一、前言
本实验是WLAN二层旁挂模式进行组网的实验;在本实验中,网络流量的传递直接经过交换机发往上层网络,不再经过AC。
通过该实验,可以学习WLAN二层组网的配置方式、理解旁挂式组网的优点,并掌握基本的WLAN业务配置方法。
二、实验拓扑
本次实验的实验拓扑如下:
三、配置思路
基本的二层旁挂式组网包括三步:
① 配置网络互通
② 配置AP上线
③ 配置WLAN业务
四、实验过程
(一)配置网络互通
Step1:二层网络互通配置
① LSW1的VLAN划分
[S1]vlan batch 10 20 30
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 30
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
② LSW2的VLAN划分
[S2]vlan batch 10 20
[S2]interface g0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]port trunk pvid vlan 10
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[S2-GigabitEthernet0/0/2]port trunk pvid vlan 10
[S2-GigabitEthernet0/0/2]int g 0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
③ AC的VLAN划分
[AC1]interface g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
Step2:三层网络互通
① LSW1的IP地址配置
[S1]interface Vlanif 20
[S1-Vlanif20]ip address 10.1.20.1 24
[S1-Vlanif20]int vlanif 30
[S1-Vlanif30]ip ad 10.1.30.2 24
② AC的IP地址配置
[AC1]vlan 10
[AC1]interface Vlanif 10
[AC1-Vlanif10]ip ad 10.1.10.1 24
③ R1的接口IP及路由配置
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 10.1.30.1 24
[R1-GigabitEthernet0/0/1]q
[R1]ip route-static 10.1.20.0 24 10.1.30.2
(二)配置AP上线
Step1:IP 地址池配置
① LSW1上使能DHCP并配置接口地址池
[S1]dhcp enable
[S1]interface Vlanif 20
[S1-Vlanif20]dhcp select interface
② AC上使能DHCP并配置接口地址池
[AC1]dhcp enable
[AC1]interface Vlanif 10
[AC1-Vlanif10]dhcp select interface
Step2:配置AC源接口地址并选择合适的AP认证方式使AP正常上线
① 配置AC源接口
[AC1]capwap source ip-address 10.1.10.1
② 在AC上创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name HUAWEI
③ 配置AP方式为不认证,并等待AP上线
[AC1]wlan
[AC1-wlan-view]ap auth-mode no-auth
④ 查询AP上线状态
[AC1]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
--------------------------------------------------------------------------------
------------------
ID MAC Name Group IP Type State STA
Uptime
--------------------------------------------------------------------------------
------------------
0 00e0-fc79-72f0 00e0-fc79-72f0 default 10.1.10.244 AP6050DN nor 0
20S
1 00e0-fc4a-2780 00e0-fc4a-2780 default 10.1.10.46 AP6050DN nor 0
13S
--------------------------------------------------------------------------------
------------------
Total: 2
注:该状态显示两台AP均已上线
⑤ 将两台AP分别命名为AP1和AP2,并加入AP组
[AC1]wlan
[AC1-wlan-view]ap-group
[AC1-wlan-view]ap-id 0
[AC1-wlan-ap-0]ap-name AP1
[AC1-wlan-ap-0]ap-group HUAWEI
[AC1-wlan-ap-0]ap-id 1
[AC1-wlan-ap-1]ap-name AP2
[AC1-wlan-ap-1]ap-group HUAWEI
⑥ 查看配置是否生效
[AC1-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
fault: fault [2]
------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
------------------------------------------------------------------------------
0 00e0-fc79-72f0 AP1 HUAWEI - AP6050DN fault 0 -
1 00e0-fc4a-2780 AP2 HUAWEI - AP6050DN fault 0 -
------------------------------------------------------------------------------
Total: 2
⑦ 将AP认证方式切换为mac认证
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
注:这是为了前面配置了无需认证,但为了防止非法AP接入,所以需要将认证方式切换为MAC。
(三)配置WLAN业务
Step1:创建SSID模板SFN,并设置SSID为SFN
[AC1]wlan
[AC1-wlan-view]ssid-profile name SFN
[AC1-wlan-ssid-prof-SFN]ssid SFN
Step2:创建安全模板SFN,并设置密码
[AC1-wlan-view]security-profile name SFN
[AC1-wlan-sec-prof-SFN]security wpa-wpa2 psk pass-phrase a1234567 aes
Step3:创建VAP模板SFN,并绑定SSID和安全模板,设置业务VLAN和转发方式
[AC1-wlan-view]vap-profile name SFN
[AC1-wlan-vap-prof-SFN]security-profile SFN
[AC1-wlan-vap-prof-SFN]service-vlan vlan-id 20
[AC1-wlan-vap-prof-SFN]forward-mode direct-forward
Step4:创建域管理模板SFN,并设置国家码为CN
[AC1-wlan-view]regulatory-domain-profile name SFN
[AC1-wlan-regulate-domain-SFN]country-code CN
Step5:进入AP组,并绑定域管理模板和VAP模板
[AC1-wlan-view]ap-group name HUAWEI
[AC1-wlan-ap-group-HUAWEI]regulatory-domain-profile SFN
[AC1-wlan-ap-group-HUAWEI]vap-profile SFN wlan 1 radio all
五、结果验证
① ENSP界面
在AC配置完成后,ensp中AP显示变为了如下的图形界面,表示已经成功释放双频信号、
② 终端连接到AP后,检测其和R1的连通性
显示如下:
该效果表示,STA能够实现与R1的正常通信,连通性正常。