实验拓扑规划
AC与AP间处于三层组网,AC与交换机LSW1之间通过Eth-trunk接口连接,增加网络带宽,提高网络可靠性;核心交换机LSW1为AP和STA的网关,并且作为DHCP服务器为STA和AP分配IP地址;接入层交换机LSW2、LSW3只做二层透传;底层路由采用OSPF协议通信,AC配置默认路由。
![](https://img-blog.csdnimg.cn/2747a5b36d5f40fab031b03e4023be1c.png)
内网设备数据规划
![](https://img-blog.csdnimg.cn/671595c3d18d4c28b4a24dba5e86fcf0.png)
配置步骤
根据拓扑规划,各设备基础配置,包括设备命名、创建vlan、接口所属vlan、IP地址、配置路由,实现底层路由通信等等配置
配置核心层交换机LSW1作为DHCP服务器,分别为AP与STA分配IP地址
配置WLAN基本业务
配置VAP并下发配置
验证配置结果,无线用户能接入Internet
基础配置
配置交换机LSW2的接口G0/0/1、Ethernet0/0/1、0/0/2接口加入vlan100(管理vlan)和vlan101(业务vlan),Ethernet0/0/1、0/0/2接口直连AP需要配置PVID,并配置端口隔离以减少广播报文 LSW2 system-view sysname LSW2 vlan batch 100 101 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 # port-group group-member Ethernet 0/0/1 Ethernet 0/0/2 port link-type trunk port trunk pvid vlan 100 #直连AP的接口需要配置PIVD undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 stp edged-port enable port-isolate enable group 1 #配置端口隔离以减少广播报文 quit # 配置交换机LSW3的接口G0/0/1、Ethernet0/0/1接口加入vlan200(管理vlan)和vlan201(业务vlan),Ethernet0/0/1接口直连AP需要配置PVID,并配置端口隔离以减少广播报文 LSW3 system-view sysname LSW3 vlan batch 200 201 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 to 201 # interface Ethernet0/0/1 port link-type trunk port trunk pvid vlan 200 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 to 201 stp edged-port enable port-isolate enable group 1 # 配置交换机LSW1的接口G0/0/1加入vlan100(管理vlan)和vlan101(业务vlan),接口G0/0/2加入vlan200(管理vlan)和vlan201(业务vlan),连接外部网络的接口G0/0/3划为access属于vlan10,G0/0/23和G0/0/24接口加入Eth-trunk10,Eth-trunk10加入vlan300。 LSW1 system-view sysname LSW1 vlan batch 10 100 101 200 201 300 interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 to 201 # interface GigabitEthernet0/0/3 port link-type access port default vlan 10 # interface Eth-Trunk10 port link-type trunk port trunk allow-pass vlan 300 undo port trunk allow-pass vlan 1 trunkport GigabitEthernet 0/0/23 0/0/24 AC system-view sysname AC vlan 300 quit # interface Eth-Trunk10 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 300 trunkport GigabitEthernet 0/0/23 0/0/24 # |
配置IP地址
配置vlan10用于与外网通信,配置vlan300,用于交换机LSW1与AC通信,配置vlan100、101、200、201作为管理vlan和业务vlan的网关 LSW1 # interface Vlanif10 ip address 200.10.10.1 30 # interface Vlanif100 ip address 172.16.100.1 24 # interface Vlanif101 ip address 172.16.101.1 24 # interface Vlanif200 ip address 172.16.200.1 24 # interface Vlanif201 ip address 172.16.201.1 24 # interface Vlanif300 ip address 172.16.30.1 24 # 配置vlan300与交换机LSW1通信 AC interface Vlanif300 ip address 172.16.30.2 255.255.255.0 # AR1 interface GigabitEthernet0/0/0 ip address 200.10.10.2 30 quit |
配置LSW1为DHCP服务器
通过全局地址池分别为AP和ST分配IP地址
#option 43 sub-option 1 ip-address 172.16.30.2 //AC和AP处于三层组网,需要配置option43向AP通告AC的IP地址
LSW1 dhcp enable #配置全局地址池为AP1和AP2分配IP地址 ip pool visit-ap1 gateway-list 172.16.100.1 network 172.16.100.0 mask 24 option 43 sub-option 1 ip-address 172.16.30.2 # interface Vlanif100 dhcp select global #配置全局地址池为AP3分配IP地址 ip pool visit-ap2 gateway-list 172.16.200.1 network 172.16.200.0 mask 24 option 43 sub-option 1 ip-address 172.16.30.2 # interface Vlanif200 dhcp select global #配置全局地址池为AP1、AP2下接入的STA分配IP地址 ip pool area1-sta gateway-list 172.16.101.1 network 172.16.101.0 mask 24 # interface Vlanif101 dhcp select global #配置全局地址池为AP3下接入的STA分配IP地址 ip pool area2-sta gateway-list 172.16.201.1 network 172.16.201.0 mask 24 # interface Vlanif201 dhcp select global # |
配置路由
配置AC的默认路由指向LSW1
ip route-static 0.0.0.0 0.0.0.0 172.16.30.1 |
配置动态路由协议ospf
[LSW1-ospf-1]dis this # router id 11.1.1.1 ospf 1 area 0.0.0.0 network 172.16.101.0 0.0.0.255 network 172.16.201.0 0.0.0.255 network 200.10.10.1 0.0.0.0 AR1 router id 1.1.1.1 ospf 1 area 0.0.0.0 network 200.10.10.2 0.0.0.0 # |
配置验证
ospf邻居建立成功,如下图所示:
![](https://img-blog.csdnimg.cn/ba402358ef1749e7a05d7ec54f8a929f.png)
配置AP上线
创建AP组,用于将相同配置的AP都加入同一个AP组中
创建名为ap-group1、ap-group2的AP组
[AC]wlan [AC-wlan-view] ap-group name ap-group1 Info: This operation may take a few seconds. Please wait for a moment.done. [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view] ap-group name ap-group2 Info: This operation may take a few seconds. Please wait for a moment.done. [AC-wlan-ap-group-ap-group2] quit [AC-wlan-view] |
创建域管理模板(名称为domain1),在域管理模板下配置AC的国家码并在AP组(ap-group1、ap-group2)下引用域管理模板(domain1)
[AC-wlan-view] regulatory-domain-profile name domain1 [AC-wlan-regulate-domain-domain1] country-code cn Info: The current country code is same with the input country code. [AC-wlan-regulate-domain-domain1] quit [AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view] ap-group name ap-group2 [AC-wlan-ap-group-ap-group2] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain c onfigurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-group2] quit [AC-wlan-view] quit |
配置AC的源接口
[AC]capwap source interface vlan 300 |
在AC上离线导入AP,通过该命令查看AP接口的MAC地址display interface GigabitEthernet 0/0/0
将部署的AP1、AP2都加入AP组ap-group1 AP1的ap-id设置为101,ap-name为ap-101、AP2的ap-id设置为102,ap-name为ap-102 [AC]wlan [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 101 ap-mac 00e0-fc9b-1120 [AC-wlan-ap-101] ap-name ap-101 [AC-wlan-ap-101] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-101] quit [AC-wlan-view] [AC-wlan-view] ap-id 102 ap-mac 00e0-fcfa-2810 2102354483102A24022C [AC-wlan-ap-102] ap-name ap-102 [AC-wlan-ap-102] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-102] quit [AC-wlan-view] 将部署的AP3都加入AP组ap-group2,AP3的ap-id设置为103,ap-name为ap-103 [AC-wlan-view] ap-id 103 ap-mac 00e0-fcef-4a80 [AC-wlan-ap-103] ap-name ap-103 [AC-wlan-ap-103] ap-group ap-group2 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to c ontinue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-103] quit [AC-wlan-view] |
验证配置
查看所有已添加的AP信息,AP在AC上成功上线。
![](https://img-blog.csdnimg.cn/517b31f22527420485573296034f2028.png)
配置WLAN业务参数
创建RRM模板
创建名为rrm-profile1的RRM模板
信道的选择模式有自动模式和固定模式、这里采用固定模式。为用户提供一种更灵活的选择;
功率的模式也有自动模式和固定模式,这里关闭自动模式,采用固定模式,发射功率由用户指定。
[AC-wlan-view] rrm-profile name rrm-profile1 |
创建名为rrm-profile1的RRM模板 |
[AC-wlan-rrm-prof-rrm-profile1] calibrate auto-channel-select disable |
配置射频的功率模式为固定模式 |
[AC-wlan-rrm-prof-rrm-profile1] calibrate auto-txpower-select disable |
关闭发送功率自动选择功能 |
[AC-wlan-rrm-prof-rrm-profile1]quit |
|
创建射频模板
创建名为radio-2g和radio-5g的射频模板,绑定RRM模板rrm-profile1。
[AC-wlan-view]radio-2g-profile name radio-2g [AC-wlan-radio-2g-prof-radio-2g]rrm-profile rrm-profile1 [AC-wlan-radio-2g-prof-radio-2g]quit
[AC-wlan-view]radio-5g-profile name radio-5g [AC-wlan-radio-5g-prof-radio-5g]rrm-profile rrm-profile1 [AC-wlan-radio-5g-prof-radio-5g]quit [AC-wlan-view] |
创建安全模板
创建名为security-profile1的安全模板,并配置安全策略,配置WAP-WAP2+PSK+AES的安全策略,密码是“admin123456”。
[AC-wlan-view]security-profile name security-profile1 [AC-wlan-sec-prof-security-profile1]security wpa-wpa2 psk pass-phrase admin123456 aes [AC-wlan-sec-prof-security-profile1]quit [AC-wlan-view] |
创建SSID模板
创建名为ssid-profile1的SSID模板,并配置SSID名称为ssid1
[AC-wlan-view]ssid-profile name ssid-profile1 [AC-wlan-ssid-prof-ssid-rpofile1]ssid ssid1 Info: This operation may take a few seconds, please wait.done. [AC-wlan-ssid-prof-ssid-rpofile1]quit [AC-wlan-view] |
创建流量模板
配置名为“traffic-profile1”的流量模板,并配置无线用户二层隔离
[AC-wlan-view]traffic-profile name traffic-profile1 [AC-wlan-traffic-prof-traffic-profile1]user-isolate ? all All l2 Layer 2 users isolated [AC-wlan-traffic-prof-traffic-profile1]user-isolate l2 Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-traffic-prof-traffic-profile1]quit [AC-wlan-view] |
创建VAP模板
配置名为vap-profile1、vap-profile2的VAP模板,配置业务数据转发模式为直接转发、业务vlan。并引用安全模板、SSID模板、流量模板。
配置名为vap-profile1的VAP模板 [AC-wlan-view] vap-profile name vap-profile1 [AC-wlan-vap-prof-vap-profile1] forward-mode direct-forward [AC-wlan-vap-prof-vap-profile1]service-vlan vlan-id 101 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile1] security-profile security-profile1 Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1]ssid-profile ssid-profile1 Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-vap-profile1]traffic-profile traffic-profile1 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile1]quit [AC-wlan-view] 配置名为vap-profile2的VAP模板 [AC-wlan-view]vap-profile name vap-profile2 [AC-wlan-vap-prof-vap-profile2]forward-mode direct-forward
[AC-wlan-vap-prof-vap-profile2]service-vlan vlan-id 201 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile2] security-profile security-profile1 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile2] ssid-profile ssid-profile1 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile2] traffic-profile traffic-profile1 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-vap-profile2] quit # |
配置AP组引用VAP模板和射频模板
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile vap-profile1 wlan 1 radio 0 Info: This operation may take a few seconds, please wait...done. [AC-wlan-ap-group-ap-group1]vap-profile vap-profile1 wlan 1 radio 1 Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]radio-2g-profile radio-2g radio 0 Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-ap-group1]radio-5g-profile radio-5g radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group1] quit [AC-wlan-view]ap-group name ap-group2 [AC-wlan-ap-group-ap-group2]vap-profile vap-profile2 wlan 1 radio 0 Info: This operation may take a few seconds, please wait...done. [AC-wlan-ap-group-ap-group2]vap-profile vap-profile2 wlan 1 radio 1 Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group2]radio-2g-profile radio-2g radio 0 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group2]radio-5g-profile radio-5g radio 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-ap-group2] quit |
配置VAP并下发
channel 20mhz 1 //根据WLAN planner网规工具规划的结果配置信道
eirp 10 //根据WLAN planner网规工具规划的结果配置功率
[AC-wlan-view]ap-id 101 [AC-wlan-ap-101]radio [AC-wlan-radio-101/0]channel 20mhz 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-101/0]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-101/0]quit [AC-wlan-ap-101]radio 1 [AC-wlan-radio-101/1]channel 20mhz 153 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-101/1]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-101/1]quit [AC-wlan-ap-101] quit [AC-wlan-view] ap-id 102 [AC-wlan-radio-102/0]channel 20mhz 6 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-102/0]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-102/0]quit [AC-wlan-ap-102]radio 1 [AC-wlan-radio-102/1]channel 20mhz 161 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-102/1]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-102/1]quit [AC-wlan-ap-102]quit [AC-wlan-view] [AC-wlan-view]ap-id 103 [AC-wlan-ap-103]radio 0 [AC-wlan-radio-103/0]channel 20mhz 1 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-103/0]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-103/0]quit [AC-wlan-ap-103]radio 1 [AC-wlan-radio-103/1]channel 20mhz 153 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-radio-103/1]eirp 10 Info: The EIRP value takes effect only when automatic transmit power selection is disabled, and the value depends on the AP specifications and local laws and regulations. [AC-wlan-radio-103/1]quit [AC-wlan-ap-103]quit [AC-wlan-view] |
实验结果验证
STA输入密码,点击确定。
![](https://img-blog.csdnimg.cn/a6007d379b144c19922a7fcceff559cb.png)
STA使用ipconfig命令查看获取的IP地址,使用ping命令测试与外网的连通,如下图所示:
![](https://img-blog.csdnimg.cn/947365a82952457391a160dc3b976617.png)
![](https://img-blog.csdnimg.cn/0980842b5b3d435797ba3407ffbaff6c.png)
![](https://img-blog.csdnimg.cn/a23b0ac079b64d208d7d77e008278fe7.png)
![](https://img-blog.csdnimg.cn/90cdda2748e34dabb6cc2e9960584ac8.png)
![](https://img-blog.csdnimg.cn/afa0e89f077c4a8a8ce8dafb38747166.png)
无线用户STA能够分配到IP地址,且正常连接网络,能访问外网。
![](https://img-blog.csdnimg.cn/19fe5067b5af40bfb4c6edd01eeccada.png)
![](https://img-blog.csdnimg.cn/2221c65ab6c7421aae7ac6d2485a0ef5.png)