华为eNSP模拟器实战：旁挂二层组网下，AP免认证上线的完整配置流程（含DHCP与VLAN规划）

华为eNSP模拟器实战旁挂二层组网下AP免认证上线全流程解析在华为认证体系中无线网络部署是HCIA和HCIP级别的核心技能点。许多初学者在初次接触ACAP组网时常被复杂的VLAN规划、CAPWAP协议和转发模式搞得晕头转向。这次我们就用eNSP模拟器手把手搭建一个旁挂二层架构的无线网络重点解决直接转发模式下AP如何通过DHCP自动获取地址并完成免认证上线。不同于传统教程的碎片化呈现本文将系统性地拆解从网络规划到排错的完整闭环特别适合需要复现实验的备考学员。1. 实验环境与拓扑设计1.1 设备选型与逻辑拓扑实验采用eNSP V100版本需要以下设备AR1220路由器作为网络出口设备S5700交换机作为核心二层交换设备AC6605无线控制器管理AP并提供无线服务AP2050DN×2提供无线信号覆盖物理连接方式[AR1]G0/0/0 ←→ [LSW1]G0/0/4 (VLAN200) [LSW1]G0/0/1 ←→ [AC1]G0/0/1 (VLAN100) [LSW1]G0/0/2 ←→ AP1 (VLAN100业务VLAN) [LSW1]G0/0/3 ←→ AP2 (VLAN100业务VLAN)1.2 VLAN与IP地址规划采用多VLAN隔离方案关键设计原则管理VLAN100AP与AC通信业务VLAN10/20不同SSID对应不同业务上行VLAN200连接路由器具体IP分配设备接口VLANIP地址用途AC1 Vlanif1010192.168.10.253/24业务VLAN10网关AC1 Vlanif2020192.168.20.253/24业务VLAN20网关AC1 Vlanif100100192.168.100.253/24管理VLAN网关LSW1 Vlanif1010192.168.10.254/24业务VLAN10辅助网关LSW1 Vlanif2020192.168.20.254/24业务VLAN20辅助网关LSW1 Vlanif100100192.168.100.254/24管理VLAN辅助网关LSW1 Vlanif200200192.168.200.254/24上行接口AR1 G0/0/0-192.168.200.253/24出口网关注意旁挂架构下AC通常只需管理VLAN接口IP业务VLAN接口IP实际由交换机处理2. 基础网络配置2.1 路由器(AR1)配置核心是配置上行接口和静态路由Huaweisystem-view [Huawei]sysname AR [AR]interface GigabitEthernet 0/0/0 [AR-GigabitEthernet0/0/0]ip address 192.168.200.253 24 [AR-GigabitEthernet0/0/0]quit # 添加指向业务VLAN的静态路由 [AR]ip route-static 192.168.10.0 255.255.255.0 192.168.200.254 [AR]ip route-static 192.168.20.0 255.255.255.0 192.168.200.254 [AR]quit ARsave2.2 交换机(LSW1)配置关键操作分为三个部分VLAN与接口配置Huaweisystem-view [Huawei]sysname SW [SW]vlan batch 10 20 100 200 # 配置各VLAN接口IP [SW]interface Vlanif 10 [SW-Vlanif10]ip address 192.168.10.254 24 [SW-Vlanif10]quit [SW]interface Vlanif 20 [SW-Vlanif20]ip address 192.168.20.254 24 [SW-Vlanif20]quit [SW]interface Vlanif 100 [SW-Vlanif100]ip address 192.168.100.254 24 [SW-Vlanif100]quit [SW]interface Vlanif 200 [SW-Vlanif200]ip address 192.168.200.254 24 [SW-Vlanif200]quit端口类型划分G0/0/1连接ACAccess模式属于VLAN100G0/0/2-3连接APTrunk模式允许VLAN10/20/100通过G0/0/4连接路由器Access模式属于VLAN200# 连接AC的端口配置 [SW]interface GigabitEthernet 0/0/1 [SW-GigabitEthernet0/0/1]port link-type access [SW-GigabitEthernet0/0/1]port default vlan 100 [SW-GigabitEthernet0/0/1]quit # 连接AP1的Trunk端口 [SW]interface GigabitEthernet 0/0/2 [SW-GigabitEthernet0/0/2]port link-type trunk [SW-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 100 [SW-GigabitEthernet0/0/2]port trunk pvid vlan 100 # 关键确保AP获取管理VLAN地址 [SW-GigabitEthernet0/0/2]quit # 连接AP2的Trunk端口 [SW]interface GigabitEthernet 0/0/3 [SW-GigabitEthernet0/0/3]port link-type trunk [SW-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 100 [SW-GigabitEthernet0/0/3]port trunk pvid vlan 100 [SW-GigabitEthernet0/0/3]quit # 连接路由器的上行端口 [SW]interface GigabitEthernet 0/0/4 [SW-GigabitEthernet0/0/4]port link-type access [SW-GigabitEthernet0/0/4]port default vlan 200 [SW-GigabitEthernet0/0/4]quit [SW]quit SWsave3. AC无线控制器配置3.1 基础网络参数AC6605system-view [AC6605]sysname AC [AC]vlan batch 10 20 100 # 连接交换机的端口配置 [AC]interface GigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1]port link-type access [AC-GigabitEthernet0/0/1]port default vlan 100 [AC-GigabitEthernet0/0/1]quit3.2 DHCP服务配置采用全局地址池方式为不同VLAN分配IP启用DHCP服务[AC]dhcp enable配置管理VLAN地址池[AC]ip pool AP-pool [AC-ip-pool-AP-pool]network 192.168.100.0 mask 24 [AC-ip-pool-AP-pool]quit配置业务VLAN地址池# VLAN10地址池 [AC]ip pool vlan10-pool [AC-ip-pool-vlan10-pool]network 192.168.10.0 mask 24 [AC-ip-pool-vlan10-pool]gateway-list 192.168.10.254 [AC-ip-pool-vlan10-pool]quit # VLAN20地址池 [AC]ip pool vlan20-pool [AC-ip-pool-vlan20-pool]network 192.168.20.0 mask 24 [AC-ip-pool-vlan20-pool]gateway-list 192.168.20.254 [AC-ip-pool-vlan20-pool]quit接口启用DHCP# 管理VLAN接口 [AC]interface Vlanif 100 [AC-Vlanif100]ip address 192.168.100.253 24 [AC-Vlanif100]dhcp select global [AC-Vlanif100]quit # 业务VLAN接口虽为旁挂模式但仍需配置 [AC]interface Vlanif 10 [AC-Vlanif10]ip address 192.168.10.253 24 [AC-Vlanif10]dhcp select global [AC-Vlanif10]quit [AC]interface Vlanif 20 [AC-Vlanif20]ip address 192.168.20.253 24 [AC-Vlanif20]dhcp select global [AC-Vlanif20]quit3.3 AP上线配置采用免认证模式简化流程创建AP组[AC]wlan [AC-wlan-view]ap-group name lab09-AG [AC-wlan-ap-group-lab09-AG]quit配置国家码# 创建域模板 [AC-wlan-view]regulatory-domain-profile name lab09-domain [AC-wlan-regulate-domain-lab09-domain]country-code cn [AC-wlan-regulate-domain-lab09-domain]quit # 绑定到AP组 [AC-wlan-view]ap-group name lab09-AG [AC-wlan-ap-group-lab09-AG]regulatory-domain-profile lab09-domain [AC-wlan-ap-group-lab09-AG]quit关键CAPWAP配置# 指定源接口IP必须与管理VLAN接口一致 [AC]capwap source ip-address 192.168.100.253 # 设置免认证模式 [AC]wlan [AC-wlan-view]ap auth-mode no-auth4. 验证与排错4.1 状态检查命令查看AP上线状态display ap all正常应显示状态为nor(normal)检查域模板配置display regulatory-domain-profile all验证AP组绑定display ap-group name lab09-AG4.2 常见问题排查AP无法获取IP地址检查交换机Trunk端口的PVID配置验证DHCP地址池是否正确定义display ip pool name AP-poolCAPWAP隧道建立失败确认AC源接口IP配置正确检查管理VLAN的互通性ping 192.168.100.254业务VLAN不通验证交换机上VLAN是否允许通过检查路由器的静态路由配置display ip routing-table4.3 最终AP注册手动添加AP设备到控制器[AC-wlan-view]ap-id 0 [AC-wlan-ap-0]ap-name lab09-ap1 [AC-wlan-ap-0]ap-group lab09-AG [AC-wlan-ap-0]quit [AC-wlan-view]ap-id 1 [AC-wlan-ap-1]ap-name lab09-ap2 [AC-wlan-ap-1]ap-group lab09-AG [AC-wlan-ap-1]quit [AC-wlan-view]quit [AC]quit ACsave