拓扑配置AR# sysname ar1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#08bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 192.168.200.2 255.255.255.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 192.168.200.2 0.0.0.0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # returnACacsy Enter system view, return user view with CtrlZ. [ac]dis cu # sysname ac # set memory-usage threshold 0 # ssl renegotiation-rate 1 # vlan batch 10 20 100 200 # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name mac_authen_profile authentication-profile name portal_authen_profile authentication-profile name macportal_authen_profile # dhcp enable # diffserv domain default # radius-server template default # pki realm default rsa local-key-pair default enrollment self-signed # ike proposal default encryption-algorithm aes-256 dh group14 authentication-algorithm sha2-256 authentication-method pre-share integrity-algorithm hmac-sha2-256 prf hmac-sha2-256 # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # ip pool AP gateway-list 192.168.100.1 network 192.168.100.0 mask 255.255.255.0 dns-list 8.8.8.8 # ip pool gourp-1 gateway-list 192.168.10.254 network 192.168.10.0 mask 255.255.255.0 dns-list 8.8.8.8 # ip pool gourp-2 gateway-list 192.168.20.254 network 192.168.20.0 mask 255.255.255.0 dns-list 8.8.8.8 # aaa authentication-scheme default authentication-scheme radius authentication-mode radius authorization-scheme default accounting-scheme default domain default authentication-scheme radius radius-server default domain default_admin authentication-scheme default local-user admin password irreversible-cipher $1a$%j2O:%id#2$|!OR;_{J-*KocGs4* 3/1D#J!3*W3uE\NB|;_!$ local-user admin privilege level 15 local-user admin service-type http # interface Vlanif10 ip address 192.168.10.254 255.255.255.0 dhcp select global # interface Vlanif20 ip address 192.168.20.254 255.255.255.0 dhcp select global # interface Vlanif100 ip address 192.168.100.1 255.255.255.0 dhcp select global # interface Vlanif200 ip address 192.168.200.1 255.255.255.0 # interface MEth0/0/1 undo negotiation auto duplex half # interface GigabitEthernet0/0/1 port link-type access port default vlan 200 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 10 20 100 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 undo negotiation auto duplex half # interface GigabitEthernet0/0/22 undo negotiation auto duplex half # interface GigabitEthernet0/0/23 undo negotiation auto duplex half # interface GigabitEthernet0/0/24 undo negotiation auto duplex half # interface XGigabitEthernet0/0/1 # interface XGigabitEthernet0/0/2 # interface NULL0 # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 192.168.0.0 0.0.255.255 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # ssh server secure-algorithms cipher aes256_ctr aes128_ctr ssh server key-exchange dh_group14_sha1 ssh client secure-algorithms cipher aes256_ctr aes128_ctr ssh client secure-algorithms hmac sha2_256 ssh client key-exchange dh_group14_sha1 # capwap source interface vlanif100 # user-interface con 0 authentication-mode password user-interface vty 0 4 protocol inbound all user-interface vty 16 20 protocol inbound all # wlan traffic-profile name default security-profile name aa security wpa2 psk pass-phrase %^%#.A.iN[asCQ-rN,St2l{W8KY(0O9x27IXdL8^g;K%^%# aes security-profile name default security-profile name default-wds security-profile name default-mesh ssid-profile name 1 ssid openlab-1 ssid-profile name 2 [ac]LSWsw1 sw1sy Enter system view, return user view with CtrlZ. [sw1]dis cu # sysname sw1 # vlan batch 10 20 100 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 100 # interface GigabitEthernet0/0/2 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 10 100 # interface GigabitEthernet0/0/3 port link-type trunk port trunk pvid vlan 100 Jun 28 2026 20:48:45-08:00 sw1 %%01PHY/1/PHY(l)[0]: GigabitEthernet0/0/4: cha nge status to up Jun 28 2026 20:55:31-08:00 sw1 %%01PHY/1/PHY(l)[1]: GigabitEthernet0/0/3: cha nge status to up Jun 28 2026 20:55:36-08:00 sw1 %%01PHY/1/PHY(l)[2]: GigabitEthernet0/0/2: cha nge status to up [sw1] User interface con0 is availableAP1,2,3Huaweisy Enter system view, return user view with CtrlZ. [Huawei]dis cu # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-2 3 00:00 2005 2005 # set memory-usage threshold 0 # ipv6 # arp learning strict # lldp enable # dns resolve # interface Vlanif1 ipv6 enable ip address 169.254.1.1 255.255.0.0 ipv6 address auto link-local ipv6 address auto global local-identifier default # interface Eth-Trunk0 port hybrid tagged vlan 2 to 4094 # interface GigabitEthernet0/0/0 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface GigabitEthernet0/0/1 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface NULL0 # sftp server enable stelnet server enable CAPWAP LINK IS UP!!! ssh server secure-algorithms cipher aes256_ctr aes128_ctr Info: You are advised to change the password to ensure security. Huawei CAPWAP LINK IS UP!!! Send wlan control Enter: mac :5489-98e4-4026 radio id :0 vap id :0 type :0 WUAM_AddStaInfoWithFrame pstStaInfo-pucAssocFrame 0xb674d950 pucStaAssocFrame 0xb674d950Info: You are advised to change the password to ensure security. Huawei CAPWAP LINK IS UP!!! Send wlan control Enter: mac :5489-98e4-4026 radio id :0 vap id :0 type :0 WUAM_AddStaInfoWithFrame pstStaInfo-pucAssocFrame 0xb66c6950 pucStaAssocFrame 0xb66c6950 Please check whether system data has been changed, and save data in time Configuration console time out, please press any key to log on Info: You are advised to change the password to ensure security. AP2 AP2SY Enter system view, return user view with CtrlZ. [AP2]DIS CU # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-2 3 00:00 2005 2005 # set memory-usage threshold 0 # ipv6 # vlan batch 10 # arp learning strict # lldp enable # dns resolve # interface Vlanif1 # interface Eth-Trunk0 port hybrid tagged vlan 2 to 4094 # interface GigabitEthernet0/0/0 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface GigabitEthernet0/0/1 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface NULL0 # sftp server enable stelnet server enable undo telnet server enable undo telnet ipv6 server enable ssh server secure-algorithms cipher aes256_ctr aes128_ctr ssh server secure-algorithms hmac sha2_256 ssh server key-exchange dh_group14_sha1 ssh client secure-algorithms cipher aes256_ctr aes128_ctr ssh client secure-algorithms hmac sha2_256 ssh client key-exchange dh_group14_sha1 # user-interface con 0 user-interface vty 0 4 user-interface vty 16 20 # interface Wlan-Radio0/0/0 # interface Wlan-Radio0/0/1 # return [AP2] [AP2]Info: You are advised to change the password to ensure security. Huaweisy Enter system view, return user view with CtrlZ. [Huawei]dis [Huawei]display cu # clock timezone Indian Standard Time minus 05:13:20 clock daylight-saving-time Day Light Saving Time repeating 12:32 9-1 12:32 11-2 3 00:00 2005 2005 # set memory-usage threshold 0 # ipv6 # arp learning strict # lldp enable # dns resolve # interface Vlanif1 ipv6 enable ip address 169.254.1.1 255.255.0.0 ipv6 address auto link-local ipv6 address auto global local-identifier default # interface Eth-Trunk0 port hybrid tagged vlan 2 to 4094 # interface GigabitEthernet0/0/0 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface GigabitEthernet0/0/1 port hybrid tagged vlan 2 to 4094 lldp dot3-tlv power 802.3at # interface NULL0 # sftp server enable stelnet server enable undo telnet server enable undo telnet ipv6 server enable ssh server secure-algorithms cipher aes256_ctr aes128_ctr ssh server secure-algorithms hmac sha2_256 ssh server key-exchange dh_group14_sha1 ssh client secure-algorithms cipher aes256_ctr aes128_ctr ssh client secure-algorithms hmac sha2_256 ssh client key-exchange dh_group14_sha1 # user-interface con 0 user-interface vty 0 4 user-interface vty 16 20 # interface Wlan-Radio0/0/0 # interface Wlan-Radio0/0/1 # return [Huawei] [Huawei] [Huawei] [Huawei] CAPWAP LINK IS UP!!! 结果