3.8 无线网络的配置
3.8.1配置IP路由
图26 无线网络配置设备示意图
配置步骤:为LSW1的vlan2,4-8配置IP地址192.168.x.1, 为LSW2的vlan3-8配置IP地址192.168.x.2,为AC2配置管理vlan4,地址为192.168.4.100,为AC1配置管理vlan4,地址为192.168.4.200。
LSW1的配置:
interface Vlanif2
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif4
ip address 192.168.4.1 255.255.255.0
#
interface Vlanif6
ip address 192.168.6.1 255.255.255.0
#
interface Vlanif7
ip address 192.168.7.1 255.255.255.0
#
interface Vlanif8
ip address 192.168.8.1 255.255.255.0
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
LSW2的配置:
interface Vlanif3
ipv6 enable
ip address 192.168.3.1 255.255.255.0
ipv6 address 2003::1/64
ipv6 address FE80::1 link-local
ospfv3 1 area 0.0.0.0
#
interface Vlanif4
ip address 192.168.4.2 255.255.255.0
#
interface Vlanif5
ip address 192.168.5.1 255.255.255.0
#
interface Vlanif6
ip address 192.168.6.2 255.255.255.0
#
interface Vlanif7
ip address 192.168.7.2 255.255.255.0
dhcp select interface
#
interface Vlanif8
ip address 192.168.8.2 255.255.255.0
dhcp select interface
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.13.0 0.0.0.255
network 192.168.14.0 0.0.0.255
network 192.168.15.0 0.0.0.255
network 192.168.16.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.6.0 0.0.0.255
network 192.168.7.0 0.0.0.255
network 192.168.8.0 0.0.0.255
AC1的配置:
interface Vlanif4
ip address 192.168.4.100 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1
AC2的配置:
interface Vlanif4
ip address 192.168.4.200 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ip route-static 0.0.0.0 0.0.0.0 192.168.4.2
验证设备是否正确配置vlan和网关:
图27 LSW1vlan与网关配置情况图
图28 LSW2vlan与网关配置情况图
3.8.2为AP、AC部署DHCP
配置步骤:在LSW1 交换机上为AP部署DHCP,在LSW2 交换机为STA部署DHCP。
LSW1的配置:
interface Vlanif6
ip address 192.168.6.1 255.255.255.0
dhcp select interface
dhcp server option 43 sub-option 2 ip-address 192.168.4.100 192
LSW2的配置:
interface Vlanif7
ip address 192.168.7.2 255.255.255.0
dhcp select interface
#
interface Vlanif8
ip address 192.168.8.2 255.255.255.0
dhcp select interface
3.8.3 AP上线
图29 AP1,AP2拓扑图
配置步骤:在保证AP到DHCP服务器,AC到AP的网络互通的情况下,配置AC1,AC2的国家码为cn,然后AC1指定源ip地址为192.168.4.100,AC2指定源ip地址为192.168.4.200,建立jsb,xsb两个AP分组,并为其配置相应的MAC地址值。
AC1配置命令:
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain
[AC1-wlan-regulate-domain-domain]country-code cn
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1]capwap source ip-address 192.168.4.100
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 1 ap-mac 00E0-FC5A-0390
[AC1-wlan-ap-1]ap-name jsb
[AC1-wlan-ap-1]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC1]wlan
[AC1-wlan-view]ap-id 2 ap-mac 00E0-FC4D-3B00
[AC1-wlan-ap-2]ap-name xsb
[AC1-wlan-ap-2]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
(AC2上的AP上线的配置请参考AC1的配置过程,除源接口地址外其他配置参数和AC1一样)
3.8.4 检查AP是否成功上线
①成功获取IP地址
图30 AP成功获取IP地址示意图
②AP成功上线
图31 AP成功上线示意图
3.8.5 配置WLAN业务下发
配置步骤:在AC1上创建名称为employees和guest的两个SSID模板,并为employees模板配置wpa2的安全策略,创建名称为employees和guest的两个VAP模板,employeesVAP模板引用之前创建的employees安全模板,并配置业务vlan为vlan7,guestVAP模板引用之前创建的guest安全模板,并配置业务vlan为vlan8,最后将两个VAP模板绑定进AP。AC2配置步骤与AC1相同,不再赘述。
AC1配置命令:
[AC1-wlan-view]ssid-profile name employees
[AC1-wlan-ssid-prof-employees]ssid ZK-employess
[AC1-wlan-ssid-prof-employees]q
[AC1-wlan-view]ssid-profile name guest
[AC1-wlan-ssid-prof-guest]ssid ZK-guest
[AC1-wlan-view]security-profile name employees
[AC1-wlan-sec-prof-employees]security wpa2 psk pass-phrase zhongkai aes
Warning: The current password is too simple. For the sake of security, you are a
dvised to set a password containing at least two of the following: lowercase let
ters a to z, uppercase letters A to Z, digits, and special characters. Continue?
[Y/N]:y
[AC1-wlan-sec-prof-employees]q
[AC1-wlan-view]security-profile name guest
[AC1-wlan-sec-prof-guest]security open
[AC1-wlan-view]vap-profile name employees
[AC1-wlan-vap-prof-employees]ssid-profile employees
[AC1-wlan-vap-prof-employees]security-profile employees
[AC1-wlan-vap-prof-employees]service-vlan vlan-id 7
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-vap-prof-employees]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-view]vap-profile name guest
[AC1-wlan-vap-prof-guest]ssid-profile guest
[AC1-wlan-vap-prof-guest]security-profile guest
[AC1-wlan-vap-prof-guest]service-vlan vlan-id 8
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC1-wlan-vap-prof-guest]forward-mode direct-forward
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile employees wlan 1 radio all
[AC1-wlan-ap-group-ap-group1]vap-profile guest wlan 2 radio all
验证无线网络是否配置成功:
图32 wlan示意图
图33 主机通过wlan获取IP地址
3.8.6 部署双AC(双机热备)
配置步骤:在AC1上配置备份AC2的IP地址192.168.4.200,配置主AC1的优先级为0,开启AC1的双链路备份功能和全局回切功能,最后重启AP。在AC2上配置备份AC1的IP地址192.168.4.100,配置备份AC2的优先级为1,开启AC2的双链路备份功能和全局回切功能,最后重启AP。
配置命令:
AC1]wlan
[AC1-wlan-view]ac protect protect-ac 192.168.4.200 priority 0
Warning: Operation successful. It will take effect after AP reset.
[AC1-wlan-view]undo ac protect restore disable
[AC1-wlan-view]ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]:y
[AC1-wlan-view]ap-reset all
Warning: Reset AP(s), continue?[Y/N]:y
[AC2]wlan
[AC2-wlan-view]ac protect protect-ac 192.168.4.100 priority 1
Warning: Operation successful. It will take effect after AP reset.
[AC2-wlan-view]undo ac protect restore disable
[AC2-wlan-view]ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]:y
[AC2-wlan-view]ap-reset all
Warning: Reset AP(s), continue?[Y/N]:y
验证AC双机热备是否部署成功:
图34 AC1双机热备示意图
图35 AC2双机热备示意图