华为AC+AP综合实验

最新推荐文章于 2025-03-29 19:48:46 发布

Crius。

最新推荐文章于 2025-03-29 19:48:46 发布

阅读量8.2k

点赞数 11

分类专栏： Network 文章标签：网络

本文链接：https://blog.csdn.net/weixin_43666331/article/details/106961331

版权

Network 专栏收录该内容

2 篇文章

订阅专栏

实验拓扑

在这里插入图片描述

配置思路

配置AC、AR及交换机规划vlan及实现三层互通。
配置AP与用户的DHCP，AP采用option43发现AC，设置内网路由，确保AC、AP通信。
配置AP上线：
1、创建AP组，AP1、AP2划进work_ap,AP3划进boss_ap;
2、创建域管理模板(国家码)，关联到相应的AP组中；
3、设置SSID模板、安全模板和VAP模板，进入AP组关联。
配置AR，通过NAT访问ISP，终端设备正常上网。

操作步骤

AR配置

#
acl number 2000   #配置ACL，匹配用户流量
 rule 1 permit source 192.168.30.0 0.0.0.255 
 rule 2 permit source 192.168.40.0 0.0.0.255 
#
interface Serial1/0/0                     
 link-protocol ppp                        
 ip address 10.12.1.1 255.255.255.0       
 nat outbound 2000  #接口NAT转换                      
# 
interface GigabitEthernet0/0/1            
 ip address 172.16.60.1 255.255.255.0     
 ospf enable 10 area 0.0.0.0  #接口使能OSPF进程           
#                                         
interface GigabitEthernet0/0/2            
 ip address 172.16.50.1 255.255.255.0     
 ospf enable 10 area 0.0.0.0              
# 
ospf 10 router-id 1.1.1.1                 
 default-route-advertise always   #下放默认路由进入OSPF        
 area 0.0.0.0                             
#                                         
ip route-static 0.0.0.0 0.0.0.0 10.12.1.2  #默认路由
#

SW配置

#
vlan batch 10 30 60  #批量创建vlan
#
ip pool work_pool   #给Work_AP1、Work_AP2分配地址
 gateway-list 172.16.10.254  #网关
 network 172.16.10.0 mask 255.255.255.0  #地址网段
 lease day 10 hour 0 minute 0  #租期10天
 option 43 sub-option 3 ascii 1.1.1.1  #option43发现AC方式
#
ip pool work_user   #给Work_AP1、Work_AP2用户分配地址
 gateway-list 192.168.30.254              
 network 192.168.30.0 mask 255.255.255.0  
 lease day 0 hour 8 minute 0              
 dns-list 114.114.114.114                 
#
interface Vlanif10
 ip address 172.16.10.254 255.255.255.0
 ospf enable 10 area 0.0.0.0
 dhcp select global  #使能接口全局地址池DHCP功能
#
interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
 ospf enable 10 area 0.0.0.0
 dhcp select global
#
interface Vlanif60
 ip address 172.16.60.2 255.255.255.0     
 ospf enable 10 area 0.0.0.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 60  #设置pvid给AR与SW之间通信
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 10  #设置pvid给让P获取地址
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 2 to 4094
#
ospf 10 router-id 3.3.3.3
 area 0.0.0.0
#

AC配置

#
vlan batch 20 40 50
#
ip pool boss_pool                       
 gateway-list 172.16.20.254               
 network 172.16.20.0 mask 255.255.255.0   
 lease day 10 hour 0 minute 0             
 option 43 sub-option 3 ascii 1.1.1.1     
#                                         
ip pool boss                              
 gateway-list 192.168.40.254              
 network 192.168.40.0 mask 255.255.255.0  
 lease day 0 hour 6 minute 0              
 dns-list 114.114.114.114                 
# 
interface Vlanif20                        
 ip address 172.16.20.254 255.255.255.0   
 ospf enable 10 area 0.0.0.0              
 dhcp select global                       
#                                         
interface Vlanif40                        
 ip address 192.168.40.254 255.255.255.0  
 ospf enable 10 area 0.0.0.0              
 dhcp select global                       
#                                         
interface Vlanif50                        
 ip address 172.16.50.2 255.255.255.0     
 ospf enable 10 area 0.0.0.0              
# 
interface GigabitEthernet0/0/1            
 port link-type access                    
 port default vlan 20                     
#                                         
interface GigabitEthernet0/0/2            
 port link-type trunk                     
 port trunk pvid vlan 50                  
 port trunk allow-pass vlan 2 to 4094     
# 
interface LoopBack0                       
 ip address 1.1.1.1 255.255.255.255       
 ospf enable 10 area 0.0.0.0              
#                                         
ospf 10 router-id 2.2.2.2                 
 area 0.0.0.0                             
# 
capwap source interface loopback0  #设置AC上隧道源地址为loopback       
# 
wlan   #AP上线配置
regulatory-domain-profile name huaweido  #创建域管理模板
ap-group name boss_ap
 regulatory-domain-profile huaweido
ap-group name work_ap  #创建AP组 
 regulatory-domain-profile huaweido #关联域管理模板到AP组中

[AC-wlan-view]dis ap unauthorized record  #查看自动发现AP信息
[AC-wlan-view]ap-confirm all  #确认所有AP上线
[AC-wlan-view]ap-id 0  #进入上线AP0
[AC-wlan-ap-0]ap-name xxxx  #设置该AP名字
[AC-wlan-ap-0]ap-group xxxx  #为该加入AP组
#display ap all  #查看AP信息

security-profile name bosssec #创建安全模板
  security wpa2 psk pass-phrase XXXXX aes #设置密码XXXXXX
security-profile name worksec
  security wpa2 psk pass-phrase XXXX aes
 
 ssid-profile name boss    #创建SSID模板
  ssid boss  #设置wifi名称
 ssid-profile name work
  ssid work

 vap-profile name boss  #创建VAP模板
  forward-mode tunnel  #集中转发
  service-vlan vlan-id 40  #用户vlan
  ssid-profile boss  #关联SSID模板
  security-profile bosssec  #关联安全模板
 vap-profile name work
  forward-mode direct-forward #本地转发
  service-vlan vlan-id 30  
  ssid-profile work
  security-profile worksec

[AC-wlan-ap-group-work_ap]dis th #进入AP组设置VAP射频卡
#
  regulatory-domain-profile huaweido
  radio 0
   vap-profile work wlan 1
  radio 1
   vap-profile work wlan 1
  radio 2
   vap-profile work wlan 1
# 
[AC-wlan-ap-group-boss_ap]dis th  
#
  regulatory-domain-profile huaweido
  radio 0
   vap-profile boss wlan 1
  radio 1
   vap-profile boss wlan 1
  radio 2
   vap-profile boss wlan 1
#