AC + AP 接入问题

# version 5.20, ESS 3703P61 # sysname H3C # clock timezone UTC add 00:00:00 # domain default enable system # dns proxy enable # telnet server enable # port-security enable # wlan auto-ap enable wlan auto-persistent enable # password-recovery enable # job wlan-economize view system time 1 repeating at 07:00 command execute flash:/enable-radio.bat time 2 repeating at 19:00 command execute flash:/disable-radio.bat # acl number 2000 rule 0 permit rule 5 permit source 192.168.8.0 0.0.1.255 # vlan 1 # vlan 8 # vlan 3000 # domain system access-limit disable state active idle-cut disable self-service-url disable # # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$YXIySxld24o1Ll82O8BW/HbIZbWeRU8GXpNmNA== authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 2 crypto ssid Test bind WLAN-ESS 1 cipher-suite tkip cipher-suite ccmp security-ie rsn service-template enable # wlan ap-group default_group ap pzb # interface Cellular1/0/1 async mode protocol link-protocol ppp # interface NULL0 # interface Vlan-interface1 # interface Vlan-interface8 ip address 192.168.9.254 255.255.254.0 # interface GigabitEthernet1/0/5 port link-mode route nat outbound 2000 ip address 192.168.2.254 255.255.255.0 dns server 192.168.1.1 # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/1 port link-mode bridge dhcp-snooping trust # interface GigabitEthernet1/0/2 port link-mode bridge dhcp-snooping trust # interface GigabitEthernet1/0/3 port link-mode bridge # interface GigabitEthernet1/0/4 port link-mode bridge port link-type trunk undo port trunk pvid vlan 1 port trunk permit vlan 8 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 untagged # interface WLAN-ESS1 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 8 untagged port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$+mDkmxAUTy5XnSBKQ68oixU9y6oKXaWRMOVud/0= # interface WLAN-ESS2 port link-type hybrid port hybrid vlan 1 untagged # wlan ap pzb model WA4320-ACN-SI id 10 serial-id 219801A0T78158E00543 radio 1 service-template 1 bind vlan-id 8 service-template 2 bind vlan-id 8 radio enable radio 2 service-template 1 bind vlan-id 8 service-template 2 bind vlan-id 8 radio enable # wlan ids attack-detection enable all # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default # dhcp-snooping # ip route-static 0.0.0.0 0.0.0.0 192.168.8.1 # undo info-center enable # snmp-agent snmp-agent local-engineid 800063A2033C8C406B4E01 snmp-agent community read gaohua-ac snmp-agent sys-info version all # dhcp enable # ntp-service refclock-master 2 # arp-snooping enable # wlan ap-authentication enable # load xml-configuration # user-interface con 0 user-interface tty 4 user-interface vty 0 4 authentication-mode scheme user privilege level 3 # return

按照官方文档配置的，https://www.h3c.com/cn/d_202108/1436691_30005_0.htm

删掉dhcp snooping ,AC上不需要开启这个，应该就可以了

晚点我试试，之前是由AC来分发地址，想改到交换机上，终端获取地址的时候，有一瞬间网关是AP的地址，而不是交换机的地址

试过，DHCP是正常的，AP都可以拿到DHCP的地址