配置思路:
无线AP 、5720、AC 三者二层打穿 同属于一个 vlan 3 AC是AP的DHCP服务器
业务网关在5720上 并且业务网段的dhcp也在5720上
vlan 87 不能访问内网只能上外网
5720配置:
- vlan batch 3 81 87
- #
- dhcp enable
- #
- ip pool vlan81
- gateway-list 172.22.81.254
- network 172.22.81.0 mask 255.255.255.0
- #
- ip pool vlan87
- gateway-list 172.22.87.254
- network 172.22.87.0 mask 255.255.255.0
- #
- interface Vlanif81
- ip address 172.22.81.254 255.255.255.0
- dhcp select global
- #
- interface Vlanif87
- ip address 172.22.87.254 255.255.255.0
- dhcp select global
- #
---------------------------------------限制vlan 87 访问内网-----------------------
- acl number 3000
- rule 5 permit ip source 172.22.81.0 0.0.0.255
- rule 10 deny ip source 172.22.87.0 0.0.0.255 destination 172.22.0.0 0.0.255.255
- rule 15 permit ip source 172.22.87.0 0.0.0.255
- #
- interface Vlanif1 #链接FW
- ip address 172.22.1.254 255.255.254.0
- #
- interface Vlanif3 # 链接WLAN
- ip address 172.22.3.254 255.255.254.0
- #
- interface GigabitEthernet0/0/1 # 链接WLAN
- port link-type access
- port default vlan 3
- #
- interface GigabitEthernet0/0/2# 链接WLAN
- port hybrid pvid vlan 3
- port hybrid tagged vlan 81 87
- port hybrid untagged vlan 3
- traffic-filter inbound acl 3000
- #
- #
- ip route-static 0.0.0.0 0.0.0.0 172.22.1.1 # 链接FW
AC配置 (web配置)
- interface Vlanif2
- ip address 192.168.136.2 255.255.255.0
- interface GigabitEthernet0/0/2
- port link-type access
- port default vlan 2
![v2-e63b36dfefcff681f02848b42efa50e9_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/72bb3c3cd7ab96b5f46a1a57c3987f5b.jpeg)
![v2-b7a49b01961ad55477f69afc94c8b555_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/a09f7bdc3b872dc518806b8cc9c18174.jpeg)
首先配置AC 接口、 vlanif、 dhcp、AC地址
![v2-dbccc7c74b13e75d003c12c5c3fb91f9_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/3f768a1304e69c1d27aa3a6581a69280.jpeg)
![v2-94b86667b38eaaf05338cf53d1e5b80d_b.png](https://i-blog.csdnimg.cn/blog_migrate/fcc01e27e33c680bcce81775d497b1a3.png)
![v2-c7e11b0d6091755ca97ba6660c6f74f0_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/6b7ee7c54b299a64c9ebd0454181854b.jpeg)
在配置ssid 和AP的信息
![v2-b90f5e004af5942b313eda59c94b1c7e_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/3a27e969863d9dbb0e223550614683a8.jpeg)
![v2-134aecc5b7f8ff36e81ea7d8cb7f676a_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/a5f563690039109f256c1a8b150fa98f.jpeg)
测试
![v2-7ac66610db06dc87ee03fdebf3a89528_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/829dedfb12f0e542d526004b7d451be4.jpeg)
![v2-9518207c4e03aaf2209ecdb136956515_b.jpg](https://i-blog.csdnimg.cn/blog_migrate/bcaf279e959c4093f06d96021fcb5ea6.jpeg)