实验拓扑规划
AC与AP间处于三层组网,AC与交换机LSW1之间通过Eth-trunk接口连接,增加网络带宽,提高网络可靠性;核心交换机LSW1为AP和STA的网关,并且作为DHCP服务器为STA和AP分配IP地址;接入层交换机LSW2、LSW3只做二层透传;底层路由采用OSPF协议通信,AC配置默认路由。
内网设备数据规划
配置步骤
根据拓扑规划,各设备基础配置,包括设备命名、创建vlan、接口所属vlan、IP地址、配置路由,实现底层路由通信等等配置
配置核心层交换机LSW1作为DHCP服务器,分别为AP与STA分配IP地址
配置WLAN基本业务
配置VAP并下发配置
验证配置结果,无线用户能接入Internet
基础配置
配置交换机LSW2的接口G0/0/1、Ethernet0/0/1、0/0/2接口加入vlan100(管理vlan)和vlan101(业务vlan),Ethernet0/0/1、0/0/2接口直连AP需要配置PVID,并配置端口隔离以减少广播报文
LSW2
system-view
sysname LSW2
vlan batch 100 101
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 to 101
port-group group-member Ethernet 0/0/1 Ethernet 0/0/2
port link-type trunk
port trunk pvid vlan 100 #直连AP的接口需要配置PIVD
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 to 101
stp edged-port enable
port-isolate enable group 1 #配置端口隔离以减少广播报文
quit
配置交换机LSW3的接口G0/0/1、Ethernet0/0/1接口加入vlan200(管理vlan)和vlan201(业务vlan),Ethernet0/0/1接口直连AP需要配置PVID,并配置端口隔离以减少广播报文
LSW3
system-view
sysname LSW3
vlan batch 200 201
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200 to 201
#
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 200
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200 to 201
stp edged-port enable
port-isolate enable group 1
#
配置交换机LSW1的接口G0/0/1加入vlan100(管理vlan)和vlan101(业务vlan),接口G0/0/2加入vlan200(管理vlan)和vlan201(业务vlan),连接外部网络的接口G0/0/3划为access属于vlan10,G0/0/23和G0/0/24接口加入Eth-trunk10,Eth-trunk10加入vlan300。
LSW1
system-view
sysname LSW1
vlan batch 10 100 101 200 201 300
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200 to 201
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 300
undo port trunk allow-pass vlan 1
trunkport GigabitEthernet 0/0/23 0/0/24
AC
system-view
sysname AC
vlan 300
quit
interface Eth-Trunk10
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 300
trunkport GigabitEthernet 0/0/23 0/0/24
#
配置IP地址
配置vlan10用于与外网通信,配置vlan300,用于交换机LSW1与AC通信,配置vlan100、101、200、201作为管理vlan和业务vlan的网关
LSW1
interface Vlanif10
ip address 200.10.10.1 30
interface Vlanif100
ip address 172.16.100.1 24
#
interface Vlanif101
ip address 172.16.101.1 24
#
interface Vlanif200
ip address 172.16.200.1 24
interface Vlanif201
ip address 172.16.201.1 24
#
interface Vlanif300
ip address 172.16.30.1 24
#
配置vlan300与交换机LSW1通信
AC
interface Vlanif300
ip address 172.16.30.2 255.255.255.0
#
AR1
interface GigabitEthernet0/0/0
ip address 200.10.10.2 30
quit
配置LSW1为DHCP服务器
通过全局地址池分别为AP和ST分配IP地址
#option 43 sub-option 1 ip-address 172.16.30.2 //AC和AP处于三层组网,需要配置option43向AP通告AC的IP地址
LSW1
dhcp enable
#配置全局地址池为AP1和AP2分配IP地址
ip pool visit-ap1
gateway-list 172.16.100.1
network 172.16.100.0 mask 24
option 43 sub-option 1 ip-address 172.16.30.2
#
interface Vlanif100
dhcp select global
#配置全局地址池为AP3分配IP地址
ip pool visit-ap2
gateway-list 172.16.200.1
network 172.16.200.0 mask 24
option 43 sub-option 1 ip-address 172.16.30.2
#
interface Vlanif200
dhcp select global
#配置全局地址池为AP1、AP2下接入的STA分配IP地址
ip pool area1-sta
gateway-list 172.16.101.1
network 172.16.101.0 mask 24
#
interface Vlanif101
dhcp select global
#配置全局地址池为AP3下接入的STA分配IP地址
ip pool area2-sta
gateway-list 172.16.201.1
network 172.16.201.0 mask 24
interface Vlanif201
dhcp select global
#
配置路由
配置AC的默认路由指向LSW1
ip route-static 0.0.0.0 0.0.0.0 172.16.30.1
配置动态路由协议ospf
[LSW1-ospf-1]dis this
#
router id 11.1.1.1
ospf 1
area 0.0.0.0
network 172.16.101.0 0.0.0.255
network 172.16.201.0 0.0.0.255
network 200.10.10.1 0.0.0.0
AR1
router id 1.1.1.1
ospf 1
area 0.0.0.0
network 200.10.10.2 0.0.0.0
#
配置验证
ospf邻居建立成功,如下图所示:
配置AP上线
创建AP组,用于将相同配置的AP都加入同一个AP组中
创建名为ap-group1、ap-group2的AP组
[AC]wlan
[AC-wlan-view] ap-group name ap-group1
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view]
创建域管理模板(名称为domain1),在域管理模板下配置AC的国家码并在AP组(ap-group1、ap-group2)下引用域管理模板(domain1)
[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
Info: The current country code is same with the input country code.
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] ap-group name ap-group2
[AC-wlan-ap-group-ap-group2] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group2] quit
[AC-wlan-view] quit
配置AC的源接口
[AC]capwap source interface vlan 300
在AC上离线导入AP,通过该命令查看AP接口的MAC地址display interface GigabitEthernet 0/0/0
将部署的AP1、AP2都加入AP组ap-group1
AP1的ap-id设置为101,ap-name为ap-101、AP2的ap-id设置为102,ap-name为ap-102
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 101 ap-mac 00e0-fc9b-1120
[AC-wlan-ap-101] ap-name ap-101
[AC-wlan-ap-101] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-101] quit
[AC-wlan-view]
[AC-wlan-view] ap-id 102 ap-mac 00e0-fcfa-2810 2102354483102A24022C
[AC-wlan-ap-102] ap-name ap-102
[AC-wlan-ap-102] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-102] quit
[AC-wlan-view]
将部署的AP3都加入AP组ap-group2,AP3的ap-id设置为103,ap-name为ap-103
[AC-wlan-view] ap-id 103 ap-mac 00e0-fcef-4a80
[AC-wlan-ap-103] ap-name ap-103
[AC-wlan-ap-103] ap-group ap-group2
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-103] quit
[AC-wlan-view]
验证配置
查看所有已添加的AP信息,AP在AC上成功上线。
配置WLAN业务参数
创建RRM模板
创建名为rrm-profile1的RRM模板
信道的选择模式有自动模式和固定模式、这里采用固定模式。为用户提供一种更灵活的选择;
功率的模式也有自动模式和固定模式,这里关闭自动模式,采用固定模式,发射功率由用户指定。
[AC-wlan-view] rrm-profile name rrm-profile1创建名为rrm-profile1的RRM模板[AC-wlan-rrm-prof-rrm-profile1] calibrate auto-channel-select disable 配置射频的功率模式为固定模式[AC-wlan-rrm-prof-rrm-profile1] calibrate auto-txpower-select disable 关闭发送功率自动选择功能[AC-wlan-rrm-prof-rrm-profile1]quit
创建射频模板
创建名为radio-2g和radio-5g的射频模板,绑定RRM模板rrm-profile1。
[AC-wlan-view]radio-2g-profile name radio-2g
[AC-wlan-radio-2g-prof-radio-2g]rrm-profile rrm-profile1
[AC-wlan-radio-2g-prof-radio-2g]quit
[AC-wlan-view]radio-5g-profile name radio-5g
[AC-wlan-radio-5g-prof-radio-5g]rrm-profile rrm-profile1
[AC-wlan-radio-5g-prof-radio-5g]quit
[AC-wlan-view]
创建安全模板
创建名为security-profile1的安全模板,并配置安全策略,配置WAP-WAP2+PSK+AES的安全策略,密码是“admin123456”。
[AC-wlan-view]security-profile name security-profile1
[AC-wlan-sec-prof-security-profile1]security wpa-wpa2 psk pass-phrase admin123456 aes
[AC-wlan-sec-prof-security-profile1]quit
[AC-wlan-view]
创建SSID模板
创建名为ssid-profile1的SSID模板,并配置SSID名称为ssid1
[AC-wlan-view]ssid-profile name ssid-profile1
[AC-wlan-ssid-prof-ssid-rpofile1]ssid ssid1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-ssid-rpofile1]quit
[AC-wlan-view]
创建流量模板
配置名为“traffic-profile1”的流量模板,并配置无线用户二层隔离
[AC-wlan-view]traffic-profile name traffic-profile1
[AC-wlan-traffic-prof-traffic-profile1]user-isolate ?
all All
l2 Layer 2 users isolated
[AC-wlan-traffic-prof-traffic-profile1]user-isolate l2
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-traffic-prof-traffic-profile1]quit
[AC-wlan-view]
创建VAP模板
配置名为vap-profile1、vap-profile2的VAP模板,配置业务数据转发模式为直接转发、业务vlan。并引用安全模板、SSID模板、流量模板。
配置名为vap-profile1的VAP模板
[AC-wlan-view] vap-profile name vap-profile1
[AC-wlan-vap-prof-vap-profile1] forward-mode direct-forward
[AC-wlan-vap-prof-vap-profile1]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1] security-profile security-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1]ssid-profile ssid-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1]traffic-profile traffic-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1]quit
[AC-wlan-view]
配置名为vap-profile2的VAP模板
[AC-wlan-view]vap-profile name vap-profile2
[AC-wlan-vap-prof-vap-profile2]forward-mode direct-forward
[AC-wlan-vap-prof-vap-profile2]service-vlan vlan-id 201
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile2] security-profile security-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile2] ssid-profile ssid-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile2] traffic-profile traffic-profile1
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile2] quit
#
配置AP组引用VAP模板和射频模板
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile vap-profile1 wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]vap-profile vap-profile1 wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]radio-2g-profile radio-2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-ap-group1]radio-5g-profile radio-5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view]ap-group name ap-group2
[AC-wlan-ap-group-ap-group2]vap-profile vap-profile2 wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group2]vap-profile vap-profile2 wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group2]radio-2g-profile radio-2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-ap-group2]radio-5g-profile radio-5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-ap-group2] quit
配置VAP并下发
**channel 20mhz 1** //根据WLAN planner网规工具规划的结果配置信道
**eirp 10** //根据WLAN planner网规工具规划的结果配置功率
[AC-wlan-view]ap-id 101
[AC-wlan-ap-101]radio
[AC-wlan-radio-101/0]channel 20mhz 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-101/0]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-101/0]quit
[AC-wlan-ap-101]radio 1
[AC-wlan-radio-101/1]channel 20mhz 153
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-101/1]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-101/1]quit
[AC-wlan-ap-101] quit
[AC-wlan-view] ap-id 102
[AC-wlan-radio-102/0]channel 20mhz 6
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-102/0]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-102/0]quit
[AC-wlan-ap-102]radio 1
[AC-wlan-radio-102/1]channel 20mhz 161
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-102/1]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-102/1]quit
[AC-wlan-ap-102]quit
[AC-wlan-view]
[AC-wlan-view]ap-id 103
[AC-wlan-ap-103]radio 0
[AC-wlan-radio-103/0]channel 20mhz 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-103/0]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-103/0]quit
[AC-wlan-ap-103]radio 1
[AC-wlan-radio-103/1]channel 20mhz 153
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-radio-103/1]eirp 10
Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations.
[AC-wlan-radio-103/1]quit
[AC-wlan-ap-103]quit
[AC-wlan-view]
实验结果验证
STA输入密码,点击确定。
STA使用ipconfig命令查看获取的IP地址,使用ping命令测试与外网的连通,如下图所示:
无线用户STA能够分配到IP地址,且正常连接网络,能访问外网。
版权归原作者 pxwhfs 所有, 如有侵权,请联系我们删除。