-net] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_zh-cn_task_0176912351_b1869922190190921">quit</strong></span></span>

# 配置AP组引用VAP模板，AP上射频0和射频1都使用VAP模板“wlan-net”的配置。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b596297300190921">ap-group name ap-group_ipv4</strong>
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1053401689190921">vap-profile wlan-net wlan 1 radio 0</strong>
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1326365763190921">vap-profile wlan-net wlan 1 radio 1</strong>
[AC-wlan-ap-group-ap-group_ipv4] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1503401936190921">quit</strong>
[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b515217240190921">ap-group name ap-group_ipv6</strong>
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1354279984190921">vap-profile wlan-net wlan 1 radio 0</strong>
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b1401457371190921">vap-profile wlan-net wlan 1 radio 1</strong>
[AC-wlan-ap-group-ap-group_ipv6] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b766778827190921">quit</strong></span></span>

验证配置结果

WLAN业务配置会自动下发给AP，配置完成后，通过执行命令display vap ssid wlan-net查看如下信息，当“Status”项显示为“ON”时，表示AP对应的射频上的VAP已创建成功。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b730482450190921">display vap ssid wlan-net</strong>
WID : WLAN ID            
-------------------------------------------------------------------------------------
AP ID AP name  RfID WID  BSSID          Status  Auth type     STA   SSID     
-------------------------------------------------------------------------------------
1     ap1       0    1   DCD2-FCF6-76A0 ON      WPA/WPA2-PSK  0     wlan-net
1     ap1       1    1   DCD2-FCF6-76B0 ON      WPA/WPA2-PSK  0     wlan-net
2     ap2       0    1   60DE-4474-E360 ON      WPA/WPA2-PSK  0     wlan-net
2     ap2       1    1   60DE-4474-E370 ON      WPA/WPA2-PSK  0     wlan-net
-------------------------------------------------------------------------------------
Total: 4</span></span>

STA搜索到名为“wlan-net”的无线网络，输入密码“a1234567”并正常关联后，在AC上执行display station ssid wlan-net命令，可以查看到用户已经接入到无线网络“wlan-net”中。

<span style="color:#333333"><span style="background-color:#dddddd">[AC-wlan-view] <strong id="ZH-CN_TASK_0180383115__zh-cn_task_0176912366_b143519703190921">display station ssid wlan-net</strong>
Rf/WLAN: Radio ID/WLAN ID                                                     
Rx/Tx: link receive rate/link transmit rate(Mbps)                             
------------------------------------------------------------------------------------------------------------------------------------------------
STA MAC          AP ID Ap name    Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IPv4 address     SSID          IPv6 address                      
------------------------------------------------------------------------------------------------------------------------------------------------
508f-4cfb-0556   1     ap1        1/1      5G    -     -/-        -     101   10.23.101.164    wlan-net      FC02::A48F:A256:29D:8841          
c894-bbdc-99ae   2     ap2        1/1      5G    -     -/-        -     101   10.23.101.204    wlan-net      FC02::7057:14F:2211:7FA0          
------------------------------------------------------------------------------------------------------------------------------------------------
Total: 2 2.4G: 0 5G: 2</span></span>

配置文件

SwitchA的配置文件

<span style="color:#333333"><span style="background-color:#dddddd">#
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100port-isolate enable group 1
#
interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 200port trunk allow-pass vlan 200port-isolate enable group 1
#
interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 100 200
#
return
</span></span>

Router的配置文件

<span style="color:#333333"><span style="background-color:#dddddd">#
sysname Router
#
ipv6
#
vlan batch 101
#
interface Vlanif101ipv6 enableip address 10.23.101.2 255.255.255.0ipv6 address FC02::2/64
#
interface GigabitEthernet1/0/0port link-type trunkport trunk allow-pass vlan 101
#
return
</span></span>

AC的配置文件

<span style="color:#333333"><span style="background-color:#dddddd">#sysname AC
#
ipv6
#
vlan batch 100 to 101 200
#
dhcp enable
#
dhcpv6 pool ap_pooladdress prefix FC01::/64
#
dhcpv6 pool sta_pooladdress prefix FC02::/64
#
interface Vlanif100ip address 10.23.100.1 255.255.255.0dhcp select interface
#
interface Vlanif101ipv6 enableip address 10.23.101.1 255.255.255.0ipv6 address FC02::1/64undo ipv6 nd ra haltipv6 nd autoconfig managed-address-flagipv6 nd autoconfig other-flagdhcp select interfacedhcpv6 server sta_pooldhcp server excluded-ip-address 10.23.101.2 
#
interface Vlanif200ipv6 enableipv6 address FC01::1/64undo ipv6 nd ra haltipv6 nd autoconfig managed-address-flagipv6 nd autoconfig other-flagdhcpv6 server ap_pool
#
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 101
#
capwap double-stack enable
capwap source interface vlanif100
capwap source interface vlanif200
#
wlansta-ipv6-service enablesecurity-profile name wlan-netsecurity wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aesssid-profile name wlan-netssid wlan-netvap-profile name wlan-netforward-mode tunnelservice-vlan vlan-id 101ssid-profile wlan-netsecurity-profile wlan-netregulatory-domain-profile name defaultap-group name ap-group_ipv4ap ip version ipv4radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1ap-group name ap-group_ipv6ap ip version ipv6radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1ap-id 0 type-id 35 ap-mac dcd2-fcf6-76a0 ap-sn 2102351KDVW0JB015457ap-name ap1ap-group ap-group_ipv4ap-id 1 type-id 35 ap-mac 60de-4476-e360 ap-sn 21500831023GH9001248ap-name ap2ap-group ap-group_ipv6
#
return</span></span>