
一、实验概述本文基于华为eNSP模拟器完整演示一套企业级无线网络的配置流程。网络采用核心交换机LSW1 无线控制器AC6605 路由器R1的经典三层架构实现以下目标AP通过VLAN 100与AC建立CAPWAP管理隧道两个SSID分别映射到不同的业务VLANVLAN 10 / VLAN 20LSW1作为DHCP服务器为AP和终端统一分配IP地址终端可通过AC访问上层网络1.1.1.0/24二、LSW1核心交换机配置system-view sysname LSW1 vlan batch 10 20 100 interface GigabitEthernet 0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 100 quit port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/4 port link-type trunk quit port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3 port trunk allow-pass vlan 10 100 port trunk pvid vlan 100 quit interface GigabitEthernet 0/0/4 port trunk allow-pass vlan 20 100 port trunk pvid vlan 100 quit dhcp enable ip pool wifi gateway-list 192.168.1.1 network 192.168.1.0 mask 24 quit ip pool vlan10 gateway-list 192.168.10.254 network 192.168.10.0 mask 24 quit ip pool vlan20 gateway-list 192.168.20.254 network 192.168.20.0 mask 24 quit interface Vlanif 100 ip address 192.168.1.1 24 dhcp select global quit interface Vlanif 10 ip address 192.168.10.254 24 dhcp select global quit interface Vlanif 20 ip address 192.168.20.254 24 dhcp select global quit ip route-static 192.168.200.0 24 192.168.1.2 ip route-static 1.1.1.0 24 192.168.1.2三、AC6605无线控制器配置system-view sysname AC6605 vlan batch 100 200 interface Vlanif 100 ip address 192.168.1.2 24 quit interface GigabitEthernet 0/0/1 port link-type access port default vlan 200 quit interface Vlanif 200 ip address 192.168.200.1 24 quit capwap source interface Vlanif 100 wlan regulatory-domain-profile name aa country-code CN quit security-profile name openlab-1 security wpa2 psk pass-phrase openlab-2 aes quit ssid-profile name openlab-1 ssid openlab-1 quit vap-profile name openlab-1 wlan 1 forward-mode tunnel service-vlan vlan-id 10 security-profile openlab-1 ssid-profile openlab-1 quit security-profile name openlab-2 security wpa2 psk pass-phrase openlab-1 aes quit ssid-profile name openlab-2 ssid openlab-2 quit vap-profile name openlab-2 wlan 2 forward-mode tunnel service-vlan vlan-id 20 security-profile openlab-2 ssid-profile openlab-2 quit ap-group name gourp-1 regulatory-domain-profile aa vap-profile openlab-1 wlan 1 radio all quit ap-group name gourp-2 regulatory-domain-profile aa vap-profile openlab-2 wlan 2 radio all quit ap auth-mode mac-auth ap-id 0 ap-mac 00e0-fcea-2130 ap-name ap-0 ap-group gourp-1 quit ap-id 1 ap-mac 00e0-fc45-1cd0 ap-name ap-1 ap-group gourp-1 quit ap-id 2 ap-mac 00e0-fcc6-35a0 ap-name ap-2 ap-group gourp-2 quit quit ip route-static 1.1.1.0 24 192.168.200.2 ip route-static 192.168.10.0 24 192.168.1.1 ip route-static 192.168.20.0 24 192.168.1.1四、R1路由器配置system-view sysname R1 interface GigabitEthernet 0/0/0 ip address 192.168.200.2 24 quit interface LoopBack0 ip address 1.1.1.1 24 quit ip route-static 192.168.1.0 24 192.168.200.1 ip route-static 192.168.10.0 24 192.168.200.1 ip route-static 192.168.20.0 24 192.168.200.1五、验证方法配置完成后可通过以下方式确认网络状态AP上线检查在AC上执行display ap all确认所有AP状态为normal。终端获取IPSTA连接对应SSID后执行ipconfigWindows或ifconfigLinux确认获取到正确网段的IP。连通性测试从STA ping 1.1.1.1验证跨网段路由可达。DHCP租约查看在LSW1上执行display ip pool确认地址池正常分配。六、注意事项原配置中AP组名称拼写为gourp-1/gourp-2实际部署时建议统一修正为group-1/group-2避免后期维护混淆。AP的MAC地址必须与真实设备一致否则无法上线。若AP无法获取IP请检查LSW1上G0/0/2~G0/0/4的PVID是否正确设置为100以及DHCP服务是否已全局开启。隧道转发模式下业务数据全部经由CAPWAP封装送达AC因此AC上必须存在到达业务网段的路由。