无线网络不论是在企事业单位，还是在家庭中都扮演着至关重要的角色，为了满足需求，建立一个可靠、高效的无线网络系统已成为不可或缺的任务。然而，对于企业或家庭无线网络而言，面临着各种挑战和抉择。如何选择适合的无线网络技术和设备？如何进行合理的网络规划和布局？如何确保网络的安全性和稳定性？在这个文档中，将为您呈现满足客户需求的最佳实践。通过该实验文档的了解与学习，友友们可以更好的建立一个出色的无线网络系统，提升竞争力，为客户提供卓越的体验，并构建一个令人满意的无线网络环境。

注意：

因实验繁琐性，部分相关设备这里做了省略，拓扑图是根据具体实用设备进行组网，无关设备并没有接入拓扑中，但这并不影响实验效果。

实验拓扑图：

实验需求：

1）通过AR1路由器连接外网（AR2模拟外网），设置内网网关，开启DHCP功能，使内网用户能够上网

2）AC、无线与收银服务器为同一个网段，

3）无线 SSID 为WIFI，密码为：88888888

4）是内网用户的无线设备（笔记本，手机等）能够接入外网

配置思路：

1）AR1 GE0/0/1 连接外网，GE0/0/0 连接内网，ip地址为192.168.100.1，开启DHCP功能，AC ip地址为192.168.100.2/24，服务器ip地址为:192.168.100.254/24

2）因为无线AP与有线 OA服务器/AC都处于一个网段

3）AC配置地址192.168.100.2 CAPWAP源地址，配置无线业务。

具体配置过程：

AR2外网路由器配置

The device is running!

sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf	
[Huawei]undo info-center en
Info: Information center is disabled.
[Huawei]
[Huawei]
[Huawei]int	
[Huawei]interface gi	
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip add	
[Huawei-GigabitEthernet0/0/1]ip address 114.114.114.114 24
[Huawei-GigabitEthernet0/0/1]
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]

AR1路由器配置

sys
Enter system view, return user view with Ctrl+Z.
[Huawei]undo inf	
[Huawei]undo info-center en
Info: Information center is disabled.
[Huawei]
[Huawei]sysna	
[Huawei]sysname AR1
[AR1]inter	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]ip add	
[AR1-GigabitEthernet0/0/1]ip address 114.114.114.1 24
[AR1-GigabitEthernet0/0/1]
[AR1-GigabitEthernet0/0/1]quit
[AR1]
[AR1]dhcp en
Info: The operation may take a few seconds. Please wait for a moment.done.
[AR1]
[AR1]inter	
[AR1]interface ge	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip add	
[AR1-GigabitEthernet0/0/0]ip address 192.168.100.1 24
[AR1-GigabitEthernet0/0/0]dhcp se	
[AR1-GigabitEthernet0/0/0]dhcp select int	
[AR1-GigabitEthernet0/0/0]dhcp select interface 
[AR1-GigabitEthernet0/0/0]dhcp se	
[AR1-GigabitEthernet0/0/0]dhcp serv	
[AR1-GigabitEthernet0/0/0]dhcp server dns	
[AR1-GigabitEthernet0/0/0]dhcp server dns-list 223.5.5.5 223.6.6.6
[AR1-GigabitEthernet0/0/0]dh	
[AR1-GigabitEthernet0/0/0]dhcp ser	
[AR1-GigabitEthernet0/0/0]dhcp server ex	
[AR1-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.100.2
[AR1-GigabitEthernet0/0/0]dhcp server excluded-ip-address 192.168.100.254
Error:Only idle or expired IP address can be disabled.
[AR1-GigabitEthernet0/0/0]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0
 ip address 192.168.100.1 255.255.255.0 
 dhcp select interface
 dhcp server excluded-ip-address 192.168.100.2 
 dhcp server dns-list 223.5.5.5 223.6.6.6 
#
return
[AR1-GigabitEthernet0/0/0]quit
[AR1]

[AR1]
[AR1]acl num	
[AR1]acl number 3000
[AR1-acl-adv-3000]per	
[AR1-acl-adv-3000]rul	
[AR1-acl-adv-3000]rule 5 per	
[AR1-acl-adv-3000]rule 5 permit ip sou	
[AR1-acl-adv-3000]rule 5 permit ip source 192.168.100.0 0.0.0.255
[AR1-acl-adv-3000]
[AR1-acl-adv-3000]quit
[AR1]
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/1
[AR1-GigabitEthernet0/0/1]nat out	
[AR1-GigabitEthernet0/0/1]nat outbound  3000
[AR1-GigabitEthernet0/0/1]quit
[AR1]
[AR1]
#添加静态路由
[AR1]
[AR1]rout	
[AR1]route-	
[AR1]route-st	
[AR1]ip rout	
[AR1]ip route-s	
[AR1]ip route-static 0.0.0.0 0.0.0.0 114.114.114.114
[AR1]
[AR1]

AC 配置

The device is running!
int	
sys
Enter system view, return user view with Ctrl+Z.
[AC6005]undo inf	
[AC6005]undo info-center en
Info: Information center is disabled.
[AC6005]
#配置了VLANIF地址192.168.100.2，指定CAPWAP源接口
[AC6005]interface vlan 1
[AC6005-Vlanif1]ip address 192.168.100.2 24
[AC6005-Vlanif1]
[AC6005-Vlanif1]quit
[AC6005]
[AC6005]cap?
  capture-packet  Capture-packet
  capwap          CAPWAP
[AC6005]capwap ?
  control-link-priority  Tos control-priority
  dtls                   DTLS
  echo                   Maintain freshness of the CAPWAP channel
  ipv6                   IPv6
  message-integrity      Message Integrity
  source                 Source
[AC6005]capwap source  interface Vlanif 1
[AC6005]
#AP认证为不认证
[AC6005]
[AC6005]wl	
[AC6005]wlan ?
    Please press ENTER to execute command 
[AC6005]wlan 
[AC6005-wlan-view]
[AC6005-wlan-view]ap	
[AC6005-wlan-view]ap auth-mode no-auth 
Warning: It is insecure to configure none authentication mode.
[AC6005-wlan-view]
[AC6005-wlan-view]quit
[AC6005]

#定义SSID
[AC6005]wlan 
[AC6005-wlan-view]
[AC6005-wlan-view]ssid-profile ?
  name  Name
[AC6005-wlan-view]ssid-profile nam	
[AC6005-wlan-view]ssid-profile name WIFI
[AC6005-wlan-ssid-prof-WIFI]ssid ?
  TEXT<"...">  SSID name, which is a string of 1 to 32 characters. To set an SSI
D starting with a space, add double quotation marks 
               (" ") to the SSID, for example, " abc". In this case, the SSID su
pports a maximum of 30 characters. To set an SSID   
               starting with a double quotation mark, use a backslash () as the
 prefix to the SSID, for example, "abc. In this    
               case, the SSID supports a maximum of 31 characters
[AC6005-wlan-ssid-prof-WIFI]ssid WIFI
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-WIFI]
#定义安全策略、密码与加密方式
[AC6005-wlan-ssid-prof-WIFI]quit
[AC6005-wlan-view]sec	
[AC6005-wlan-view]security-profile na	
[AC6005-wlan-view]security-profile name WIFI
[AC6005-wlan-sec-prof-WIFI]sec	
[AC6005-wlan-sec-prof-WIFI]security w	
[AC6005-wlan-sec-prof-WIFI]security wpa	
[AC6005-wlan-sec-prof-WIFI]security wpa?
  wpa       Wi-Fi protected access 
  wpa-wpa2  Wi-Fi protected access version 1&2 
  wpa2      Wi-Fi protected access version 2 
[AC6005-wlan-sec-prof-WIFI]security wpa2 ?
  dot1x  802.1x authentication 
  psk    Pre-shared key 
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk ?
  hex          Hexadecimal 
  pass-phrase  Passphrase 
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pa	
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase ?
  STRING<8-108>  Key: contains 8-63 ASCII or 64 hex characters, or 48-108 cipher
-text characters.
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 ?
  aes       Advanced encryption standard
  aes-tkip  AES-TKIP 
  tkip      Temporal key integrity protocol 
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 aex
                                                                  ^
Error: Unrecognized command found at '^' position.
[AC6005-wlan-sec-prof-WIFI]security wpa2 psk pass-phrase 88888888 aes
Warning: The current password is too simple. For the sake of security, you are a
dvised to set a password containing at least two of the following: lowercase let
ters a to z, uppercase letters A to Z, digits, and special characters. Continue?
 [Y/N]:y
[AC6005-wlan-sec-prof-WIFI]
#创建VAP模板，关联SSID、安全模板
[AC6005-wlan-sec-prof-WIFI]quit
[AC6005-wlan-view]vap	
[AC6005-wlan-view]vap-profile na	
[AC6005-wlan-view]vap-profile name WIFI
[AC6005-wlan-vap-prof-WIFI]ssid	
[AC6005-wlan-vap-prof-WIFI]ssid-profile WIFI
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-WIFI]sec	
[AC6005-wlan-vap-prof-WIFI]security-profile WIFI
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-WIFI]
[AC6005-wlan-vap-prof-WIFI]
#进入AP组，调用VAP
[AC6005-wlan-vap-prof-WIFI]quit
[AC6005-wlan-view]ap	
[AC6005-wlan-view]ap?
  ap                 AP
  ap-confirm         Confirm AP 
  ap-group           AP group
  ap-id              AP ID
  ap-mac             AP MAC address
  ap-name            AP name
  ap-ping            AP ping 
  ap-regroup         AP regroup
  ap-rename          AP rename
  ap-reset           Reset AP 
  ap-system-profile  AP system profile
[AC6005-wlan-view]ap-g	
[AC6005-wlan-view]ap-group name default
[AC6005-wlan-ap-group-default]
[AC6005-wlan-ap-group-default]vap-	
[AC6005-wlan-ap-group-default]vap-profile WIFI ?
  wlan  WLAN
[AC6005-wlan-ap-group-default]vap-profile WIFI wla	
[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 rad	
[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 radio ?
  INTEGER<0-2>  Radio ID
  all           All
[AC6005-wlan-ap-group-default]vap-profile WIFI wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-default]quit

接入交换机配置

[Huawei]
[Huawei]undo info-center en
Info: Information center is disabled.
[Huawei]
[Huawei]interface Ethernet 0/0/4
[Huawei-Ethernet0/0/4]
[Huawei-Ethernet0/0/4]dis th
#
interface Ethernet0/0/4
#
return
[Huawei-Ethernet0/0/4]
[Huawei-Ethernet0/0/4]port	
[Huawei-Ethernet0/0/4]port ?
  add-tag        Add outer tag based on acl 
  discard        Discard
  hybrid         Hybrid port
  link-flap      Link flap 
  link-type      Switch port link type
  mux-vlan       Multiplex vlan
  priority       Specify current port's priority
  type           Type 
  vlan-mapping   VLAN Mapping
  vlan-stacking  VLAN Stacking

[Huawei-Ethernet0/0/4]port lin	
[Huawei-Ethernet0/0/4]port link-ty	
[Huawei-Ethernet0/0/4]port link-type ac	
[Huawei-Ethernet0/0/4]port link-type access 
[Huawei-Ethernet0/0/4]port	
[Huawei-Ethernet0/0/4]port de	
[Huawei-Ethernet0/0/4]port default vlan 1
[Huawei-Ethernet0/0/4]
[Huawei-Ethernet0/0/4]quit
[Huawei]vlan 1
[Huawei-vlan1]quit
[Huawei]int	
[Huawei]interface vlan 1
[Huawei-Vlanif1]ip add	
[Huawei-Vlanif1]ip address 192.168.100.3 24
[Huawei-Vlanif1]
[Huawei-Vlanif1]q
[Huawei]
[Huawei]ip rout	
[Huawei]ip route-	
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
[Huawei]
[Huawei]
[Huawei]dis ip rout	
[Huawei]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 5        Routes : 5        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0          RD   192.168.100.1   Vlanif1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
  192.168.100.0/24  Direct  0    0           D   192.168.100.3   Vlanif1
  192.168.100.3/32  Direct  0    0           D   127.0.0.1       Vlanif1

#验证
[Huawei]
[Huawei]ping 192.168.100.254
  PING 192.168.100.254: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.100.254: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 192.168.100.254: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 192.168.100.254: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 192.168.100.254: bytes=56 Sequence=5 ttl=255 time=40 ms

  --- 192.168.100.254 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 1/23/50 ms

[Huawei]
[Huawei]
[Huawei]ping 192.168.100.2
  PING 192.168.100.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.100.2: bytes=56 Sequence=1 ttl=255 time=40 ms
    Reply from 192.168.100.2: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 192.168.100.2: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 192.168.100.2: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 192.168.100.2: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 192.168.100.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/16/40 ms

[Huawei]
[Huawei]

验证：

手机连接wifi，并且能够与服务器和笔记本终端互通。

查看当前在线的用户

查看所有客户端的接入信息

写在最后：

自我设限，固步自封，唯有突破极限，才能发掘潜能。以上就是本期整理的《无线网络部署：满足客户需求的最佳实践》，自己经历过的风雨，所以知道你也会坚强。你的【评论】+【点赞】+【关注】，我会自动解读为认可。

作者简介：

我是“网络系统技艺者”，系统运维工程师一枚，持续分享【网络技术+系统运维技术】干货。