无线网络不论是在企事业单位，还是在家庭中都扮演着至关重要的角色，为了满足需求，建立一个可靠、高效的无线网络系统已成为不可或缺的任务。然而，对于企业或家庭无线网络而言，面临着各种挑战和抉择。如何选择适合的无线网络技术和设备？如何进行合理的网络规划和布局？如何确保网络的安全性和稳定性？在这个文档中，将为您呈现满足客户需求的最佳实践。通过该实验文档的了解与学习，友友们可以更好的建立一个出色的无线网络系统，提升竞争力，为客户提供卓越的体验，并构建一个令人满意的无线网络环境。

【资料图】

注意：

因实验繁琐性，部分相关设备这里做了省略，拓扑图是根据具体实用设备进行组网，无关设备并没有接入拓扑中，但这并不影响实验效果。

实验拓扑图：

实验需求：

1）通过AR1路由器连接外网（AR2模拟外网），设置内网网关，开启DHCP功能，使内网用户能够上网

2）AC、无线与收银服务器为同一个网段，

3）无线 SSID 为WIFI，密码为：88888888

4）是内网用户的无线设备（笔记本，手机等）能够接入外网

配置思路：

1）AR1 GE0/0/1 连接外网，GE0/0/0 连接内网，ip地址为192.168.100.1，开启DHCP功能，AC ip地址为192.168.100.2/24，服务器ip地址为:192.168.100.254/24

2）因为无线AP与有线 OA服务器/AC都处于一个网段

3）AC配置地址192.168.100.2 CAPWAP源地址，配置无线业务。

具体配置过程：

AR2外网路由器配置

The device is running!<Huawei>sysEnter system view, return user view with Ctrl+Z.[Huawei]undo inf[Huawei]undo info-center enInfo: Information center is disabled.[Huawei][Huawei][Huawei]int[Huawei]interface gi[Huawei]interface GigabitEthernet 0/0/1[Huawei-GigabitEthernet0/0/1]ip add[Huawei-GigabitEthernet0/0/1]ip address 114.114.114.114 24[Huawei-GigabitEthernet0/0/1][Huawei-GigabitEthernet0/0/1]quit[Huawei]

AR1路由器配置

<Huawei><Huawei>sysEnter system view, return user view with Ctrl+Z.[Huawei]undo inf[Huawei]undo info-center enInfo: Information center is disabled.[Huawei][Huawei]sysna[Huawei]sysname AR1[AR1]inter[AR1]interface gi[AR1]interface GigabitEthernet 0/0/1[AR1-GigabitEthernet0/0/1]ip add[AR1-GigabitEthernet0/0/1]ip address 114.114.114.1 24[AR1-GigabitEthernet0/0/1][AR1-GigabitEthernet0/0/1]quit[AR1][AR1]dhcp enInfo: The operation may take a few seconds. Please wait for a moment.done.[AR1][AR1]inter[AR1]interface ge[AR1]interface gi[AR1]interface GigabitEthernet 0/0/0[AR1-GigabitEthernet0/0/0]ip add[AR1-GigabitEthernet0/0/0]ip address 192.168.100.1 24[AR1-GigabitEthernet0/0/0]dhcp se[AR1-GigabitEthernet0/0/0]dhcp select int[AR1-GigabitEthernet0/0/0]dhcp select interface [AR1-GigabitEthernet0/0/0]dhcp se[AR1-GigabitEthernet0/0/0]dhcp serv[AR1-GigabitEthernet0/0/0]dhcp server dns[AR1-GigabitEthernet0/0/0]dhcp server dns-list 223.5.5.5 223.6.6.6[AR1-GigabitEthernet0/0/0]dh[AR1-GigabitEthernet0/0/0]dhcp ser[AR1-GigabitEthernet0/0/0]dhcp server ex[AR1-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.100.2[AR1-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.100.254Error:Only idle or expired IP address can be disabled.[AR1-GigabitEthernet0/0/0]dis th[V200R003C00]#interface GigabitEthernet0/0/0 ip address 192.168.100.1 255.255.255.0  dhcp select interface dhcp server excluded-ip-address 192.168.100.2  dhcp server dns-list 223.5.5.5 223.6.6.6 #return[AR1-GigabitEthernet0/0/0]quit[AR1][AR1][AR1]acl num[AR1]acl number 3000[AR1-acl-adv-3000]per[AR1-acl-adv-3000]rul[AR1-acl-adv-3000]rule 5 per[AR1-acl-adv-3000]rule 5 permit ip sou[AR1-acl-adv-3000]rule 5 permit ip source 192.168.100.0 0.0.0.255[AR1-acl-adv-3000][AR1-acl-adv-3000]quit[AR1][AR1]interface gi[AR1]interface GigabitEthernet 0/0/1[AR1-GigabitEthernet0/0/1]nat out[AR1-GigabitEthernet0/0/1]nat outbound  3000[AR1-GigabitEthernet0/0/1]quit[AR1][AR1]#添加静态路由[AR1][AR1]rout[AR1]route-[AR1]route-st[AR1]ip rout[AR1]ip route-s[AR1]ip route-static 0.0.0.0 0.0.0.0 114.114.114.114[AR1][AR1]

AC 配置

The device is running!<AC6005>int<AC6005>sysEnter system view, return user view with Ctrl+Z.[AC6005]undo inf[AC6005]undo info-center enInfo: Information center is disabled.[AC6005]#配置了VLANIF地址192.168.100.2，指定CAPWAP源接口[AC6005]interface vlan 1[AC6005-Vlanif1]ip address 192.168.100.2 24[AC6005-Vlanif1][AC6005-Vlanif1]quit[AC6005][AC6005]cap?  capture-packet  Capture-packet  capwap          CAPWAP[AC6005]capwap ?  control-link-priority  Tos control-priority  dtls                   DTLS  echo                   Maintain freshness of the CAPWAP channel  ipv6                   IPv6  message-integrity      Message Integrity  source                 Source[AC6005]capwap source  interface Vlanif 1[AC6005]#AP认证为不认证[AC6005][AC6005]wl[AC6005]wlan ?  <cr>  Please press ENTER to execute command [AC6005]wlan [AC6005-wlan-view][AC6005-wlan-view]ap[AC6005-wlan-view]ap auth-mode no-auth Warning: It is insecure to configure none authentication mode.[AC6005-wlan-view][AC6005-wlan-view]quit[AC6005]#定义SSID[AC6005]wlan [AC6005-wlan-view][AC6005-wlan-view]ssid-profile ?  name  Name[AC6005-wlan-view]ssid-profile nam[AC6005-wlan-view]ssid-profile name WIFI[AC6005-wlan-ssid-prof-WIFI]ssid ?  TEXT<"...">  SSID name, which is a string of 1 to 32 characters. To set an SSID starting with a space, add double quotation marks                (" ") to the SSID, for example, " abc". In this case, the SSID supports a maximum of 30 characters. To set an SSID                  starting with a double quotation mark, use a backslash (\) as the prefix to the SSID, for example, \"abc. In this                   case, the SSID supports a maximum of 31 characters[AC6005-wlan-ssid-prof-WIFI]ssid WIFIInfo: This operation may take a few seconds, please wait.done.[AC6005-wlan-ssid-prof-WIFI]#定义安全策略、密码与加密方式[AC6005-wlan-ssid-prof-WIFI]quit[AC6005-wlan-view]sec[AC6005-wlan-view]security-profile na[AC6005-wlan-view]security-profile name WIFI[AC6005-wlan-sec-prof-WIFI]sec[AC6005-wlan-sec-prof-WIFI]security w[AC6005-wlan-sec-prof-WIFI]security wpa[AC6005-wlan-sec-prof-WIFI]security wpa?  wpa       Wi-Fi protected access   wpa-wpa2  Wi-Fi protected access version 1&2   wpa2      Wi-Fi protected access version 2 [AC6005-wlan-sec-prof-WIFI]security wpa2 ?  dot1x  802.1x authentication   psk    Pre-shared key [AC6005-wlan-sec-prof-WIFI]security wpa2 psk ?  hex          Hexadecimal   pass-phrase  Passphrase [AC6005-wlan-sec-prof-WIFI]security wpa2 psk pa[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase ?  STRING<8-108>  Key: contains 8-63 ASCII or 64 hex characters, or 48-108 cipher-text characters.[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 ?  aes       Advanced encryption standard  aes-tkip  AES-TKIP   tkip      Temporal key integrity protocol [AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 aex                                                                  ^Error: Unrecognized command found at "^" position.[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 aesWarning: The current password is too simple. For the sake of security, you are advised to set a password containing at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters. Continue? [Y/N]:y[AC6005-wlan-sec-prof-WIFI]#创建VAP模板，关联SSID、安全模板[AC6005-wlan-sec-prof-WIFI]quit[AC6005-wlan-view]vap[AC6005-wlan-view]vap-profile na[AC6005-wlan-view]vap-profile name WIFI[AC6005-wlan-vap-prof-WIFI]ssid[AC6005-wlan-vap-prof-WIFI]ssid-profile WIFIInfo: This operation may take a few seconds, please wait.done.[AC6005-wlan-vap-prof-WIFI]sec[AC6005-wlan-vap-prof-WIFI]security-profile WIFIInfo: This operation may take a few seconds, please wait.done.[AC6005-wlan-vap-prof-WIFI][AC6005-wlan-vap-prof-WIFI]#进入AP组，调用VAP[AC6005-wlan-vap-prof-WIFI]quit[AC6005-wlan-view]ap[AC6005-wlan-view]ap?  ap                 AP  ap-confirm         Confirm AP   ap-group           AP group  ap-id              AP ID  ap-mac             AP MAC address  ap-name            AP name  ap-ping            AP ping   ap-regroup         AP regroup  ap-rename          AP rename  ap-reset           Reset AP   ap-system-profile  AP system profile[AC6005-wlan-view]ap-g[AC6005-wlan-view]ap-group name default[AC6005-wlan-ap-group-default][AC6005-wlan-ap-group-default]vap-[AC6005-wlan-ap-group-default]vap-profile WIFI ?  wlan  WLAN[AC6005-wlan-ap-group-default]vap-profile WIFI wla[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 rad[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 radio ?  INTEGER<0-2>  Radio ID  all           All[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 radio allInfo: This operation may take a few seconds, please wait...done.[AC6005-wlan-ap-group-default]quit

接入交换机配置

[Huawei][Huawei]undo info-center enInfo: Information center is disabled.[Huawei][Huawei]interface Ethernet 0/0/4[Huawei-Ethernet0/0/4][Huawei-Ethernet0/0/4]dis th#interface Ethernet0/0/4#return[Huawei-Ethernet0/0/4][Huawei-Ethernet0/0/4]port[Huawei-Ethernet0/0/4]port ?  add-tag        Add outer tag based on acl   discard        Discard  hybrid         Hybrid port  link-flap      Link flap   link-type      Switch port link type  mux-vlan       Multiplex vlan  priority       Specify current port"s priority  type           Type   vlan-mapping   VLAN Mapping  vlan-stacking  VLAN Stacking[Huawei-Ethernet0/0/4]port lin[Huawei-Ethernet0/0/4]port link-ty[Huawei-Ethernet0/0/4]port link-type ac[Huawei-Ethernet0/0/4]port link-type access [Huawei-Ethernet0/0/4]port[Huawei-Ethernet0/0/4]port de[Huawei-Ethernet0/0/4]port default vlan 1[Huawei-Ethernet0/0/4][Huawei-Ethernet0/0/4]quit[Huawei]vlan 1[Huawei-vlan1]quit[Huawei]int[Huawei]interface vlan 1[Huawei-Vlanif1]ip add[Huawei-Vlanif1]ip address 192.168.100.3 24[Huawei-Vlanif1][Huawei-Vlanif1]q[Huawei][Huawei]ip rout[Huawei]ip route-[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1[Huawei][Huawei][Huawei]dis ip rout[Huawei]dis ip routing-table Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public         Destinations : 5        Routes : 5        Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface        0.0.0.0/0   Static  60   0          RD   192.168.100.1   Vlanif1      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0  192.168.100.0/24  Direct  0    0           D   192.168.100.3   Vlanif1  192.168.100.3/32  Direct  0    0           D   127.0.0.1       Vlanif1#验证[Huawei][Huawei]ping 192.168.100.254  PING 192.168.100.254: 56  data bytes, press CTRL_C to break    Request time out    Reply from 192.168.100.254: bytes=56 Sequence=2 ttl=255 time=50 ms    Reply from 192.168.100.254: bytes=56 Sequence=3 ttl=255 time=1 ms    Reply from 192.168.100.254: bytes=56 Sequence=4 ttl=255 time=1 ms    Reply from 192.168.100.254: bytes=56 Sequence=5 ttl=255 time=40 ms  --- 192.168.100.254 ping statistics ---    5 packet(s) transmitted    4 packet(s) received    20.00% packet loss    round-trip min/avg/max = 1/23/50 ms[Huawei][Huawei][Huawei]ping 192.168.100.2  PING 192.168.100.2: 56  data bytes, press CTRL_C to break    Reply from 192.168.100.2: bytes=56 Sequence=1 ttl=255 time=40 ms    Reply from 192.168.100.2: bytes=56 Sequence=2 ttl=255 time=1 ms    Reply from 192.168.100.2: bytes=56 Sequence=3 ttl=255 time=10 ms    Reply from 192.168.100.2: bytes=56 Sequence=4 ttl=255 time=1 ms    Reply from 192.168.100.2: bytes=56 Sequence=5 ttl=255 time=30 ms  --- 192.168.100.2 ping statistics ---    5 packet(s) transmitted    5 packet(s) received    0.00% packet loss    round-trip min/avg/max = 1/16/40 ms[Huawei][Huawei]

验证：

手机连接wifi，并且能够与服务器和笔记本终端互通。

查看当前在线的用户

查看所有客户端的接入信息

写在最后：

自我设限，固步自封，唯有突破极限，才能发掘潜能。以上就是本期整理的《无线网络部署：满足客户需求的最佳实践》，自己经历过的风雨，所以知道你也会坚强。你的【评论】+【点赞】+【关注】，我会自动解读为认可。

作者简介：

我是“网络系统技艺者”，系统运维工程师一枚，持续分享【网络技术+系统运维技术】干货。