前几个月博客记录了小型AC+AP上线,这次记录下大型AC+AP上线的过程,我会吧最近所学注解在代码中,方便自己或者别人查看。
本次实验结合了很多的综合知识,不论是DHCP select relay 获取地址的方式也好,还是改用ospf替代以前的静态路由,或者是改变ap的上线方式(以前是ap-mac上线,本次实验使用ap-sn上线)都是自己再一步步中学习,并结合在此次实验当中的。
当然,依然有许多不明朗的地方,其中之一就是AP调频我还不大明朗,我会以后不断回来修改,直至完全正确。
下面看下本次实验的拓补图:
本次实验大概流程简述:
AP1和AP2是用来规划HYDQ这个公司的employee无线网络,用来给内部员工上网使用,AP设备自身的管理地址是:vlan10,业务vlan是vlan11,12。
AP3和AP4是用来规划HYDQ这个公司的guest无线网络,用来给来访的客人使用,AP设备自身的管理地址是:vlan10,业务vlan是vlan13,14.
然后本次所有的地址池都在华为AR路由器上创建,统一分发给下面的AP。
值得注意的是,我是用命令display cur来将代码复制到这里的,我把无关代码都删除,其实在实际操作中稍微有点点不一样,因为有时候配置顺序不是正确的。
下面就请看详细的代码吧!
首先是ACCESS交换机。
ACCESS
sysname ACCESS
#
undo info-center enable //关闭信息提示
#
vlan batch 10//创建vlan10
#
interface GigabitEthernet0/0/1 //设置端口类型为trunk,设置PVID为10,禁止vlan1通过,AP所有都按此端口设置,设置PVID的目的是为了让交换机发送untag标签数据,从而被AP识别。
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/24 //设置此端口为trunk端口,但是不必设置pvid值,因为它和别的交换机相连
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
port-group manage-ap //为快速配置,创建了名为“manage-ap”的端口组,批量配置
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
#
CORE
[CORE]
#
sysname CORE
#
undo info-center enable
#
vlan batch 10 to 14 100 200
#
dhcp enable //开启DHCP服务
#
interface Vlanif10 //进入vlanif10
ip address 192.168.10.254 255.255.255.0//配置虚拟网关地址
dhcp select relay//选择获取IP地址的方式是,dhcp select relay (中继)
dhcp relay server-ip 192.168.100.1//选择提供中继的端口的IP地址
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.100.1
#
interface Vlanif12
ip address 192.168.12.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.100.1
#
interface Vlanif13
ip address 192.168.13.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.100.1
#
interface Vlanif14
ip address 192.168.14.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.100.1
#
interface Vlanif100 //设置vlanif100的虚拟网关IP地址
ip address 192.168.100.253 255.255.255.0
#
interface Vlanif200//设置vlanif200的虚拟网关IP地址
ip address 192.168.200.1 255.255.255.0
#
interface GigabitEthernet0/0/1 //进入G0/0/1端口,允许相关的vlan通过
port link-type trunk
port trunk pvid vlan 200
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 14 100 200
#
interface GigabitEthernet0/0/2 //进入G0/0/2端口,允许AP的vlan通过。
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/3
//进入G0/0/3端口,设置端口为trunk,设置PVID的目的是,方便路由器识别,题外话:AP和路由器还有我们的电脑都不能识别tag数据帧,所以我们要吧端口设置为ACCESS或者trunk端口(设置PVID值)
port link-type trunk
port trunk pvid vlan 100
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
#
ospf 1 router-id 2.2.2.2 //创建OSPF进程1.设置router ID是 2.2.2.2
area 0.0.0.0 //进入骨干区域0
network 192.168.100.0 0.0.0.255//宣告所有的接口地址,后面0.0.0.255是通配符,代表的是一个网段
network 192.168.200.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
network 192.168.14.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 162.168.100.1 //写一条默认路由,所有不能和路由条目匹配的都按此条路由表转发
#
Router
[Router]display current-configuration
#
sysname Router
#
undo info-center enable
#
dhcp enable //开启DHCP服务
#
ip pool vlan10 //创建名为“vlan10”的地址池
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.200.254 //三层漫游时,主动指向AC所在vlan的接口地址,暂时不是很清楚,先这样打。
#
//正常创建地址池,设置网关地址
//其中vlan11,12为employee提供IP地址,vlan13,14为guest提供IP地址
ip pool vlan11
gateway-list 192.168.11.254
network 192.168.11.0 mask 255.255.255.0
#
ip pool vlan12
gateway-list 192.168.12.254
network 192.168.12.0 mask 255.255.255.0
#
ip pool vlan13
gateway-list 192.168.13.254
network 192.168.13.0 mask 255.255.255.0
#
ip pool vlan14
gateway-list 192.168.14.254
network 192.168.14.0 mask 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 192.168.100.1 255.255.255.0 //配置G0/0/0的接口IP地址
dhcp select global//此条命令一定要开启,不然无法获取IP地址
#
ospf 1 router-id 1.1.1.1 //创建OSPF进程1,routerID值为1.1.1.1
area 0.0.0.0 //进入骨干区域area0
network 192.168.100.0 0.0.0.255 //宣告192.168.100.0网段
#
AC
[AC]
sysname AC
#
vlan batch 10 to 14 100 200
#
vlan pool employee //创建vlan pool,名为“employee”。包含地址vlan11,12 为“employee”提供上网IP地址
vlan 11 to 12
vlan pool guest//创建vlan pool,名为“guest”。包含地址vlan13,14 为“guest”提供上网IP地址
vlan 13 to 14
#
interface Vlanif200 //配置vlanif200的虚拟网关地址
ip address 192.168.200.254 255.255.255.0
#
interface GigabitEthernet0/0/1//进入G0/0/1,设置为trunk端口,允许相关vlan通过
port link-type trunk
port trunk pvid vlan 200
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 14 100 200
#
#
ospf 1 router-id 3.3.3.3 //创建ospf进程1 ,设置routerID值为3.3.3.3
area 0.0.0.0//进入骨干区域area0
network 192.168.200.0 0.0.0.255 //宣告192.168.200.0网段
#
undo info-center enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.200.1//设置一条默认路由,指向192.168.200.1
#
capwap source interface vlanif200//设置AC的源接口地址时vlanif200
#
################################# WLAN #################################
//下面带********的区间里面全是在WLAN视图下配置的,也就是说,需要在system view 下敲WLAN进入WlAN视图
security-profile name guest //创建安全模板,名为“guest”
security wpa-wpa2 psk pass-phrase %^%#^t_aJJwrLDCXuVD&{N&#brLGQ>H<JATKOk+A':OB
%^%# aes//设置无线的密钥认证以及密码设置
security-profile name employee//创建安全模板,名为“employee”
security wpa-wpa2 psk pass-phrase %^%#V[<u74.l:Tn<'U(yA5z8"^e8WxU;GQ$,*pQ!cU:Z
%^%# aes//设置无线的密钥认证以及密码设置
ssid-profile name guest//设置SSID模板,名为“guest”
ssid HYDQ-GUEST //设置SSID为“HYDQ-GUEST”,这也是以后的WiFi名称
ssid-profile name employee//设置SSID模板,名为“employee”
ssid HYDQ-EMPLOYEE//设置SSID为“HYDQ-employee”
vap-profile name guest//创建VAP模板,名为“guest”
forward-mode tunnel //转发模式为隧道转发
service-vlan vlan-pool guest//服务vlan选择为vlan pool“guest”,内含vlan13,14,供2*254个可用地址
ssid-profile guest//引用“guest”ssid模板
security-profile guest//引用“guest”安全模板
#
vap-profile name employee
forward-mode tunnel
service-vlan vlan-pool employee
ssid-profile employee
security-profile employee
#
ap auth-mode sn-auth //设置ap上线认证方式是sn认证
#
ap-group name guest //创建ap漫游组“guest”
regulatory-domain-profile domain1 //引用模板“domain1”,domain里面是国家码CN
radio 0
vap-profile guest wlan 1
radio 1
vap-profile guest wlan 1
radio 2
vap-profile guest wlan 1
#
ap-group name employee
regulatory-domain-profile domain1
radio 0
vap-profile employee wlan 1
radio 1
vap-profile employee wlan 1
radio 2
vap-profile employee wlan 1
#
ap-id 0 type-id 37 ap-mac 00e0-fcfa-1af0 ap-sn 2102354483106A558666
ap-name employee
ap-group employee
#
ap-id 1 type-id 37 ap-mac 00e0-fca8-5500 ap-sn 210235448310EB534F1D
ap-name employee1
ap-group employee
#
ap-id 2 type-id 37 ap-mac 00e0-fca6-2950 ap-sn 2102354483104F29524F
ap-name guest
ap-group guest
#
ap-id 3 type-id 37 ap-mac 00e0-fc21-79e0 ap-sn 2102354483101024B93A
ap-name guest1
ap-group guest
################################### WLAN ###############################