当前位置: 首页 > news >正文

eNSP实现WDS手拉手业务

news 2025/8/12 7:35:39

实验准备:建议使用AC6605,AP9131

1.实验拓扑

2.设备配置文件

[SW1]dis cu
#
sysname SW1
#
vlan batch 100 110
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type http
#
interface Vlanif1
#
interface Vlanif100ip address 192.168.100.2 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 192.168.100.1dhcp server option 43 sub-option 2 ip-address 100.100.100.100
#
interface Vlanif110ip address 192.168.110.254 255.255.255.0dhcp select interface
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 100
#
interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 110
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 100.100.100.100 255.255.255.255 192.168.100.1
#
user-interface con 0screen-length 0
user-interface vty 0 4
#
return
[AC1]dis cu
#sysname AC1
#set memory-usage threshold 0
#
ssl renegotiation-rate 1 
#
vlan batch 100
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm defaultrsa local-key-pair defaultenrollment self-signed
#
ike proposal defaultencryption-algorithm aes-256 dh group14 authentication-algorithm sha2-256 authentication-method pre-shareintegrity-algorithm hmac-sha2-256 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaaauthentication-scheme defaultauthentication-scheme radiusauthentication-mode radiusauthorization-scheme defaultaccounting-scheme defaultdomain defaultauthentication-scheme radiusradius-server defaultdomain default_adminauthentication-scheme defaultlocal-user admin password irreversible-cipher $1a$"cS`6Lb&3!$^"]&G=JxgW'L;>!PR/EBBI0v+aRx`L>kP+)hnTb:$local-user admin privilege level 15local-user admin service-type http
#
interface Vlanif100ip address 192.168.100.1 255.255.255.0
#
interface MEth0/0/1undo negotiation autoduplex half
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 100
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21undo negotiation autoduplex half
#
interface GigabitEthernet0/0/22undo negotiation autoduplex half
#
interface GigabitEthernet0/0/23undo negotiation autoduplex half
#
interface GigabitEthernet0/0/24undo negotiation autoduplex half
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 100.100.100.100 255.255.255.255
#snmp-agent local-engineid 800007DB03000000000000snmp-agent 
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.2
#
capwap source interface loopback0
#
user-interface con 0authentication-mode passwordscreen-length 0
user-interface vty 0 4protocol inbound all
user-interface vty 16 20protocol inbound all
#
wlantraffic-profile name defaultsecurity-profile name huaweisecurity wpa-wpa2 psk pass-phrase %^%#Yf+xC1|nAXKr|uTm$nlVsL+J7xU|c3PX3OA2N"#1%^%# aessecurity-profile name defaultsecurity-profile name wds-secsecurity wpa2 psk pass-phrase %^%#E,MN<*nry6*u6XBsTj}~EkJ{5E;VCJ9daGRtUOnK%^%# aessecurity-profile name wlan-netsecurity-profile name default-wdssecurity-profile name default-meshssid-profile name huaweissid huaweissid-profile name defaultssid-profile name wlan-netssid wlan-netvap-profile name huaweiservice-vlan vlan-id 110ssid-profile huaweisecurity-profile huaweivap-profile name defaultvap-profile name wlan-netservice-vlan vlan-id 110ssid-profile wlan-netsecurity-profile wlan-netwds-whitelist-profile name wds-list1peer-ap mac 00e0-fc81-0de0peer-ap mac 00e0-fc58-0f70wds-profile name leafsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-profile name defaultwds-profile name wds-leafsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-profile name wds-rootsecurity-profile wds-secvlan tagged 110wds-name wlan-wdswds-mode rootmesh-handover-profile name defaultmesh-profile name defaultregulatory-domain-profile name defaultair-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-profile name defaultwireless-access-specificationap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultserial-profile name preset-enjoyor-toeap ap-group name ap1radio 0vap-profile huawei wlan 1radio 1vap-profile huawei wlan 1wds-profile wds-rootwds-whitelist-profile wds-list1radio 2vap-profile huawei wlan 1ap-group name ap2radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1wds-profile wds-leafap-group name ap3radio 0vap-profile wlan-net wlan 1radio 1vap-profile wlan-net wlan 1wds-profile wds-leafap-group name defaultap-id 0 type-id 47 ap-mac 00e0-fcc2-6a30 ap-sn 210235448310B345A44Eap-name AP1ap-group ap1radio 1channel 40mhz-plus 157coverage distance 4ap-id 1 type-id 47 ap-mac 00e0-fc81-0de0 ap-sn 210235448310F803D93Bap-name AP2ap-group ap2radio 1channel 40mhz-plus 157coverage distance 4ap-id 2 type-id 47 ap-mac 00e0-fc58-0f70 ap-sn 210235448310C5713828ap-name AP3ap-group ap3radio 1channel 40mhz-plus 157coverage distance 4provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return

3.wds重点配置

[AC1-wlan-view]ap-id  0
[AC1-wlan-ap-0]radio 1    
[AC1-wlan-radio-0/1]channel  40mhz-plus 157 
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-radio-0/1]coverage  distance  4
[AC1-wlan-ap-1]radio 1    
[AC1-wlan-radio-1/1]channel  40mhz-plus 157 
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-radio-1/1]coverage  distance  4
[AC1-wlan-view]ap-id  2
[AC1-wlan-ap-2]radio 1    
[AC1-wlan-radio-2/1]channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y    
[AC1-wlan-radio-2/1]coverage  distance  4

[AC1-wlan-view]security-profile  name  wds-sec
[AC1-wlan-sec-prof-wds-sec]security  wpa2 psk  pass-phrase  huawei@123 aes

[AC1-wlan-view]wds-whitelist-profile name  wds-list1 
[AC1-wlan-wds-whitelist-wds-list1]peer-ap  mac  00e0-fc81-0de0 
[AC1-wlan-wds-whitelist-wds-list1]peer-ap  mac  00e0-fc58-0f70


[AC1-wlan-view]wds-profile name  wds-root 
[AC1-wlan-wds-prof-wds-root]wds-mode root 
[AC1-wlan-wds-prof-wds-root]wds-name wlan-wds     
[AC1-wlan-wds-prof-wds-root]vlan tagged  110 
[AC1-wlan-wds-prof-wds-root]security-profile wds-sec
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-view]wds-profile name  leaf 
[AC1-wlan-wds-prof-leaf]wds-mode leaf     #默认为leaf模式,可以不配
[AC1-wlan-wds-prof-leaf]wds-name wlan-wds 
[AC1-wlan-wds-prof-leaf]security-profile  wds-sec
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-wds-prof-leaf]vlan tagged  110

[AC1-wlan-view]ap-group  name  ap1
[AC1-wlan-ap-group-ap1]radio 1
[AC1-wlan-group-radio-ap1/1]wds-whitelist-profile wds-list1


[AC1-wlan-view]ap-group  name  ap1
[AC1-wlan-ap-group-ap1]wds-profile  wds-root radio  1 
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]wds-profile name  leaf 
[AC1-wlan-wds-prof-leaf]wds-mode leaf     #默认为leaf模式,可以不配
[AC1-wlan-wds-prof-leaf]wds-name wlan-wds 
[AC1-wlan-wds-prof-leaf]security-profile  wds-sec
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-wds-prof-leaf]vlan tagged  110

[AC1-wlan-view]ap-group  name  ap2 
[AC1-wlan-ap-group-ap2]wds-profile wds-leaf radio  1 
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]ap-group  name  ap3
[AC1-wlan-ap-group-ap3]wds-profile  wds-leaf radio  1
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]security-profile  name wlan-net 
[AC1-wlan-sec-prof-wlan-net]security open   #此处之所以使用开放因为使用密码连接不起来。使用开放时,STA连接的时候多点击几下即可连接无线网络。

[AC1-wlan-view]ssid-profile  name  wlan-net 
[AC1-wlan-ssid-prof-wlan-net]ssid wlan-net
Info: This operation may take a few seconds, please wait.done.


[AC1-wlan-view]vap-profile  name  wlan-net 
[AC1-wlan-vap-prof-wlan-net]ssid-profile  wlan-net
Info: This operation may take a few seconds, please wait.done.    
[AC1-wlan-vap-prof-wlan-net]security-profile  wlan-net
Info: This operation may take a few seconds, please wait.done.    
[AC1-wlan-vap-prof-wlan-net]service-vlan vlan-id 110
Info: This operation may take a few seconds, please wait.done.

[AC1-wlan-view]ap-group  name  ap2    
[AC1-wlan-ap-group-ap2]vap-profile wlan-net wlan  1 radio  0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap2]vap-profile  wlan-net wlan  1 radio  1
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap2]q
[AC1-wlan-view]ap-group  name  ap3    
[AC1-wlan-ap-group-ap3]vap-profile  wlan-net wlan  1 radio  0
Info: This operation may take a few seconds, please wait...done.
[AC1-wlan-ap-group-ap3]vap-profile wlan-net wlan  1 radio  1
Info: This operation may take a few seconds, please wait...done.

4.实验验证

http://www.dtcms.com/a/234027.html

相关文章:

  • C# 中的 IRecipient
  • java.io.IOException: Broken pipe
  • Linux系统删除文件后的恢复方法
  • 用 NGINX 搭建高效 IMAP 代理`ngx_mail_imap_module`
  • 【深度学习-Day 23】框架实战:模型训练与评估核心环节详解 (MNIST实战)
  • nvidia系列教程-agx-orin安装ros
  • Vehicle HAL(5)--vhal 实现设置属性的流程
  • Three.js光与影代码分析及原理阐述
  • 能不能用string接收数据库的datetime类型字段
  • 晨读笔记 6-5 (主题:打造15分钟就业服务圈)
  • MySQL 索引:聚集索引与二级索引
  • 线段树~~~
  • 软件项目管理(2) 软件项目确立
  • Debugger encountered an exception:Exception at 0x7ff809232bdc
  • python类的高级方法(slots,dataclass,named tuples)
  • Postgresql源码(146)二进制文件格式分析
  • 408第一季 - 408内容概述
  • Modbus转Ethernet IP深度解析:磨粉设备效率跃升的底层技术密码
  • 老旧热泵设备智能化改造:Ethernet IP转Modbus的低成本升级路径
  • linux 串口调试命令 stty
  • 两张关联表,INNER JOIN同步公共属性(工作实战)
  • [zynq] Zynq Linux 环境下 AXI BRAM 控制器驱动方法详解(代码示例)
  • 【Linux】Linux基础指令1
  • 最小硬件系统概念及其组成
  • 14.AI搭建preparationのBERT预训练模型进行文本分类
  • Form开发指南-第二弹:基本配置与开发流程
  • MDK程序调试
  • JupyterNotebook全能指南:从入门到精通
  • 6.5本日总结
  • AIGC赋能前端开发