华为无线设备配置用户CAC

配置LAW和AC，使AP与AC之间能够传输CAPWAP报文
[LSW1]vlan batch 10
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 10
[AC1]vlan batch 10 20
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10

配置AC与上层网络设备互通
[AC1-GigabitEthernet0/0/2]port link-type trunk
[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan 20
[AC1-GigabitEthernet0/0/2]port trunk pvid vlan 20

配置AC作为DHCP服务器，为STA和AP分配IP地址
[AC1]dhcp enable
[AC1-Vlanif10]ip add 10.1.1.1 24
[AC1-Vlanif10]dhcp select interface
[AC1-Vlanif20]ip add 10.1.2.1 24
[AC1-Vlanif20]dhcp select interface

配置AP上线
[AC1]wlan
[AC1-wlan-view]ap-group name ap-group1 //创建AP组
[AC1-wlan-view]regulatory-domain-profile name domain1 //创建域管理模板，配置AC的国家码
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-view]ap-group name ap-group1 //在AP组下引用域管理模板
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
[AC1]capwap source interface Vlanif 10 //配置AC的源接口
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc63-2780 //在AC上离线导入AP
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group ap-group1 //将AP加入AP组

配置WLAN业务参数
[AC1-wlan-view]security-profile name wlan-security //创建安全模板，并配置安全策略
[AC1-wlan-sec-prof-wlan-security]security wpa2 psk pass-phrase [email protected] aes
[AC1-wlan-view]ssid-profile name wlan-ssid //创建SSID模板，并配置SSID名称
[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net
[AC1-wlan-view]vap-profile name wlan-vap //创建VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板
[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel
[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 20
[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security
[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid
[AC1-wlan-view]ap-group name ap-group1 //配置AP组引用VAP模板
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio all

配置AP射频的信道和功率
[AC1-wlan-view]rrm-profile name default //关闭射频的信道和功率自动调优功能
[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable
[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable
[AC1-wlan-view]ap-id 0
[AC1-wlan-ap-0]radio 0
[AC1-wlan-radio-0/0]channel 20mhz 6
[AC1-wlan-radio-0/0]eirp 127
[AC1-wlan-ap-0]radio 1
[AC1-wlan-radio-0/1]channel 20mhz 149
[AC1-wlan-radio-0/1]eirp 127

配置用户CAC功能
[AC1-wlan-view]rrm-profile name user-cac //创建RRM模板
[AC1-wlan-rrm-prof-user-cac]uac client-number enable //打开基于用户数的用户CAC功能
[AC1-wlan-rrm-prof-user-cac]uac client-number threshold access 32 roam 32 //配置新增用户用户数阈值为32，漫游用户用户数阈值为32
[AC1-wlan-rrm-prof-user-cac]uac client-snr enable //打开禁止弱信号终端接入功能
[AC1-wlan-rrm-prof-user-cac]uac client-snr threshold 25 //配置相应的信号阈值为25dB
[AC1-wlan-rrm-prof-user-cac]uac reach-access-threshold hide-ssid //打开用户接入阈值隐藏SSID功能
[AC1-wlan-view]radio-2g-profile name radio2g //创建2G射频模板,在该模板下引用RRM模板
[AC1-wlan-radio-2g-prof-radio2g]rrm-profile user-cac
[AC1-wlan-view]ap-group name ap-group1 //的AP组下引用2G射频模板
[AC1-wlan-ap-group-ap-group1]radio-2g-profile radio2g radio all

验证配置