WLAN小练习

                                                                 今日所用拓扑

1.配置trunk

SW1配置：

[hj-SW1]vlan bat 100 200 210
[hj-SW1]port-g g g0/0/2 to g 0/0/5
[hj-SW1-port-group]p l t
[hj-SW1-port-group]p  t a v a
[hj-SW1-port-group]q
[hj-SW1]int g 0/0/1
[hj-SW1-GigabitEthernet0/0/1]p l t
[hj-SW1-GigabitEthernet0/0/1]p t a v a

SW2配置：

[HX-SW2]vlan bat 100 200 210
[HX-SW2]int g0/0/2
[HX-SW2-GigabitEthernet0/0/2]p l t 
[HX-SW2-GigabitEthernet0/0/2]p t a v a
[HX-SW2-GigabitEthernet0/0/2]int g0/0/1
[HX-SW2-GigabitEthernet0/0/1]p l a
[HX-SW2-GigabitEthernet0/0/1]p d v 210
[HX-SW2-GigabitEthernet0/0/1]int g 0/0/10
[HX-SW2-GigabitEthernet0/0/10]p l a
[HX-SW2-GigabitEthernet0/0/10]p d v 200

2.配置DHCP、DHCP中继以及IP

SW2配置：

[HX-SW2-GigabitEthernet0/0/10]int v 100
[HX-SW2-Vlanif100]ip add 192.168.100.254 24
[HX-SW2-Vlanif100]int v 200
[HX-SW2-Vlanif200]ip add 192.168.200.254 24
[HX-SW2-Vlanif200]int v 210
[HX-SW2-Vlanif210]ip add 192.168.210.254 24

[HX-SW2-Vlanif210]q
[HX-SW2]dhcp en
[HX-SW2]int v 100
[HX-SW2-Vlanif100]dhcp select relay
[HX-SW2-Vlanif100]dhcp relay server-ip 192.168.210.1

R1配置：

[DHCP-R1]int g 0/0/0
[DHCP-R1-GigabitEthernet0/0/0]ip add 192.168.210.1 24
[DHCP-R1-GigabitEthernet0/0/0]q
[DHCP-R1]dhcp en
[DHCP-R1]dhcp server ping pa	
[DHCP-R1]dhcp server ping packet 2
[DHCP-R1]dhcp server ping timeout 100
[DHCP-R1]ip pool vlan100
Info: It's successful to create an IP address pool.
[DHCP-R1-ip-pool-vlan100]net 192.168.100.0 mask 24
[DHCP-R1-ip-pool-vlan100]dns 100.100.100.100
[DHCP-R1-ip-pool-vlan100]gate 192.168.100.254
[DHCP-R1-ip-pool-vlan100]option ?
  INTEGER<1-254>  Option code, except values 1, 3, 6, 15, 44, 46, 50, 51, 52,   
                  53, 54, 55, 57, 58, 59, 61, 82, 121 and 184.
[DHCP-R1-ip-pool-vlan100]option 43 ?
  ascii       The DHCP option's type is a ASCII string
  hex         The DHCP option's type is a hex string
  ip-address  The DHCP option's type is IP address 
  sub-option  Configure the DHCP sub-options
[DHCP-R1-ip-pool-vlan100]option 43 sub-option 1 ip-address 192.168.200.10
[DHCP-R1-ip-pool-vlan100]int g 0/0/0
[DHCP-R1-GigabitEthernet0/0/0]dhcp select global
[DHCP-R1-GigabitEthernet0/0/0]q
[DHCP-R1]ip route-static 0.0.0.0 0 192.168.210.254

这里发现AP设备均无法获取IP，开始抓包检测：

SW2的g0/0/2口抓包：

 SW2的g0/0/1口抓包：

发现AP设备发送的DHCP Discover报文并未通过SW2传递给R1，思考为什么中。。。。。。

！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！

AP设备发送的无标记DHCP Discover报文源ip地址为0.0.0.0，目标IP为255.255.255.255全区域泛洪经过SW1的trunk口时，会被检查，没有标记则会被标记上相应接口的pvid，到达SW1的g0/0/1口时仍会被检查，发现带着标记则看与g0/0/1口的pvid一不一致，因为SW1 的g0/0/1 to g0/0/5口的pvid均为1，所以g0/0/1口会将Discover报文的标记去掉发送到SW2的g0/0/2口，同理会被打上1的标签，由于SW2剩余在用接口所在vlan均不为1，故Discover报文在SW2的g0/0/2口终结。

解决方案：

SW1配置：

[hj-SW1]port-g g g0/0/2 to g0/0/5
[hj-SW1-port-group]port trunk pvid vlan 100

这样从SW1的g0/0/1接口出来的Discover报文就能携带100的标签进入SW2的vlanif 100口了

验证：查看AP设备

<Huawei>dis system-information 
System Information
===============================================
Serial Number            : 2102354483109D3DB204
System Time              : 2024-07-15 16:30:20
System Up time           : 31min 14sec
System Name              : Huawei
Country Code             : US
MAC Address              : 00:e0:fc:74:68:e0
Radio 0 MAC Address      : 00:00:00:00:00:00
Radio 1 MAC Address      : 00:00:00:00:00:10
IP Address               : 192.168.100.250
Subnet Mask              : 255.255.255.0
Default Gateway          : 192.168.100.254
IPv6 IP Address          : 
IPv6 Default Gateway     : 
Management VLAN ID(AP)   : 
IP MODE                  : dhcp
Slot Status              : Dual band(802.11b/g/n;802.11a/n/ac)
AP Type                  : AP6050DN
Board Type               : AP6050DN
Board Serial Number      : 2102354483109D3DB204
Board Bom Version        : 0
Boot Rom Version         : -
Software Version         : V200R007C10SPC300
Hardware Version         : H86D2TT1D502 VER.A
Telnet Access            : Enable
User Name                : admin
LED Switch               : ON
===============================================

3.AP与AC实现三层互通

AC配置：

[AC6605]vlan bat 100 200 210
[AC6605]int g0/0/10
[AC6605-GigabitEthernet0/0/10]p l a
[AC6605-GigabitEthernet0/0/10]p d v 200
[AC6605-GigabitEthernet0/0/10]int v 200
[AC6605-Vlanif200]ip add 192.168.200.10 24
[AC6605-Vlanif200]q
[AC6605]ip route-s 0.0.0.0 0 192.168.200.254

验证：

[AC6605]ping 192.168.100.251
  PING 192.168.100.251: 56  data bytes, press CTRL_C to break
    Reply from 192.168.100.251: bytes=56 Sequence=1 ttl=254 time=30 ms
    Reply from 192.168.100.251: bytes=56 Sequence=2 ttl=254 time=40 ms
    Reply from 192.168.100.251: bytes=56 Sequence=3 ttl=254 time=30 ms
    Reply from 192.168.100.251: bytes=56 Sequence=4 ttl=254 time=30 ms
    Reply from 192.168.100.251: bytes=56 Sequence=5 ttl=254 time=60 ms

  --- 192.168.100.251 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/38/60 ms

4.在AP与AC设备间建立CAPWAP隧道

AC配置：

[AC6605]capwap source interface vlan 200








#或者[AC6605]capwap source ip-address 192.168.200.10

5.AP接入

AC配置：
 

[AC6605]wlan
[AC6605-wlan-view]ap-id 1 ap-mac 00:e0:fc:74:68:e0
                                 ^
Error: Wrong parameter found at '^' position.
[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc74-68e0
[AC6605-wlan-ap-1]q
[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fc6c-3590
[AC6605-wlan-ap-2]q
[AC6605-wlan-view]ap-id 3 ap-mac 00e0-fc00-2010
[AC6605-wlan-ap-3]q
[AC6605-wlan-view]ap-id 4 ap-mac 00e0-fc5e-3700
[AC6605-wlan-ap-4]q

 验证：

[AC6605-wlan-regulate-domain-hhh]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [4]
--------------------------------------------------------------------------------
----------------------
ID   MAC            Name           Group   IP              Type            State
 STA Uptime
--------------------------------------------------------------------------------
----------------------
1    00e0-fc74-68e0 00e0-fc74-68e0 default 192.168.100.250 AP6050DN        nor  
 0   5M:31S
2    00e0-fc6c-3590 00e0-fc6c-3590 default 192.168.100.252 AP6050DN        nor  
 0   5M:14S
3    00e0-fc00-2010 00e0-fc00-2010 default 192.168.100.253 AP6050DN        nor  
 0   4M:3S
4    00e0-fc5e-3700 00e0-fc5e-3700 default 192.168.100.251 AP6050DN        nor  
 0   4M:6S
--------------------------------------------------------------------------------
----------------------
Total: 4

State列为nor即为正常

AP设备sysname已修改 即为正常

6.创建域管理模板

AC配置：

[AC6605-wlan-view]regulatory-domain-profile name hhh
[AC6605-wlan-regulate-domain-hhh]country-code cn

 验证：

<00e0-fc74-68e0>dis sys
System Information
===============================================
Serial Number            : 
System Time              : 2024-07-15 17:05:25
System Up time           : 1hour 6min 19sec
System Name              : 00e0-fc74-68e0
Country Code             : CN

7.创建AP组

AC配置：

[AC6605]wlan
[AC6605-wlan-view]ap-group name bangong
[AC6605-wlan-ap-group-bangong]regulatory-domain-profile xxx
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
Error: The binding profile does not exist.
[AC6605-wlan-ap-group-bangong]regulatory-domain-profile hhh
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-bangong]q
[AC6605-wlan-view]ap-group name xuexi
[AC6605-wlan-ap-group-xuexi]regulatory-domain-profile hhh
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6605-wlan-ap-group-xuexi]q

8.AP组中添加AP设备

AC配置：

[AC6605]wlan
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name bg1
[AC6605-wlan-ap-1]ap-group bangong
[AC6605-wlan-ap-1]q
[AC6605-wlan-view]ap-id 2 
[AC6605-wlan-ap-2]ap-name bg2
[AC6605-wlan-ap-2]ap-group bangong
[AC6605-wlan-ap-2]q
[AC6605-wlan-view]ap-id 3
[AC6605-wlan-ap-3]ap-name xx1
[AC6605-wlan-ap-3]ap-group xuexi
[AC6605-wlan-ap-3]q
[AC6605-wlan-view]ap-id 4
[AC6605-wlan-ap-4]ap-name xx2
[AC6605-wlan-ap-4]ap-group hhh
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.
Error: The AP group does not exist.
[AC6605-wlan-ap-4]ap-group xuexi
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y

验证：

[AC6605-wlan-ap-4]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
fault: fault           [2]
nor  : normal          [2]
--------------------------------------------------------------------------------
------------
ID   MAC            Name Group   IP              Type            State STA Uptim
e
--------------------------------------------------------------------------------
------------
1    00e0-fc74-68e0 bg1  bangong 192.168.100.250 AP6050DN        nor   0   36S
2    00e0-fc6c-3590 bg2  bangong 192.168.100.252 AP6050DN        nor   0   3S
3    00e0-fc00-2010 xx1  xuexi   -               AP6050DN        fault 0   -
4    00e0-fc5e-3700 xx2  xuexi   -               AP6050DN        fault 0   -
--------------------------------------------------------------------------------
------------
Total: 4

9.创建SSID模板，定义无线网名

AC配置：

[AC6605]wlan
[AC6605-wlan-view]ssid-profile name bangong
[AC6605-wlan-ssid-prof-bangong]ssid bangong
[AC6605-wlan-ssid-prof-bangong]q
[AC6605-wlan-view]ssid-pro name xuexi
[AC6605-wlan-ssid-prof-xuexi]ssid xuexi
[AC6605-wlan-ssid-prof-xuexi]

10.创建安全模板，预共享密钥、加密算法

AC配置：

[AC6605]wlan
[AC6605-wlan-view]security-profile name bangong
[AC6605-wlan-sec-prof-bangong]security ?
  open      Open system 
  wapi      WLAN authentication and privacy infrastructure 
  wep       Wired equivalent privacy 
  wpa       Wi-Fi protected access 
  wpa-wpa2  Wi-Fi protected access version 1&2 
  wpa2      Wi-Fi protected access version 2 
[AC6605-wlan-sec-prof-bangong]security wpa2 psk pass-phrase a12345678 ?
  aes       Advanced encryption standard
  aes-tkip  AES-TKIP 
  tkip      Temporal key integrity protocol 
[AC6605-wlan-sec-prof-bangong]security wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-bangong]q
[AC6605-wlan-view]security-profile name xuexi
[AC6605-wlan-sec-prof-xuexi]security wpa2 ?
  dot1x  802.1x authentication 
  psk    Pre-shared key 
[AC6605-wlan-sec-prof-xuexi]security wpa2 psk pass-phrase a12345678 aes

11.创建Vlan池-绑定多个Vlan：给STA用的Vlan

AC配置：

[AC6605]vlan pool bangong
[AC6605-vlan-pool-bangong]vlan 101 102
[AC6605-vlan-pool-bangong]q
[AC6605]vlan pool xuexi
[AC6605-vlan-pool-xuexi]vlan 103 104

12.创建VAP模板

AC配置：

[AC6605]wlan
[AC6605-wlan-view]vap-profile name bangong
[AC6605-wlan-vap-prof-bangong]ssid-profile bangong
[AC6605-wlan-vap-prof-bangong]security-profile bangong
[AC6605-wlan-vap-prof-bangong]service-vlan vlan-pool bangong
[AC6605-wlan-vap-prof-bangong]q
[AC6605-wlan-view]vap-profile name xuexi
[AC6605-wlan-vap-prof-xuexi]security-profile xuexi
[AC6605-wlan-vap-prof-xuexi]service-vlan vlan-pool xuexi
[AC6605-wlan-vap-prof-xuexi]ssid-profile xuexi

13.将VAP模板绑定到AP组，并配置无线频段

AC配置：

[AC6605]wlan
[AC6605-wlan-view]ap-group name bangong
[AC6605-wlan-ap-group-bangong]vap-profile bangong wlan ?
  INTEGER<1-16>  WLAN ID
[AC6605-wlan-ap-group-bangong]vap-profile bangong wlan 1 radio 0
[AC6605-wlan-ap-group-bangong]vap-profile bangong wlan 1 radio 1
[AC6605-wlan-ap-group-bangong]q
[AC6605-wlan-view]ap-group name xuexi
[AC6605-wlan-ap-group-xuexi]vap-profile xuexi wlan 1 radio 0
[AC6605-wlan-ap-group-xuexi]vap-profile xuexi wlan 1 radio 1

14.在核心交换机和汇聚交换机上添加新增的VLAN

SW1：

[hj-SW1]vlan bat 101 to 104

SW2：

[HX-SW2]vlan bat 101 to 104

15.DHCP中添加ip地址池：

R1配置：

ip pool v101
 gateway-list 192.168.101.254 
 network 192.168.101.0 mask 255.255.255.0 
 excluded-ip-address 192.168.101.250 192.168.101.253 
 dns-list 101.101.101.101 
#
return
[Huawei-ip-pool-v101]q
[Huawei]
[Huawei]ip pool v102
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-v102]
[Huawei-ip-pool-v102] gateway-list 192.168.102.254 
[Huawei-ip-pool-v102]
[Huawei-ip-pool-v102] network 192.168.102.0 mask 255.255.255.0 
[Huawei-ip-pool-v102]
[Huawei-ip-pool-v102] excluded-ip-address 192.168.102.250 192.168.102.253 
[Huawei-ip-pool-v102]
[Huawei-ip-pool-v102] dns-list 102.102.102.102 
[Huawei-ip-pool-v102]
[Huawei-ip-pool-v102]q
[Huawei]
[Huawei]ip pool v103
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-v103]
[Huawei-ip-pool-v103] gateway-list 192.168.103.254 
[Huawei-ip-pool-v103]
[Huawei-ip-pool-v103] network 192.168.103.0 mask 255.255.255.0 
[Huawei-ip-pool-v103]
[Huawei-ip-pool-v103] excluded-ip-address 192.168.103.250 192.168.103.253 
[Huawei-ip-pool-v103]
[Huawei-ip-pool-v103] dns-list 103.103.103.103 
[Huawei-ip-pool-v103]
[Huawei-ip-pool-v103]q
[Huawei]
[Huawei]
[Huawei]
[Huawei]ip pool v104
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-v104]
[Huawei-ip-pool-v104] gateway-list 192.168.104.254 
[Huawei-ip-pool-v104]
[Huawei-ip-pool-v104] network 192.168.104.0 mask 255.255.255.0 
[Huawei-ip-pool-v104]
[Huawei-ip-pool-v104] excluded-ip-address 192.168.104.250 192.168.104.253 
[Huawei-ip-pool-v104]
[Huawei-ip-pool-v104] dns-list 104.104.104.104 
[Huawei-ip-pool-v104]

16.增加中继

SW2配置：

[HX-SW2]int v 101
[HX-SW2-Vlanif101]ip add 192.168.101.254 24
[HX-SW2-Vlanif101]dhcp se re
[HX-SW2-Vlanif101]dhcp re server-ip 192.168.210.1
[HX-SW2-Vlanif101]dis this
#
interface Vlanif101
 ip address 192.168.101.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.210.1
#
return
[HX-SW2-Vlanif101]interface Vlanif102
[HX-SW2-Vlanif102] ip address 192.168.102.254 255.255.255.0
[HX-SW2-Vlanif102] dhcp select relay
[HX-SW2-Vlanif102] dhcp relay server-ip 192.168.210.1
[HX-SW2-Vlanif102]
[HX-SW2-Vlanif102]interface Vlanif103
[HX-SW2-Vlanif103] ip address 192.168.103.254 255.255.255.0
[HX-SW2-Vlanif103] dhcp select relay
[HX-SW2-Vlanif103] dhcp relay server-ip 192.168.210.1
[HX-SW2-Vlanif103]
[HX-SW2-Vlanif103]interface Vlanif104
[HX-SW2-Vlanif104] ip address 192.168.104.254 255.255.255.0
[HX-SW2-Vlanif104] dhcp select relay
[HX-SW2-Vlanif104] dhcp relay server-ip 192.168.210.1

17.接入STA

成功接入