案例:組建直連式二層無線局域網
配置以及參數數據
VLAN部署
在交換機以及AC上配置VLAN、Trunk。配置接入交換機S1的G0/0/1-3接口為Trunk接口,并且加入VLAN 100、VLAN 101。
G0/0/1、G0/0/2接口的默認VLAN為VLAN 100,當AP1、AP2加電啟動後會加入VLAN 100,VLAN 100是AP的管理VLAN。G0/0/3接口的默認VLAN保持為默認值VLAN 1
[S1]vlan batch 100 101
[S1]interface gigabitethernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101
配置AC的接口G0/0/1加入VLAN 100和VLAN 101,接口G0/0/2加入VLAN 101。
[AC]vlan batch 100 101
[AC]interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1]quit
[AC]interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2]port link-type trunk
[AC-GigabitEthernet0/0/2]port trunk allow-pass vlan 101
[AC-GigabitEthernet0/0/2]quit
IP地址部署AC、R1上配置IP地址。在AC上配置VLANIF 100接口、VLANIF 101接口的IP地址。在R1上配置VLAN 101子接口G0/0/0.101的IP地址;創建LoopBack 10接口用于測試,該接口地址也模拟為DNS服務器的地址。
[AC]interface vlanif 100
[AC-Vlanif100]ip address 10.23.100.1 24
[AC]interface vlanif 101
[AC-Vlanif101]ip address 10.23.101.1 24
[R1]interface GigabitEthernet0/0/0.101
[R1-GigabitEthernet0/0/0.101]dot1q termination vid 101
[R1-GigabitEthernet0/0/0.101]ip address 10.23.101.2 255.255.255.0
[R1-GigabitEthernet0/0/0.101]arp broadcast enable
[R1]interface LoopBack 10
[R1-LoopBack10]ip address 10.10.10.10 24
VLAN間路由部署VLAN間路由是由AC實現,AC、R1上配置合适的路由表,使得全網互通。
[AC]ip route-static 0.0.0.0 0.0.0.0 10.23.101.2
[R1]ip route-static 10.23.100.0 255.255.255.0 10.23.101.1
DHCP服務部署在AC上部署DHCP,為AP和無線終端提供IP地址。在AC上配置VLANIF 100接口為AP提供IP地址,配置VLANIF 101接口為無線終端(STA)提供IP地址。
[AC]dhcp enable
[AC]interface vlanif 100
[AC-Vlanif100]dhcp select interface
[AC-Vlanif100]quit
[AC]interface vlanif 101
[AC-Vlanif101]dhcp select interface
[AC-Vlanif101]dhcp server excluded-ip-address 10.23.101.2
[AC-Vlanif101]dhcp server dns-list 10.10.10.10[AC-Vlanif101]quit
創建AP組創建AP組,用于将相同配置的AP都加入同一AP組中。
[AC]wlan[AC-wlan-view]ap-group name ap-group1
創建域管理模闆,在域管理模闆下配置AC的國家碼,并在AP組下引用域管理模闆。
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn (國家代碼中國cn)
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile defaultWarning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
AP上線配置AC的源接口。
[AC]capwap source interface vlanif 100
在AC上離線導入AP1、AP2,AP的ID分别為0和1,并将AP加入AP組“ap-group1”中。假設AP1的MAC地址為ac85-3d92-3340、AP2的MAC地址為ac85-3d92-1b60,并且根據AP的部署位置為AP配置名稱,便于從名稱上就能夠了解AP的部署位置。例如,命名AP1為area_1、AP2為area_2。ap auth-mode用于配置AC對AP的認證模式,命令默認情況下為MAC認證,即通過MAC檢查AP是否合法。
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac ac85-3d92-3340
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0]quit
将AP上電後,當執行命令查看到AP的“State”字段為“nor”時,表示AP正常上線。AP正常能上線是整個WLAN組網的關鍵一步,如果AP沒有正常上線,請先仔細考慮有線網絡的VLAN、Trunk、VLAN路由、DHCP代理、DHCP服務器是否正确?
[AC-wlan-view]display ap allInfo: This operation may take a few seconds. Please wait for a moment.done.Total AP information:nor : normal [2]------------------------------------------------------------------------ID MAC Name Group IP Type State STA Uptime---------------------------------------------------------------------------------------------0 00e0-fc4f-3de0 area_1 ap-group1 10.23.100.239 AP5030DN nor 1 1H:10M:48S1 00e0-fc3e-2040 area_2 ap-group1 10.23.100.6 AP5030DN nor 1 1H:10M:39S-------------------------Total: 2
配置WLAN業務參數
創建名為“wlan-net”的安全模闆,并配置安全策略,這個安全策略就是STA連接WLAN時要使用的認證方式。例中配置的安全策略為WPA-WPA2 PSK AES,密碼為“a1234567”。
[AC-wlan-view]security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net]quit
創建名為“wlan-net”的ssid模闆,并配置SSID的名稱為“wlan-net”,SSID就是STA掃描到的無線網絡的名稱。
[AC-wlan-view]ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC-wlan-ssid-prof-wlan-net]quit
創建名為“wlan-net”的VAP模闆,配置業務數據轉發模式為直接轉發、業務VLAN為VLAN 101,并且引用安全模闆和SSID模闆。
[AC-wlan-view]vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net]forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net]service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net]security-pr
,更多精彩资讯请关注tft每日頭條,我们将持续为您更新最新资讯!