拓扑图
Sw3
接口配置
Vlan batch 10 101 102
[sw3-zk-GigabitEthernet0/0/1]port link-type trunk
[sw3-zk-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 101 102
[sw3-zk-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[sw3-zk-GigabitEthernet0/0/1]
[sw3-zk-GigabitEthernet0/0/2]port link-type trunk
[sw3-zk-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 101 102
[sw3-zk-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[sw3-zk-GigabitEthernet0/0/2]
[sw3-zk-GigabitEthernet0/0/3]port link-type trunk
[sw3-zk-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 101 102
[sw3-zk-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[sw3-zk-GigabitEthernet0/0/3]
打标配置
[sw3-zk-GigabitEthernet0/0/1]port trunk pvid vlan 10
[sw3-zk-GigabitEthernet0/0/2]port trunk pvid vlan 10
Sw2
接口配置
[sw2-zk]vlan batch 10 101 102 100
[sw2-zk-GigabitEthernet0/0/1]di th
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
配置IP地址
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 10.1.10.1/24 up up
Vlanif100 10.1.100.2/24 up up
Vlanif101 10.1.101.1/24 up up
Vlanif102 10.1.102.1/24 down down
配置中继
[sw2-zk]dhcp enable
[sw2-zk-Vlanif10]dhcp select relay
[sw2-zk-Vlanif10]dhcp relay server-ip 10.1.100.1
分配地址
[sw2-zk-Vlanif101]dhcp select interface
[sw2-zk-Vlanif102]dhcp select interface
Ac1
配置接口
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
配置IP地址
[ac-zk-Vlanif100]ip ad
[ac-zk-Vlanif100]ip address 10.1.100.1 24
配置路由
[ac-zk]ip route-static 0.0.0.0 0 10.1.100.2
配置DHCP地址池
[ac-zk]dhcp enable
[ac-zk]ip pool zk
[ac-zk-ip-pool-zk]net
[ac-zk-ip-pool-zk]network 10.1.10.0 ma
[ac-zk-ip-pool-zk]network 10.1.10.0 mask 255.255.255.0
[ac-zk-ip-pool-zk]gateway-list 10.1.10.1
[ac-zk-ip-pool-zk]option 43 sub-option 3 ascii 10.1.100.1 //宣告AC地址给AP
[ac-zk-Vlanif100]dhcp select global //引用全局地址池
创建vlan池,并加入101 102
[ac-zk]vlan pool sta-pool
[ac-zk-vlan-pool-sta-pool]vlan 101 102
[ac-zk-vlan-pool-sta-pool]assignment hash //哈希随机分配
WLAN
创建AP组
[ac-zk-wlan-view]ap-group name ap-group1 //创建ap组1
[ac-zk-wlan-view]regulatory-domain-profile name default//设置域管理模块 叫default
[ac-zk-wlan-regulate-domain-default]country-code CN //设置国家代码
[ac-zk-wlan-view]ap-group name ap-group1
[ac-zk-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
//将域管理模块添加到AP组中
建立capwap隧道
[ac-zk]capwap source interface Vlanif 100 //在AC上通过vlanif100的地址和AP建立capwa隧道
AP认证
[ac-zk-wlan-view]ap auth-mode mac-auth //基于mac地址的认证模式
[ac-zk-wlan-view]ap-id 1 ap-mac 00e0-fc61-26d0 //选择AP1的mac地址
[ac-zk-wlan-view]ap-id 2 ap-mac 00e0-fc46-55e0 //选择AP2的mac地址
取名加入同一组中
[ac-zk-wlan-ap-1]ap-name ap1
[ac-zk-wlan-ap-2]ap-name ap2
[ac-zk-wlan-ap-1]ap-group ap-group1 //将AP加入组中
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[ac-zk-wlan-ap-1]ap-id 2
[ac-zk-wlan-ap-2]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
(此时还未上线)
配置安全模板
[ac-zk-wlan-view]security-profile name wlan-net //取名wlan-net
[ac-zk-wlan-sec-prof-wlan-nat]security wpa-wpa2 psk pass-phrase zk123456 aes //设置安全机制wpa-wpa2 和 认证方式psk 设置登录连接密码 ase代表加密
配置ssid (指连接账号的名称)
[ac-zk-wlan-view]ssid-profile name wlan-net //取名
[ac-zk-wlan-ssid-prof-wlan-nat]ssid wlan-net //取名
Info: This operation may take a few seconds, please wait.done.
设置vap模板
[ac-zk-wlan-view]vap-profile name wlan-net //取名
[ac-zk-wlan-vap-prof-wlan-net]forward-mode direct-forward //转发方式为直接转发
[ac-zk-wlan-vap-prof-wlan-net]service-vlan vlan-pool sta-pool
Info: This operation may take a few seconds, please wait.done.
[ac-zk-wlan-vap-prof-wlan-net]security-profile wlan-net
Info: This operation may take a few seconds, please wait.done. //关联安全模板
[ac-zk-wlan-vap-prof-wlan-net]ssid-profile wlan-net //关联ssid
Info: This operation may take a few seconds, please wait.done.
[ac-zk-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[ac-zk-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[ac-zk-wlan-ap-group-ap-group1]
//应用安全模板
--------------------------------------------配置完成
查看是否上线
抓包发现还是生成树
为加快收敛速度,在S3上设置边缘端口
[sw3-zk]int GigabitEthernet 0/0/1
[sw3-zk-GigabitEthernet0/0/1]stp edged-port enable
[sw3-zk-GigabitEthernet0/0/2]stp edged-port enable
并在AP1上 重启vlanif1和g0/0/0端口
[Huawei-Vlanif1]shutdown
[Huawei-Vlanif1]undo shutdown
[Huawei-Vlanif1]q
[Huawei]int g
[Huawei]int GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]shut
[Huawei-GigabitEthernet0/0/0]shutdown
===== CAPWAP LINK IS UP!!! =====
AP2上不做操作,对比收敛速度
可以发现AP1的端口还没重启完就已经收敛成功,而AP2还未成功
重新操作AP2
收敛成功
连接验证