WLAN实验拓扑+配置
1、拓扑图
2、需求:无线终端可以连接无线网络,实现数据互通
配置步骤:
一:部署AP上线
1:基础配置:让AP通过DHCP服务器获取IP地址
1)在汇聚交换机创建vlan 100,200,210.配置端口角色
2)在核心交换机创建vlan,配置端口角色
3)DHCP-R1配置DHCP功能,配置IP地址池
4)核心交换机SW2配置vlanif IP地址
5)核心交换机SW2配置DHCP中继
6)在汇聚交换机中修改g0/0/2 到 g0/0/5的pvid为vlan100
7)DHCP-R1配置去往中继的回程路由(默认路由)
2:在AC和AP之间部署CAPWAP隧道
1)在AC中创建vlan200,并且把g0/0/10加入vlan200,access
2)在AC中配置默认路由,实现AC和AP网络互通
3)在DHCP服务器中,配置DHCP option 43。。。让所有AP都了解AC管理器的Ip地址
4)在AC中配置capwap隧道---实现AC对AP的管理和控制
3:AP接入:在AC中,通过离线的方式,录入AP的mac地址或者SNAME
1)在AP上查询MAC地址,复制出来
2)离线部署,在AC中填写AP的mac地址,让AC知道AP的存在
二:AC无线控制器下发配置给AP
1)创建域管理末班-绑定国家码
2)创建AP组-绑定域管理模版
3)创建AP组-在AP组中添加物理AP设备
4)验证AP设备是否加入AP组
5)创建SSID模版-定义无线网名
6)创建安全模版,定义无线网安全策略,安全秘钥,加密方式
7)创建vlan10,绑定多个vlan(给STA:手机电脑用的vlan)
8)创建vap模版-绑定vlan10,绑定ssid模版,绑定安全模版
9)将vap模版下发个ap组中的物理ap设备
10)在汇聚交换机sw1中创建vlan101,102,103,104
11)在核心交换机sw2中创建 vlan 101,102,103,104
12)在dhcp服务器中创建IP地址池,101,102,103,104
13)在核心交换机sw2中配置vlanif的管理ip地址
14)在核心交换机sw2中配置dhcp中继
三:STA接入无线网络并且互联互通
四:WLAN业务数据转发
3、配置命令
第一步:AP上线
1、基础配置之让AP可以通过DHCP获取IP地址
1)汇聚交换机创建vlan, 配置端口角色
[hj-sw1]vlan batch 100 200 210
[hj-sw1]port-group group-member g0/0/1 to g0/0/5
[hj-sw1-port-group]port link-type trunk
[hj-sw1-port-group]port trunk allow-pass vlan all
2)核心交换机创建vlan, 配置vlanif虚接口IP地址,配置端口角色
[HX-SW2]vlan batch 100 200 210
[HX-SW2]int vlan 100
[HX-SW2-Vlanif100]ip add 192.168.100.254 24
[HX-SW2-Vlanif100]int vlan 200
[HX-SW2-Vlanif200]ip add 192.168.200.254 24
[HX-SW2-Vlanif200]int vlan 210
[HX-SW2-Vlanif210]ip add 192.168.210.254 24
[HX-SW2-Vlanif210]quit
[HX-SW2]int g0/0/2
[HX-SW2-G0/0/2]port link-type trunk
[HX-SW2-G0/0/2]port trunk allow-pass vlan all
[HX-SW2-G0/0/2]quit[HX-SW2]int g0/0/1
[HX-SW2-G0/0/1]port link-type access
[HX-SW2-G0/0/1]port default vlan 210
[HX-SW2-G0/0/1]quit
[HX-SW2]int g0/0/10
[HX-SW2-G0/0/10]port link-type acces
s[HX-SW2-G0/0/10]port default vlan 200
[HX-SW2-G0/0/10]quit
3)DHCP-R1配置DHCP功能,配置IP地址池
[DHCP-R1]dhcp enable
[DHCP-R1]ip pool vlan100
[DHCP-R1-ip-pool-vlan100]network 192.168.100.0 mask 24
[DHCP-R1-ip-pool-vlan100]gateway-list 192.168.100.254
[DHCP-R1-ip-pool-vlan100]dns-list 8.8.8.8
[DHCP-R1-ip-pool-vlan100]quit
[DHCP-R1]int g0/0/0
[DHCP-R1-G0/0/0]ip add 192.168.210.1 24
[DHCP-R1-G0/0/0]dhcp select global
4)核心交换机SW2配置DHCP中继
[HX-SW2]dhcp enable
[HX-SW2]int vlan 100
[HX-SW2-Vlanif100]dhcp select relay
[HX-SW2-Vlanif100]dhcp relay server-ip 192.168.210.1
5)DHCP-R1 配置去往中继的回程路由(默认路由)
[DHCP-R1]ip route-static 0.0.0.0 0.0.0.0 192.168.210.254
5)在hj-SW1中修改g0/0/2-g0/0/5的pvid为vlan100
[hj-sw1]port-group group-member g0/0/2 to g0/0/5
[hj-sw1-port-group]port trunk pvid vlan 100
备注:修改hj-sw1-g0/0/2 g0/0/3 g0/0/4 g0/0/5 接口的pvid改为vlan100的目的是:
让AP能够和核心交换机中的AP的网关地址(192.168.100.254-DHCP中继地址)能够通信
AP和DHCP中继能够互通后,AP发送的DHCP发现报文才能被中继设备转发给DHCP服务器
AP才可以获取到IP地址
备注:如果不修改hj-sw1-g0/0/2 g0/0/3 g0/0/4 g0/0/5 接口的pvid为vlan100的话,
AP发送的流量默认属于vlan1 是无法和vlanif100通信的
验证:验证AP是否能够获取IP地址
<Huawei>dis system-information //在AP中验证是否获取IP地址 System Information===============================================Serial Number : 21023544831070413239 :SN码System Name : Huawei :系统名字(华为的设备)Country Code : US :国家代码:US (美国)MAC Address : 00:e0:fc:80:62:20 :MAC地址Radio 0 MAC Address : 00:00:00:00:00:00 :射频信号频段 2.4GHzRadio 1 MAC Address : 00:00:00:00:00:10 : 射频信号频段 5GHz
IP Address : 192.168.100.252 :成功从dhcp 获取IP地址Subnet Mask : 255.255.255.0Default Gateway : 192.168.100.254
<Huawei>display ip int brief //查看vlanif 的接口IP地址
2、在AC和AP之间建立capwap隧道
1)在AC中创建vlan200 并且把g0/0/10加入vlan200, 改为access
[AC6605]vlan 200
[AC6605-vlan200]quit
[AC6605]int vlan 200
[AC6605-Vlanif200]ip add 192.168.200.10 24
[AC6605-Vlanif200]quit
[AC6605]int g0/0/10
[AC6605-G0/0/10]port link-type access
[AC6605-G0/0/10]port default vlan 200
2)在AC中配置默认路由,能够实现和AP互联互通
[AC6605]ip route-static 0.0.0.0 0.0.0.0 192.168.200.254
备注:让AC可以和不同网段的AP实现互联互通
3)在DHCP服务中配置dhcp option 43:让AP知道AC的管理地址
[DHCP-R1]ip pool vlan100
[DHCP-R1-ip-pool-vlan100]option 43 sub-option 1 ip-address 192.168.200.10
备注:修改完option 43后,记得重启一下所有的AP设备
备注:AC要统一管理几百台AP设备,AP和AC之间的协议报文-管理流量要实现交互
所以AP和AC要建立capwap 隧道, 所以AP必须知道AC的管理IP地址
但是AP不清楚AC的管理IP地址是多少,所以就要让DHCP服务器告诉所有的AP
为什么要选择DHCP服务器呢,因为每一台AP开机的时候,都要从DHCP哪里获取IP地址
DHCP怎么告诉AP,AC的管理IP地址呢?
利用dhcp报文中,option 43 字段,下发AC的管理IP地址,给AP
option 43 的编码方式,默认是3种 (option 43只针对IPv4地址)
1)ascll : ascll编码,优势:标点符号也可以编进去,可以连续写多个IP地址
2)hex: 16进制,要把IP地址改成16进制数,填写
3)ip-address :10进制,把IP地址填写进去
通过抓包:获取dhcp报文中option 43的值
01:04:c0:a8:c8:0a
备注: c0:a8:c8:0a 16进制数翻译为ipv4地址为 :192.168.200.10
4)在AC中配置capwap 隧道 --在AC和AP之间建立隧道
[AC6605] capwap source ip-address 192.168.200.10
备注:创建capwap 隧道,指定隧道的源地址为AC的管理IP:192.168.200.10=========================================
备注:可以定义源接口,也可以定义源IP地址 :两条命令
capwap source ip-address 192.168.200.10
capwap source interface vlanif 200=========================================
5)在AC中填写AP的MAC地址,让AC知道AP的存在
[AC6605]wlan[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fcb2-13f0
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcdd-4060
[AC6605-wlan-ap-2]quit
[AC6605-wlan-view]ap-id 3 ap-mac 00e0-fcd6-4110
[AC6605-wlan-ap-3]quit
[AC6605-wlan-view]ap-id 4 ap-mac 00e0-fc69-7790
验证:
1)AP和AC网络要互联互通
[AC6605]ping 192.168.200.254
[AC6605]ping 192.168.100.253
[AC6605]ping 192.168.100.252
[AC6605]ping 192.168.100.251
[AC6605]ping 192.168.100.250
[AC6605] dis ap all //AC上查看ap注册信息=========================================================================
排错方法:1.检查AP是否获取IP地址了2.检查AC能否ping通AP1 ---检查网络是否通3.检查option参数 ---去dhcp服务器中ip pool 100中检查 option 是否配置正确4.检查capwap隧道地址 --在AC中,检查capwap 隧道是否配置5.重启ap --等待3分钟,看是否上线,如果不上线,重启ap
[AC6605]dis ap allInfo: This operation may take a few seconds. Please wait for a moment.done.Total AP information:nor : normal [4]--------------------------------------------------------------------------------ID MAC Name Group IP Type State--------------------------------------------------------------------------------
1 00e0-fcb2-13f0 00e0-fcb2-13f0 default 192.168.100.253 AP6050DN nor 2 00e0-fcdd-4060 00e0-fcdd-4060 default 192.168.100.251 AP6050DN nor 3 00e0-fcd6-4110 00e0-fcd6-4110 default 192.168.100.250 AP6050DN nor 4 00e0-fc69-7790 00e0-fc69-7790 default 192.168.100.252 AP6050DN nor --------------------------------------------------------------------------------
3、AC下发配置给AP
1)创建域管理配置文件-绑定国家码 [AC6605]wlan[AC6605-wlan-view]regulatory-domain-profile name ntd2306
[AC6605-wlan-regulate-domain-ntd2306]country-code cn
[AC6605-wlan-regulate-domain-ntd2306]quit[AC6605-wlan-view]quit
2)创建AP组-绑定域管理配置文件
[AC6605]wlan[AC6605-wlan-view]ap-group name bangong
[AC6605-wlan-ap-group-bangong]regulatory-domain-profile ntd2306
[AC6605-wlan-ap-group-bangong]quit
[AC6605-wlan-view]ap-group name xuexi
[AC6605-wlan-ap-group-xuexi]regulatory-domain-profile ntd2306
[AC6605-wlan-ap-group-xuexi]quit[AC6605-wlan-view]quit
3)创建AP组,在AP组里添加物理AP设备
[AC6605]wlan
[AC6605-wlan-view]ap-id 1 //配置ap 1
[AC6605-wlan-ap-1]ap-name bangong1 //给ap1 命名为 bangong1
[AC6605-wlan-ap-1]ap-group bangong //把ap1 加入bangong 组
[AC6605-wlan-ap-1]quit
[AC6605-wlan-view]ap-id 2 //配置ap 2
[AC6605-wlan-ap-2]ap-name bangong2 //给ap2 命名为 bangong2
[AC6605-wlan-ap-2]ap-group bangong //把ap2 加入bangong 组
[AC6605-wlan-ap-2]quit
[AC6605-wlan-view]ap-id 3 //配置ap 3
[AC6605-wlan-ap-3]ap-name xuexi1 //给ap3 命名为 xuexi1
[AC6605-wlan-ap-3]ap-group xuexi //把ap3 加入xuexi组[AC6605-wlan-ap-3]quit
[AC6605-wlan-view]ap-id 4 //配置ap 4
[AC6605-wlan-ap-4]ap-name xuexi2 //给ap4 命名为 xuexi2
[AC6605-wlan-ap-4]ap-group xuexi //把ap4 加入xuexi组
4)验证AP设备是否加入AP组
[AC6605] dis ap all
Total AP information:nor : normal [4]--------------------------------------------------------------------------------ID MAC Name Group IP Type State
ptime--------------------------------------------------------------------------------1 00e0-fcb2-13f0 bangong1 bangong 192.168.100.253 AP6050DN nor 2 00e0-fcdd-4060 bangong2 bangong 192.168.100.251 AP6050DN nor 3 00e0-fcd6-4110 xuexi1 xuexi 192.168.100.250 AP6050DN nor 4 00e0-fc69-7790 xuexi2 xuexi 192.168.100.252 AP6050DN nor --------------------------------------------------------------------------------
Total: 4
[AC6605] dis ap-group all --------------------------------------------------------------------------------Name APs--------------------------------------------------------------------------------
bangong 2default 0
xuexi 2--------------------------------------------------------------------------------Total: 3
5)创建SSID配置文件-定义无线网名
[AC6605]wlan
[AC6605-wlan-view]ssid-profile name bangong //创建ssid模版,命名为bangong[AC6605-wlan-ssid-prof-bangong]ssid bangong //定义ssid的名字(无线网名)
[AC6605-wlan-ssid-prof-bangong]quit
[AC6605-wlan-view]ssid-profile name xuexi //创建ssid模版,命名为xuexi
[AC6605-wlan-ssid-prof-xuexi]ssid xuexi //定义ssid的名字(无线网名)
4)创建安全配置文件-定义无线网安全策略 预共享密钥,加密方式 [AC6605]wlan[AC6605-wlan-view]security-profile name bangong //创建安全模版,命名为bangong
[AC6605-wlan-sec-prof-bangong]security wpa-wpa2 psk pass-phrase a12345678 aes
[AC6605-wlan-sec-prof-bangong]quit
[AC6605-wlan-view]security-profile name xuexi
[AC6605-wlan-sec-prof-xuexi]security wpa-wpa2 psk pass-phrase a12345678 aes
//定义安全策略,定义预共享密钥,定义加密方式
备注:
wpa-wap2 :是一种新的加密方式psk :预共享密钥
pass-phrase : 口令短语 a12345678 :设置的密钥值aes: 高级加密算法(美国国家标准加密算法)
6)在汇聚交换中创建vlan 101 102 103 104
[hj-SW1]vlan batch 101 102 103 104
8)在核心交换机中创建vlan 101 102 103 104
[HX-SW2]vlan batch 101 102 103 104
9)在核心交换机中创建
vlan 101 102 103 104
[DHCP-R1]ip pool vlan101
[DHCP-R1-ip-pool-vlan101]network 192.168.101.0 mask 24
[DHCP-R1-ip-pool-vlan101]gateway-list 192.168.101.254
[DHCP-R1-ip-pool-vlan101]dns-list 8.8.8.8
[DHCP-R1-ip-pool-vlan101]ip pool vlan102
[DHCP-R1-ip-pool-vlan102]network 192.168.102.0 mask 24
[DHCP-R1-ip-pool-vlan102]gateway-list 192.168.102.254
[DHCP-R1-ip-pool-vlan102]dns-list 8.8.8.8
[DHCP-R1-ip-pool-vlan102]ip pool vlan103
[DHCP-R1-ip-pool-vlan103]network 192.168.103.0 mask 24
[DHCP-R1-ip-pool-vlan103]gateway-list 192.168.103.254
[DHCP-R1-ip-pool-vlan103]dns-list 8.8.8.8
[DHCP-R1-ip-pool-vlan103]ip pool vlan104
[DHCP-R1-ip-pool-vlan104]network 192.168.104.0 mask 24
[DHCP-R1-ip-pool-vlan104]gateway-list 192.168.104.254
[DHCP-R1-ip-pool-vlan104]dns-list 8.8.8.8
10) 在核心交换机中,给vlanif101 102 103 104 配置IP地址并且做DHCP中继
[HX-SW2]int vlan 101
[HX-SW2-Vlanif101]ip add 192.168.101.254 24
[HX-SW2-Vlanif101]dhcp select relay
[HX-SW2-Vlanif101]dhcp relay server-ip 192.168.210.1
[HX-SW2-Vlanif101]int vlan 102
[HX-SW2-Vlanif102]ip add 192.168.102.254 24
[HX-SW2-Vlanif102]dhcp select relay
[HX-SW2-Vlanif102]dhcp relay server-ip 192.168.210.1
[HX-SW2-Vlanif102]int vlan 103
[HX-SW2-Vlanif103]ip add 192.168.103.254 24
[HX-SW2-Vlanif103]dhcp select relay
[HX-SW2-Vlanif103]dhcp relay server-ip 192.168.210.1
[HX-SW2-Vlanif103]int vlan 104
[HX-SW2-Vlanif104]ip add 192.168.104.254 24
[HX-SW2-Vlanif104]dhcp select relay
[HX-SW2-Vlanif104]dhcp relay server-ip 192.168.210.1
11)在AC设备中,创建VLAN池-绑定多个VLAN: 给STA(电脑和手机)用的VLAN
[AC6605]vlan pool bangong //创建vlan池,命名为bangong[AC6605-vlan-pool-bangong]vlan 101 102 //将vlan 101 102 加入bangong池[AC6605-vlan-pool-bangong]quit[AC6605]vlan pool xuexi //创建vlan池,命名为xuexi[AC6605-vlan-pool-xuexi]vlan 103 104 //将vlan 103 104 加入xuexi池
12)创建VAP模板--绑定VLAN池子, 绑定SSID模板, 绑定安全模板 [AC6605]wlan[AC6605-wlan-view]vap-profile name bangong //创建vap模版,命名为bangong
[AC6605-wlan-vap-prof-bangong]ssid-profile bangong //绑定ssid模版[AC6605-wlan-vap-prof-bangong]security-profile bangong //绑定安全模版[AC6605-wlan-vap-prof-bangong]service-vlan vlan-pool bangong //绑定vlan池[AC6605-wlan-vap-prof-bangong]quit
[AC6605-wlan-view]vap-profile name xuexi //创建vap模版,命名为xuexi
[AC6605-wlan-vap-prof-xuexi]ssid-profile xuexi //绑定ssid模版[AC6605-wlan-vap-prof-xuexi]security-profile xuexi //绑定安全模版[AC6605-wlan-vap-prof-xuexi]service-vlan vlan-pool xuexi //绑定vlan池
13)将VAP配置文件绑定到AP组,把配置下发给AP组的物理设备 [AC6605]wlan[AC6605-wlan-view]ap-group name bangong //进入ap组[AC6605-wlan-ap-group-bangong]vap-profile bangong wlan 1 radio 0 [AC6605-wlan-ap-group-bangong]vap-profile bangong wlan 1 radio 1
[AC6605-wlan-ap-group-bangong]quit
[AC6605-wlan-view]ap-group name xuexi[AC6605-wlan-ap-group-xuexi]vap-profile xuexi wlan 1 radio 0
[AC6605-wlan-ap-group-xuexi]vap-profile xuexi wlan 1 radio 1
//在ap设备组里绑定vap模版,并且定义射频频段-指定AP组的射频频段: 2.4GHz 5.0GHz
4404
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
