1.新MAC 移动设备在AC注册后,其中的会保存在注册的AC中,包括VLAN ,分配IP信息,
2.在移动到AC互联的网络中,其中的移动设备IP 是不变化的,和当前的VLAN无关,只和移动设备注册时候的vlan有联系
3.漫游要到每个AC都需要设置。
mobility-group name manyou
member ip-address 10.0.10.10
member ip-address 10.0.20.10
4.
[AC2]disp mobility-group name manyou
--------------------------------------------------------------------------------
State IP address Description
--------------------------------------------------------------------------------
normal 10.0.10.10 -
normal 10.0.20.10 -
--------------------------------------------------------------------------------
Total: 2
拓扑图片如下
核心交换机代码
#
sysname sw1
#
undo info-center enable
#
vlan batch 10 20 100 to 101 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.0.10.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.0.10.10
dhcp server option 43 sub-option 3 ascii 10.0.10.10
#
interface Vlanif20
ip address 10.0.20.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.0.20.10
dhcp server option 43 sub-option 3 ascii 10.0.20.10
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 192.168.101.1 255.255.255.0
dhcp select interface
#
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
dhcp select interface
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 101
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20 200
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 101
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 20 200
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 100
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
AC1 无线控制器代码
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 10 100 to 101 200
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password a12345678 aes
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif10
ip address 10.0.10.10 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 10 100 to 101
undo negotiation auto
duplex half
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 10.0.10.1
#
capwap source ip-address 10.0.10.10
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name test
security wpa2 psk pass-phrase a12345678 aes
security-profile name default
security-profile name test100
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test1
vap-profile name default
vap-profile name test100
service-vlan vlan-id 100
ssid-profile test
security-profile test
home-agent ac
vap-profile name test101
service-vlan vlan-id 101
ssid-profile test
security-profile test
home-agent ac
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
mobility-group name manyou
member ip-address 10.0.10.10
member ip-address 10.0.20.10
ap-group name default
ap-group name test100
radio 0
vap-profile test100 wlan 1
radio 1
vap-profile test100 wlan 1
radio 2
vap-profile test100 wlan 1
ap-group name test101
radio 0
vap-profile test101 wlan 1
radio 1
vap-profile test101 wlan 1
radio 2
vap-profile test101 wlan 1
ap-id 0 type-id 45 ap-mac 00e0-fcab-2db0 ap-sn 210235448310D00BC763
ap-name test
ap-group test100
ap-id 1 type-id 45 ap-mac 00e0-fcd3-7ae0 ap-sn 21023544831042776561
ap-name test1
ap-group test101
ap-id 2 ap-mac 00e0-fcfc-06c0
ap-name test3
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return
AC2无线控制器代码
#
sysname AC2
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 20 100 to 101 200
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password a12345678 aes
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif20
ip address 10.0.20.10 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 20 200
undo negotiation auto
duplex half
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 10.0.20.1
#
capwap source ip-address 10.0.20.10
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name test
security wpa2 psk pass-phrase a12345678 aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test
forward-mode tunnel
service-vlan vlan-id 200
ssid-profile test
security-profile test
vap-profile name default
vap-profile name test200
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
mobility-group name manyou
member ip-address 10.0.10.10
member ip-address 10.0.20.10
ap-group name test
radio 0
vap-profile test wlan 1
radio 1
vap-profile test wlan 1
radio 2
vap-profile test wlan 1
ap-group name default
ap-id 0 type-id 45 ap-mac 00e0-fcfc-06c0 ap-sn 2102354483104808BE14
ap-name ap03
ap-group test
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return