現在移動設備越來越多，筆記本、智能手機、平板電腦等等不單只是用於玩遊戲聊天，在工作中也是不可或缺的一員。

現在有個辦公區要求部署兩臺AP，通過AC集中管理和控制。AC為AP和STA動態分配IP地址。辦公區內所有用戶同屬於一個VLAN內，即AP1和AP2採用相同的VLAN。最重要的是用戶希望STA從AP1的無線信號覆蓋區域移動到AP2的無線信號覆蓋區域時業務不會中斷。就是我們所說的WIFI漫遊。是不是非常實用的技能，KB小網管今天要分享的就是這個帥氣的操作：

設備：AC+三層交換機+2個AP，還有1檯筆記本STA1

拓撲圖如下

注意事項：WIFI接入的業務VLAN不能跟AC和路由器的管理VLAN同一層，提高安全性。

一、配置Switch_A和AC，使AP與AC之間能夠傳輸CAPWAP報文

1、配置Switch_A的接口GE0/0/1～GE0/0/3都加入VLAN100（管理VLAN）。

system-view

[HUAWEI] sysname Switch_A

[Switch_A] vlan batch 100

[Switch_A] interface gigabitethernet 0/0/1

[Switch_A-GigabitEthernet0/0/1] port link-type trunk

[Switch_A-GigabitEthernet0/0/1] port trunk pvid vlan 100

[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100

[Switch_A-GigabitEthernet0/0/1] port-isolate enable

[Switch_A-GigabitEthernet0/0/1] quit

[Switch_A] interface gigabitethernet 0/0/2

[Switch_A-GigabitEthernet0/0/2] port link-type trunk

[Switch_A-GigabitEthernet0/0/2] port trunk pvid vlan 100

[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100

[Switch_A-GigabitEthernet0/0/2] port-isolate enable

[Switch_A-GigabitEthernet0/0/2] quit

[Switch_A] interface gigabitethernet 0/0/3

[Switch_A-GigabitEthernet0/0/3] port link-type trunk

[Switch_A-GigabitEthernet0/0/3] port trunk allow-pass vlan 100

[Switch_A-GigabitEthernet0/0/3] quit

2、配置AC連接Switch_A的接口GE0/0/1加入VLAN100。

system-view

[HUAWEI] sysname AC

[AC] vlan batch 100

[AC] interface gigabitethernet 0/0/1

[AC-GigabitEthernet0/0/1] port link-type trunk

[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100

[AC-GigabitEthernet0/0/1] quit

二、配置AC與上層網絡設備互通

1、配置AC上行接口GE0/0/3加入VLAN101。

[AC] vlan batch 101

[AC] interface gigabitethernet 0/0/3

[AC-GigabitEthernet0/0/3] port link-type trunk

[AC-GigabitEthernet0/0/3] port trunk allow-pass vlan 101

[AC-GigabitEthernet0/0/3] quit

三、配置AC作為DHCP服務器，為STA和AP分配IP地址

1、配置基於接口地址池的DHCP服務器，其中，VLANIF100接口為AP1和AP2提供IP地址，VLANIF101為STA提供IP地址。

[AC] dhcp enable

[AC] interface vlanif 100

[AC-Vlanif100] ip address 10.23.100.1 24

[AC-Vlanif100] dhcp select interface

[AC-Vlanif100] quit

[AC] interface vlanif 101

[AC-Vlanif101] ip address 10.23.101.1 24

[AC-Vlanif101] dhcp select interface

[AC-Vlanif101] quit

四、配置AP上線

1、創建AP組，用於將相同配置的AP都加入同一AP組中。

[AC] wlan

[AC-wlan-view] ap-group name ap-group1

[AC-wlan-ap-group-ap-group1] quit

2、創建域管理模板，在域管理模板下配置AC的國家碼並在AP組下引用域管理模板。

[AC-wlan-view] regulatory-domain-profile name domain1

[AC-wlan-regulate-domain-domain1] country-code cn

[AC-wlan-regulate-domain-domain1] quit

[AC-wlan-view] ap-group name ap-group1

[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1

Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y

[AC-wlan-ap-group-ap-group1] quit

[AC-wlan-view] quit

3、配置AC的源接口。

[AC] capwap source interface vlanif 100

4、在AC上離線導入AP，並將AP加入AP組“ap-group1”中。

[AC] wlan

[AC-wlan-view] ap auth-mode mac-auth

[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360

[AC-wlan-ap-0] ap-name area_1

Warning: This operation may cause AP reset. Continue? [Y/N]:y

[AC-wlan-ap-0] ap-group ap-group1

Warning: This operation may cause AP reset. If the country code changes, it will clear channel,power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

[AC-wlan-ap-0] quit

[AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640

[AC-wlan-ap-1] ap-name area_2

Warning: This operation may cause AP reset. Continue? [Y/N]:y

[AC-wlan-ap-1] ap-group ap-group1

Warning: This operation may cause AP reset. If the country code changes, it will clear channel,power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

[AC-wlan-ap-1] quit

五、配置WLAN業務參數

1、創建名為“wlan-security”的安全模板，並配置安全策略。

[AC-wlan-view] security-profile name wlan-security

[AC-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes

[AC-wlan-sec-prof-wlan-security] quit

2、創建名為“wlan-ssid”的SSID模板，並配置SSID名稱為“kbxiaowangguan”。

[AC-wlan-view] ssid-profile name wlan-ssid

[AC-wlan-ssid-prof-wlan-ssid] ssid kbxiaowangguan //SSID：kbxiaowangguan

[AC-wlan-ssid-prof-wlan-ssid] quit

3、創建名為“wlan-vap”的VAP模板，配置業務數據轉發模式、業務VLAN，並且引用安全模板和SSID模板。

[AC-wlan-view] vap-profile name wlan-vap

[AC-wlan-vap-prof-wlan-vap] forward-mode tunnel

[AC-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101

[AC-wlan-vap-prof-wlan-vap] security-profile wlan-security

[AC-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid

[AC-wlan-vap-prof-wlan-vap] quit

4、配置AP組引用VAP模板，AP上射頻0和射頻1都使用VAP模板“wlan-vap”的配置。

[AC-wlan-view] ap-group name ap-group1

[AC-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio all

[AC-wlan-ap-group-ap-group1] quit

六、配置AP射頻的信道和功率

1、關閉射頻的信道和功率自動調優功能。射頻的信道和功率自動調優功能默認開啟，如果不關閉此功能則會導致手動配置不生效。

[AC-wlan-view] rrm-profile name default

[AC-wlan-rrm-prof-default] calibrate auto-channel-select disable

[AC-wlan-rrm-prof-default] calibrate auto-txpower-select disable

[AC-wlan-rrm-prof-default] quit

2、配置AP射頻0的信道和功率。

[AC-wlan-view] ap-id 0

[AC-wlan-ap-0] radio 0

[AC-wlan-radio-0/0] channel 20mhz 6

Warning: This action may cause service interruption. Continue?[Y/N]y

[AC-wlan-radio-0/0] eirp 127

[AC-wlan-radio-0/0] quit

3、配置AP射頻1的信道和功率。

[AC-wlan-ap-0] radio 1

[AC-wlan-radio-0/1] channel 20mhz 149

Warning: This action may cause service interruption. Continue?[Y/N]y

[AC-wlan-radio-0/1] eirp 127

[AC-wlan-radio-0/1] quit

[AC-wlan-ap-0] quit

最後漫遊結果這樣就表示成功了。