旁挂式三层无线无线局域网
一.扩扑图
二.基本配置
VLAN部署
在交换机以及AC上配置VLAN、Trunk
S1
vlan batch 10 100 101 102
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 101 to 102
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 101 to 102S2
vlan batch 10 101 102
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 101 to 102
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 101 to 102
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 101 to 102AC
vlan batch 100 to 102
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102IP地址部署
AC、R1上配置IP地址
S1
interface Vlanif10
ip address 10.23.10.1 255.255.255.0
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
#
interface Vlanif102
ip address 10.23.102.1 255.255.255.0在AC上配置VLANIF 100接口的IP地址
AC
interface Vlanif 100
ip address 10.23.100.2 24
q在R1上配置子接口G0/0/0.101、G0/0/0.102,分别加入VLAN 101和VLAN 102;创建LoopBack 10接口用于测试
R1
interface GigabitEthernet 0/0/0.101
dot1q termination vid 101
ip address 10.23.101.2 255.255.255.0
arp broadcast enable
quitinterface GigabitEthernet0/0/0.102
dot1q termination vid 102
ip address 10.23.102.2 255.255.255.0
arp broadcast enable
quitquit
interface LoopBack 10
ip address 10.10.10.10 24VLAN间路由部署
在AC、三层交换机、R1上配置OSPF,使得全网互通
S1,R1,AC
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
quit验证
display ip routing-table DHCP服务部署
在AC上部署DHCP服务,为AP和无线终端提供IP地址;在S1上配置DHCP代理
dhcp enable
ip pool huawei
network 10.23.10.0 mask 24
gateway-list 10.23.10.1
option 43 sub-option 3 ascii 10.23.100.2
在AC上创建3个全局地址池
地址池pool huawei为AP提供地址,这个地址池要设置option 43为AP指明AC的IP地址;
地址池pool vlan101为VLAN 101的STA提供地址;
地址池pool vlan102为VLAN 102的STA提供地址。
AC
dhcp enable
ip pool huawei
network 10.23.10.0 mask 24
gateway-list 10.23.10.1
option 43 sub-option 3 ascii 10.23.100.2
quitip pool vlan101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
dns-list 10.10.10.10
quitip pool vlan102
gateway-list 10.23.102.1
network 10.23.102.0 mask 255.255.255.0
dns-list 10.10.10.10
interface Vlanif 100
dhcp select global
quit在S1上配置DHCP中继,代理AC为AP、STA分配IP地址
S1
dhcp enable
interface Vlanif 10
dhcp select relay
dhcp relay server-ip 10.23.100.2
interface Vlanif 101
dhcp select relay
dhcp relay server-ip 10.23.100.2
interface Vlanif102
dhcp select relay
dhcp relay server-ip 10.23.100.2AC+AP旁挂式三层组网
创建AP组
用于将相同配置的AP都加入同一AP组中
AC
wlan
ap-group name ap-group
quit
regulatory-domain-profile name default
country-code cn
quitap-group name ap-group
regulatory-domain-profile default
quit
Y配置AC的源接口
capwap source interface Vlanif 100AP上线:配置AP认证方式,把AP加入组,AP上电,确认AP找到AC
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 00e0-fcd0-3860
ap-name ap1
ap-group ap-group
Y
quitap-id 1 ap-mac 00e0-fc6F-40c0
ap-name ap2
ap-group ap-group
Y
quit配置WLAN业务参数
配置安全模板、SSID模板、VAP模板
安全模板wlan-net
security-profile name wlan-net1
security wpa-wpa2 psk pass-phrase a1234567 aes
quit
ssid-profile name wlan-net
ssid wlan-net
quit业务数据转发模板,创建名为“wlan-net”的VAP模板
vap-profile name wlan-net
forward-mode tunnel
service-vlan vlan-id 101
ssid-profile wlan-net
security-profile wlan-net1安全模板wlan-net2
security-profile name wlan-net2
security wpa-wpa2 psk pass-phrase a1234567 aes
ssid-profile name tow
ssid tow
vap-profile name wlan-net2
forward-mode tunnel
service-vlan vlan-id 102
ssid-profile tow
security-profile wlan-net2AP组引用VAP模板,AP上射频0和射频1都同时使用VAP模板的配置
AC
ap-group name ap-group
vap-profile wlan-net wlan 1 radio 0
vap-profile wlan-net wlan 1 radio 1
vap-profile wlan-net2 wlan 2 radio 0
vap-profile wlan-net2 wlan 2 radio 1验证
VAP模板ap上线查询
display vap ssid wlan-net1ap上线查询
display ap all