求WAC361+小贝AP操作手册（AP设置多个不同的SSID，每个SSID属于不同的网段）

现有WAC361一台+小贝AP20个，现在建了一个SSID：AP是和局域网同网段的192.168.0.1（可正常上网），又建了一个SSID：Office是196.168.4.0网段，现在Office网段无法上外网，也PING不通192.168.0.1网段。

下面是配置文件和网络拓扑图

 # version 5.20, ESS 3703P58 # sysname H3C # domain default enable system # dns proxy enable # telnet server enable # port-security enable # mac-address timer no-aging # wlan client learn-ipaddr enable # wlan auto-ap enable wlan auto-persistent enable # password-recovery enable # vlan 1 # vlan 4 # domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool 192.168.1.1 network 196.168.1.0 mask 255.255.255.0 gateway-list 196.168.1.100 dns-list 196.168.1.100 expired unlimited # dhcp server ip-pool office network 196.168.4.0 mask 255.255.255.0 gateway-list 196.168.4.1 dns-list 196.168.4.1 expired unlimited # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$/gPhoFOBfmEXpCDVBy2za+RP+8rkHSqA authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 crypto ssid YXZG bind WLAN-ESS 1 cipher-suite tkip security-ie rsn # wlan service-template 2 crypto description 1 ssid AP bind WLAN-ESS 0 cipher-suite tkip security-ie rsn service-template enable # wlan service-template 3 crypto ssid GLKB bind WLAN-ESS 2 cipher-suite tkip security-ie rsn # wlan service-template 4 crypto ssid Office bind WLAN-ESS 3 cipher-suite tkip security-ie rsn service-template enable # wlan ap-group default_group ap 1 ap 2 ap 3 ap 4 ap 5 ap 6 ap 7 ap 8 ap 9 ap 10 ap 11 ap 12 ap 13 ap 14 ap 15 ap 16 ap 17 ap 18 ap 19 ap 20 country-code CN dot11a service-template 2 dot11bg service-template 2 dot11a radio enable dot11bg radio enable # interface Cellular1/0/1 async mode protocol link-protocol ppp # interface NULL0 # interface Vlan-interface1 ip address 196.168.1.100 255.255.255.0 ip address 192.168.0.158 255.255.255.0 sub # interface Vlan-interface4 ip address 196.168.4.100 255.255.255.0 # interface GigabitEthernet1/0/5 port link-mode route # interface GigabitEthernet1/0/1 port link-mode bridge # interface GigabitEthernet1/0/2 port link-mode bridge # interface GigabitEthernet1/0/3 port link-mode bridge # interface GigabitEthernet1/0/4 port link-mode bridge # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 untagged port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$DHtLLjIo+hmhLAWVpWOioDh1/8c+u4RMBD7FxJg= # interface WLAN-ESS1 port link-type hybrid port hybrid vlan 1 untagged port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$IWm+C2T+JfBxyv6DtLkO556ORl1uMpHIeKLNiA== # interface WLAN-ESS2 port link-type hybrid port hybrid vlan 1 4 untagged port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$hhAF2LlqpgzSGtmwx4gT7oOVywPSggOH9G9abrU= # interface WLAN-ESS3 port link-type hybrid port hybrid vlan 1 4 untagged port hybrid pvid vlan 4 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$ZJYFnaovD+p4hbKdVU2gKD/ka+rIoV4jg8OnHDM= # wlan ap 1 model WAP712C id 8 serial-id 219801A0X59174G00711 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.1 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 10 model WAP712C id 10 serial-id 219801A0X59172G03928 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.10 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 11 model WAP712C id 9 serial-id 219801A0X59174G00989 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.11 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 12 model WAP712C id 6 serial-id 219801A0X59174G00510 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.12 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 13 model WAP712C id 1 serial-id 219801A0X59174G00759 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.13 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 14 model WAP712C id 5 serial-id 219801A0X59174G00412 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.14 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 15 model WAP712C id 3 serial-id 219801A0X59174G00534 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.15 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 16 model WAP712C id 19 serial-id 219801A0X59174G00606 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.16 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 17 model WAP712C id 18 serial-id 219801A0X59174G01003 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.17 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 18 model WAP712C id 14 serial-id 219801A0X59174G00763 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.18 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 19 model WAP712C id 4 serial-id 219801A0X59174G00600 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.19 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 2 model WAP712C id 17 serial-id 219801A0X59174G00732 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.2 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 20 model WAP712C id 7 serial-id 219801A0X59174G00643 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.20 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 3 model WAP712C id 11 serial-id 219801A0X59174G00740 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.3 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 4 model WAP712C id 13 serial-id 219801A0X59174G00746 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.4 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 5 model WAP712C id 12 serial-id 219801A0X59174G00777 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.5 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 6 model WAP712C id 20 serial-id 219801A0X59174G00697 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.6 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 7 model WAP712C id 15 serial-id 219801A0X59174G00708 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.7 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 8 model WAP712C id 16 serial-id 219801A0X59174G00665 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.8 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ap 9 model WAP712C id 2 serial-id 219801A0X59174G00670 provision dns server ip 196.168.1.100 vlan untagged 1 ip address 196.168.1.9 255.255.255.0 gateway ip 196.168.1.100 country-code CN radio 1 service-template 2 service-template 3 service-template 4 radio 2 service-template 2 service-template 3 service-template 4 radio enable # wlan ids whitelist mac-address 0005-cff5-8238 whitelist mac-address 0026-bbdc-9d87 whitelist mac-address 0028-f34d-e3ce whitelist mac-address 0039-c432-5ecb whitelist mac-address 0052-6402-43d7 whitelist mac-address 0053-9ea8-b5e2 whitelist mac-address 0054-7c06-c4ac whitelist mac-address 0057-47e9-5795 whitelist mac-address 0057-94c6-63f5 whitelist mac-address 005d-6ff5-b69d whitelist mac-address 0060-da16-bd29 whitelist mac-address 008a-dd2c-f842 whitelist mac-address 008e-f2da-d166 whitelist mac-address 0098-0201-d9ec whitelist mac-address 00a8-e44a-78d3 whitelist mac-address 00a9-3386-290d whitelist mac-address 00d9-f0db-02af whitelist mac-address 00db-8d8d-ccbb whitelist mac-address 00e7-fd87-43e9 whitelist mac-address 00f3-1fb4-c1e2 whitelist mac-address 146b-9c28-9594 whitelist mac-address 146b-9c28-a11c whitelist mac-address 2cfd-ab35-1b59 whitelist mac-address 2cfd-ab35-1b6a whitelist mac-address 2cfd-ab35-1c37 whitelist mac-address 2cfd-ab35-1ca3 whitelist mac-address 2cfd-ab35-1cce whitelist mac-address 30b4-9e9c-7534 whitelist mac-address 30b4-9e9c-75ca whitelist mac-address 30b4-9e9c-7c16 whitelist mac-address 30b4-9e9c-7cd9 whitelist mac-address 30b4-9e9c-7ce1 whitelist mac-address 30b4-9e9d-0cda whitelist mac-address 30b4-9e9d-0de4 whitelist mac-address 30b4-9e9d-0ea1 whitelist mac-address 30b4-9e9d-14b5 whitelist mac-address 30b4-9e9d-15e0 whitelist mac-address 30b4-9ea4-ce55 whitelist mac-address 30b4-9ea4-cf20 whitelist mac-address 30b4-9ea4-cfc4 whitelist mac-address 30b4-9ea4-cfc5 whitelist mac-address 30b4-9ea4-ebf0 whitelist mac-address 30b4-9ea4-eca5 whitelist mac-address 30b4-9ea4-ed98 whitelist mac-address 30b4-9ea4-edf0 whitelist mac-address 30b4-9eb5-dd68 whitelist mac-address 6002-b4e8-d415 whitelist mac-address 6002-b4e8-e72c whitelist mac-address 6067-2040-3faa whitelist mac-address 6c88-14c2-1274 whitelist mac-address 8c70-5a33-959c whitelist mac-address 9cb7-0d1f-cd0c whitelist mac-address a088-b417-dd48 whitelist mac-address a088-b493-e5b0 whitelist mac-address a44e-318c-c0cc whitelist mac-address a44e-31d7-2164 whitelist mac-address a8a7-957d-8dfb whitelist mac-address d0f8-8c79-3d40 whitelist mac-address d0f8-8c79-4ab3 whitelist mac-address d0f8-8c79-4b51 whitelist mac-address d0f8-8c79-902c whitelist mac-address d0f8-8c79-902d whitelist mac-address e09d-3103-7440 whitelist mac-address e446-dafa-7ebb # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default # ip route-static 0.0.0.0 0.0.0.0 192.168.0.1 ip route-static 0.0.0.0 0.0.0.0 192.168.0.0 ip route-static 0.0.0.0 255.255.255.0 192.168.0.0 ip route-static 192.168.0.0 255.255.255.0 192.168.0.1 ip route-static 192.168.0.0 255.255.255.0 196.168.1.0 ip route-static 192.168.0.0 255.255.255.0 196.168.4.0 # snmp-agent snmp-agent local-engineid 800063A20360DA837520A9 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all # dhcp enable # ntp-service refclock-master 2 # load xml-configuration # user-interface con 0 user-interface tty 4 user-interface vty 0 4 authentication-mode scheme user privilege level 3 # return