华为无线AC(接入控制器)AP(接入点)的组网中,数据转发模式主要包括直接转发(本地转发)隧道转发(集中转发)两种。

直接转发(Local Forwarding)

数据流量不经过AC,直接由AP本地转发到上层网络(如交换机),适用于对AC性能压力敏感的场景。
适用场景:高流量、低延迟需求(如视频监控)、分布式网络架构。

  • 原理:用户数据流量由AP本地转发至上层交换机或路由器,不经过AC
  • 优势:降低AC负载,减少传输延迟,适合高吞吐场景。
  • 劣势:集中管控能力弱,难以实现全网流量审计。

概念

什么是AP?

AP,全称为Access Point,即无线接入点。它是无线网络中的核心设备之一,负责将 有线网络信号转换为无线信号,供无线设备连接。简单来说,AP就像是无线网络的 发射塔,它使得手机、笔记本电脑、平板电脑等设备能够通过Wi-Fi连接到互联网。

AP通常安装在需要无线覆盖的区域,如办公室、商场、酒店等。它的覆盖范围和信号强度直接影响到无线网络的质量。

什么是AC?

AC全称为Wireless Access Point Controller,即无线控制器。它是管理多个AP的集中控制设备,负责协调和管理整个无线网络的运行。AC的主要功能包括:

  • 集中管理AC可以统一管理多个AP,简化网络配置和维护工作。
  • 负载均衡AC可以根据网络流量和用户数量,自动调整AP的工作状态,避免某个AP过载。
  • 安全控制AC可以实施统一的安全策略,如用户认证、数据加密等,确保网络安全。
  • 漫游管理AC可以优化用户的漫游体验,确保用户在移动过程中能够无缝切换AP,保持网络连接的稳定性。

AC与AP的关系

AP和AC在无线网络中扮演着不同的角色,但它们之间是紧密协作的。AP负责提供无线信号,而AC则负责管理和优化这些AP的工作状态。通过AC的集中管理,网络管理员可以更轻松地监控和维护整个无线网络,确保其高效、稳定地运行。

配置案例

需求

STA1 Cephone1 获取vlan20

AC1 vlan100

PC1 vlan10

PC1 STA1 Cephone1 互通

拓扑图

AC-AP配置,直接转发.png

设备 接口 接口类型 vlan 默认网关 备注
AC1 GE 0/0/1 trunk 100 - 路由器接口,连接交换机 LSW2 不配置交换机,让它直接走二层
LSW1 GE 0/0/1 trunk 10 20 100 - 路由器接口,连接交换机 LSW3 不配置交换机,让它直接走二层
GE 0/0/2 trunk 100 - 通过 DHCP 获取 IP 地址
LSW2 GE 0/0/1 trunk 10 20 100 -
GE 0/0/2 trunk 10 20 100 -
GE 0/0/3 access 10 -
PC1 Eth 0/0/1 - - 10.15.10.253 通过 DHCP 获取 IP 地址
AP1 GE 0/0/1 - - -
Cellphone WIFI - 20 10.15.20.254
STA1 WIFI - 20 -
LSW1配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
sysname LSW1
#
dhcp enable
#
vlan batch 10 20 100
#
ip pool pool-vlan10
 gateway-list 10.15.10.254
 network 10.15.10.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
ip pool pool-vlan20
 gateway-list 10.15.20.254
 network 10.15.20.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
ip pool pool-vlan100
 gateway-list 10.15.100.254
 network 10.15.100.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
interface Vlanif10
 ip address 10.15.10.254 255.255.255.0
 dhcp select global
#
interface Vlanif20
 ip address 10.15.20.254 255.255.255.0
 dhcp select global
#
interface Vlanif100
 ip address 10.15.100.254 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100

LSW2配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
sysname LSW2
#
vlan batch 10 20 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 10 20 100
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#

AC1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#
[AC6005]vlan batch 100
#
[AC6005]int vlanif100
[AC6005-Vlanif100]ip address 10.15.100.1 255.255.255.0
#
[AC6005]ip route-static 0.0.0.0 0.0.0.0 10.15.100.254 #配置静默路由
#
[AC6005]vlan 100
[AC6005-Vlanif100]ip address 192.168.100.1 24
 
 
[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk 
[AC6005-GigabitEthernet0/0/1]port trunk  allow-pass vlan 100

#1.设置国家码
[AC6005]wlan 
[AC6005-wlan-view]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]country-code cn
Info: The current country code is same with the input country code.
[AC6005-wlan-regulate-domain-default]q
---- 
#2.创建AP组并绑定国家码
[AC6005-wlan-view]ap-group name ap-group1
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6005-wlan-ap-group-ap-group1]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]q
---- 
#3.配置CAPWAP源接口
[AC6005]capwap source interface vlanif 100  #配置设备使用与 VLAN 100 相关联的 IP 地址作为 CAPWAP 数据包的源地址
---- 
#4.AP上线配置
[AC6005]wlan    
[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fc2d-0b40#这里写AP的mac地址  APmac地址通过AP接入层交换机dis mac-address查看
[AC6005-wlan-ap-0]ap-name IT 
[AC6005-wlan-ap-0]ap-group ap-group1  #将MAC为00e0-fc2d-0b40的AP命名IT并加入ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6005-wlan-ap-0]q
#5.安全与SSID配置
[AC6005-wlan-view]security-profile name wlan
[AC6005-wlan-sec-prof-wlan]security wpa-wpa2 psk pass-phrase 12345678 aes
Warning: The current password is too simple. For the sake of security, you are advised to set a password containing at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters. Continue? [Y/N]:
[AC6005-wlan-sec-prof-wlan]q
 
[AC6005-wlan-view]ssid-profile name IT
[AC6005-wlan-ssid-prof-IT]ssid IT
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-IT]q
[AC6005-wlan-view]
 
#6.VAP模板配置 
[AC6005-wlan-view]vap
[AC6005-wlan-view]vap-profile name IT
[AC6005-wlan-vap-prof-IT]forward-mode direct-forward      #配置AP有线口的数据转发方式        
[AC6005-wlan-vap-prof-IT]service-vlan vlan   
[AC6005-wlan-vap-prof-IT]service-vlan vlan-id 20  #配置业务VLAN
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]security-profile wlan
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]ssid-profile IT
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-IT]q
[AC6005-wlan-view]
#7.AP组绑定VAP模板   
[AC6005-wlan-view]ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-ap-group1]vap-profile IT wlan 1 radio 1

STA1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
STA>ping 10.15.100.1

Ping 10.15.100.1: 32 data bytes, Press Ctrl_C to break
From 10.15.100.1: bytes=32 seq=1 ttl=254 time=156 ms
From 10.15.100.1: bytes=32 seq=2 ttl=254 time=172 ms
From 10.15.100.1: bytes=32 seq=3 ttl=254 time=156 ms

--- 10.15.100.1 ping statistics ---
  3 packet(s) transmitted
  3 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 156/161/172 ms

STA>ipconfig

Link local IPv6 address...........: ::
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 10.15.20.252
Subnet mask.......................: 255.255.255.0
Gateway...........................: 10.15.20.254
Physical address..................: 54-89-98-B3-17-46
DNS server........................: 8.8.8.8

Cellphone

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
STA>ipconfig

Link local IPv6 address...........: ::
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 10.15.20.253
Subnet mask.......................: 255.255.255.0
Gateway...........................: 10.15.20.254
Physical address..................: 54-89-98-0D-05-A2
DNS server........................: 8.8.8.8


STA>ping 10.15.100.1

Ping 10.15.100.1: 32 data bytes, Press Ctrl_C to break
From 10.15.100.1: bytes=32 seq=1 ttl=254 time=157 ms
From 10.15.100.1: bytes=32 seq=2 ttl=254 time=156 ms
From 10.15.100.1: bytes=32 seq=3 ttl=254 time=140 ms

--- 10.15.100.1 ping statistics ---
  3 packet(s) transmitted
  3 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 140/151/157 ms

排错命令

1
2
3
4
display ap online-info                  # 查看AP上线详情
display vap ssid IT                     # 检查VAP状态
display station ssid IT                 # 查看已连接终端
display radio alldisplay radio all  #查看射频是否启用