配置旁挂三层组网隧道转发
1. 拓扑图:
2. 规划:
| 配置项 | 配置 |
|---|---|
| AP管理VLAN | vlan100&10 地址:vlan100:10.0.100.0//24,vlan10:10.0.10.0//24 |
| STA业务VLAN | vlan pool 地址:10.0.101.0//24&10.0.102.0//24 |
| DHCP服务器 | 汇聚交换机作为AP和STA的DHCP服务器 |
| AP的IP地址池 | 10.0.100.2~10.0.100.254/24 |
| STA的IP地址池 | 10.0.101.2~10.0.101.254/24&10.0.102.2~10.0.102.254/24 |
| AP组 | 名称:f100-ap &引用模板:VAP模板、域管理模板 |
| 域管理模板 | 名称:f100 &国家码:中国 |
| SSID模板 | 名称:f100-ssid &SSID名称:f100-ssid |
| 安全模板 | 名称:f100-security &安全策略:WPA-WPA2+PSK+AES &密码:a1234567 |
| VAP模板 | 名称:f100-vap &转发模式:直接转发 &业务vlan:vlan pool &引用模板:ssid模板,安全模板 |
3. 配置思路:
1.配置AP、AC和其他网络设备之间实现三层互通。
2.配置VLAN pool,用于作为业务VLAN。
3.配置AP上线:
a.创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
b.配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
c.配置AP上线的认证方式并离线导入AP,实现AP正常上线。
4.配置WLAN业务参数,实现STA访问WLAN网络功能。
4. 配置过程:
- 基础配置:
配置接入交换机SwitchA的GE0/0/1和GE0/0/2接口加入VLAN10,VLAN100、VLAN101和VLAN102,GE0/0/1的缺省VLAN为VLAN10.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 100 to 102
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 100 to 102
[SwitchA-GigabitEthernet0/0/2] quit
配置汇聚交换机SwitchB的接口GE0/0/1加入VLAN10,VLAN100、VLAN101和VLAN102,接口GE0/0/2加入VLAN10,VLAN100、VLAN101和VLAN102,并创建接口VLANIF100,地址为10.0.100.2/24.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 10 100 101 102
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 100 to 102
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 100 to 102
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 10.0.100.2 24
[SwitchB-Vlanif100] quit
配置AC的接口GE0/0/1加入VLAN10,VLAN100、VLAN101和VLAN102,并创建接口VLANIF100,并配置AC到AP的路由,下一跳为SwitchB的VLANIF100。
<AC6605> system-view
[AC6605] sysname AC
[AC] vlan 100
[AC-vlan100] quit
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.0.100.1 24
[AC-Vlanif100] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 100 to 102
[AC-GigabitEthernet0/0/1] quit
[AC] ip route-static 10.0.10.0 24 10.0.100.2 //对于AC来说是不知道10.0.10.0这个网段的
- 配置DHCP服务为AP和STA分配IP地址:
在SwitchB上配置DHCP服务,为AP和STA分配IP地址。
[SwitchB] dhcp enable
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ip address 10.0.10.1 24
[SwitchB-Vlanif10] dhcp select interface
[SwitchB-Vlanif10] dhcp server option 43 sub-option 1 ip-address 10.0.100.1 //利用option字段来携带AC与AP建立wapcap隧道AC的地址告诉AP
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] ip address 10.0.101.1 24
[SwitchB-Vlanif101] dhcp select interface
[SwitchB-Vlanif101] dhcp server dns-list 8.8.8.8
[SwitchB-Vlanif101] quit
[SwitchB] interface vlanif 102
[SwitchB-Vlanif102] ip address 10.0.102.1 24
[SwitchB-Vlanif102] dhcp select interface
[SwitchB-Vlanif102] dhcp server dns-list 8.8.8.8
[SwitchB-Vlanif102] quit
- 配置VLAN pool,用于作为业务VLAN :
在AC上新建VLAN pool,并将VLAN101和VLAN102加入其中,配置VLAN pool中的VLAN分配算法为“hash”。
[AC] vlan batch 101 102
[AC] vlan pool sta-pool
[AC-vlan-pool-sta-pool] vlan 101 102
[AC-vlan-pool-sta-pool] assignment hash //默认就是这个算法
[AC-vlan-pool-sta-pool] quit
- 配置AP上线 :
参考我的另一篇文章: 华为wlan配置直连二层组网直接转发.
注意这里的vap模板不一样了:
[AC-wlan-view] vap-profile name f100-vap
[AC-wlan-vap-prof-f100-vap] forward-mode tunnel
[AC-wlan-vap-prof-f100-vap] service-vlan vlan-pool sta-pool
[AC-wlan-vap-prof-f100-vap] security-profile f100-security
[AC-wlan-vap-prof-f100-vap] ssid-profile f100-ssid
[AC-wlan-vap-prof-f100-vap] quit
初来乍到,多多指教。
扫一扫
2698
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
