中小型企业内网组建

某中小型公司客户提出网络比较单一整体都在一个大的广播域中，AP无线的SSID有很多个，包括一些小的无线路由器散发出来的信号，用起来网络不太稳定，并且AP的SSID要分开，办公室只有单个SSID，不允许出现其他的，车间的无线只允许出现生产的，不允许出现办公室的信号，并且客户端要求获取到的绑定的IP地址，针对以上要求做了一份拓扑模拟。

                     规划

管理IP	192.168.81.0	255.255.255.0	192.168.81.1
员工无线	192.168.10.0	255.255.255.0	192.168.10.1
访客无线	192.168.20.0	255.255.255.0	192.168.20.1
车间无线	192.168.30.0	255.255.255.0	192.168.30.1
员工有线	192.168.40.0	255.255.255.0	192.168.40.1
服务器网络	192.168.79.0	255.255.255.0	192.168.79.1

AR出口路由器的配置

[CK]dhcp enable   
[CK]interface GigabitEthernet 0/0/0
[CK-GigabitEthernet0/0/0]ip address dhcp-alloc  
[CK]acl 3000
[CK-acl-adv-3000]rule  permit  ip   
[CK]interface GigabitEthernet 0/0/0
[CK-GigabitEthernet0/0/0]nat outbound  3000
[CK]interface GigabitEthernet 0/0/1
[CK-GigabitEthernet0/0/1]ip address 192.169.81.1 24
[CK-GigabitEthernet0/0/1]dhcp select interface
[CK]ip route-static 192.168.10.0 24 192.168.81.2
[CK]ip route-static 192.168.20.0 24 192.168.81.2
[CK]ip route-static 192.168.30.0 24 192.168.81.2
[CK]ip route-static 192.168.40.0 24 192.168.81.2
[CK]ip route-static 192.168.79.0 24 192.168.81.2

核心交换机配置
[CORE]dhcp enable 
[CORE]vlan  batch  10 20 30 40 79 81
[CORE]interface Vlanif  81
[CORE-Vlanif81]ip address 192.168.81.2 24

[CORE]ip pool 10
[CORE-ip-pool-10]network 192.168.10.0 mask 24
[CORE-ip-pool-10]gateway-list  192.168.10.1
[CORE-ip-pool-10]dns-list 223.5.5.5
       
[CORE]ip pool 20
[CORE-ip-pool-20]network 192.168.20.0 mask 24
[CORE-ip-pool-20]gateway-list  192.168.20.1
[CORE-ip-pool-20]dns-list  223.5.5.5   

[CORE]ip pool 30
[CORE-ip-pool-30]network 192.168.30.0 mask 24
[CORE-ip-pool-30]gateway-list  192.168.30.1
[CORE-ip-pool-30]dns-list  223.5.5.5

[CORE]ip pool 40
[CORE-ip-pool-40]network 192.168.40.0 mask 24
[CORE-ip-pool-40]gateway-list  192.168.40.1
[CORE-ip-pool-40]dns-list  223.5.5.5

[CORE]interface Vlanif  79
[CORE-Vlanif79]ip address 192.168.79.1 24
[CORE-Vlanif79]dhcp select interface

[CORE]interface Vlanif  10
[CORE-Vlanif10]ip address 192.168.10.1 24       
[CORE-Vlanif10]dhcp select global
[CORE]interface Vlanif  20
[CORE-Vlanif12]ip address 192.168.20.1 24       
[CORE-Vlanif20]dhcp select global
[CORE]interface Vlanif  30
[CORE-Vlanif30]ip address 192.168.30.1 24       
[CORE-Vlanif30]dhcp select global
[CORE]interface Vlanif  40
[CORE-Vlanif40]ip address 192.168.40.1 24       
[CORE-Vlanif40]dhcp select global

[CORE]ip route-static 0.0.0.0 0.0.0.0 192.168.81.1 
[CORE]interface GigabitEthernet 0/0/24
[CORE-GigabitEthernet0/0/24]port link-type  access 
[CORE-GigabitEthernet0/0/24]port default  vlan  81

[CORE]interface GigabitEthernet 0/0/2
[CORE-GigabitEthernet0/0/2]port link-type trunk  
[CORE-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 30 40 79 81

CORE]interface GigabitEthernet 0/0/3
[CORE-GigabitEthernet0/0/3]port link-type trunk  
[CORE-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20 30 40 79 81

CORE]interface GigabitEthernet 0/0/4
[CORE-GigabitEthernet0/0/4]port link-type trunk  
[CORE-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 20 30 40 79 81

[CORE]interface GigabitEthernet 0/0/1      
[CORE-GigabitEthernet0/0/1]port link-type  trunk  
[CORE-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 40 79 81

一楼车间交换机配置
[CJ1]vlan  batch  10 20 30 81
[CJ1]interface GigabitEthernet 0/0/1
[CJ1-GigabitEthernet0/0/1]port link-type trunk  
[CJ1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 81
[CJ1]interface  Eth 0/0/1
[CJ1-Ethernet0/0/1]port link-type  trunk 
[CJ1-Ethernet0/0/1]port trunk pvid vlan 81
[CJ1-Ethernet0/0/1]port trunk allow-pass vlan  all
[CJ1]interface Eth 0/0/2
[CJ1-Ethernet0/0/2]port link-type  access 
[CJ1-Ethernet0/0/2]port default  vlan  30
[CJ1-Ethernet0/0/2]stp edged-port  enable
[CJ1]interface Vlanif  81
[CJ1-Vlanif81]ip address 192.168.81.4 24
[CJ1]ip route-static 0.0.0.0 0.0.0.0 192.168.81.2

二楼车间交换机配置
[CJ2]vlan  batch  10 20 30 81
[CJ2]interface GigabitEthernet 0/0/1
[CJ2-GigabitEthernet0/0/1]port link-type trunk  
[CJ2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 81
[CJ2]interface  Eth 0/0/1
[CJ2-Ethernet0/0/1]port link-type  trunk 
[CJ2-Ethernet0/0/1]port trunk pvid vlan 81
[CJ2-Ethernet0/0/1]port trunk allow-pass vlan  all
[CJ2]interface Vlanif  81
[CJ2-Vlanif81]ip address 192.168.81.5 24
[CJ2]ip route-static 0.0.0.0 0.0.0.0 192.168.81.2

三楼办公室交换机配置
[OFFICE]vlan batch  10 20 30 40 79 81
[OFFICE]interface GigabitEthernet 0/0/1
[OFFICE-GigabitEthernet0/0/1]port link-type  trunk  
[OFFICE-GigabitEthernet0/0/1]port trunk allow-pass vlan  10 20 30 40 79 81
[OFFICE]interface Eth 0/0/1
[OFFICE-Ethernet0/0/1]port link-type  trunk  
[OFFICE-Ethernet0/0/1]port trunk  pvid  vlan 81
[OFFICE-Ethernet0/0/1]port trunk allow-pass vlan all
[OFFICE]interface Eth 0/0/2
[OFFICE-Ethernet0/0/2]port link-type  access 
[OFFICE-Ethernet0/0/2]port default  vlan  79
[OFFICE-Ethernet0/0/2]stp edged-port  enable
[OFFICE]interface Eth0/0/3
[OFFICE-Ethernet0/0/3]port link-type access 
[OFFICE-Ethernet0/0/3]port default  vlan  40
[OFFICE-Ethernet0/0/3]stp  edged-port enable
[OFFICE]interface Vlanif  81
[OFFICE-Vlanif81]ip address 192.168.81.6 24
[OFFICE]ip route-static 0.0.0.0 0.0.0.0 192.168.81.2

测试

一楼车间AP

一楼车间客户端

二楼车间客户端

三楼办公室服务器

三楼办公室客户端

三楼办公室AP

都是正常获取到IP地址了，下面配置AC无线

AC无线控制器配置
[AC]interface Vlanif  81
[AC-Vlanif81]ip address 192.168.81.3 24 
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk  
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 81
[AC]ip route-static 0.0.0.0 0.0.0.0 192.168.81.2
[AC]capwap source  interface Vlanif 81
[AC]wlan
[AC-wlan-view]ap auth-mode no-auth 
[AC-wlan-view]ssid-profile name YG
[AC-wlan-ssid-prof-YG]ssid YG
[AC-wlan-view]security-profile name YG
[AC-wlan-sec-prof-YG]security wpa2 psk pass-phrase  88888888 aes
[AC-wlan-view]ssid-profile name FK
[AC-wlan-ssid-prof-FK]ssid FK 
[AC-wlan-view]security-profile name FK
[AC-wlan-sec-prof-FK]security wpa2 psk pass-phrase 66668888 aes
[AC-wlan-view]ssid-profile name CJ
[AC-wlan-ssid-prof-CJ]ssid CJ
[AC-wlan-view]security-profile name CJ
[AC-wlan-sec-prof-CJ]security wpa-wpa2 psk pass-phrase  12345678 aes
[AC-wlan-view]vap-profile name YG
[AC-wlan-vap-prof-YG]ssid-profile YG
[AC-wlan-vap-prof-YG]security-profile YG
[AC-wlan-vap-prof-YG]service-vlan vlan-id 10
[AC-wlan-view]vap-profile name FK
[AC-wlan-vap-prof-FK]ssid-profile FK
[AC-wlan-vap-prof-FK]security-profile FK
[AC-wlan-vap-prof-FK]service-vlan vlan-id 20
[AC-wlan-view]vap-profile name CJ
[AC-wlan-vap-prof-CJ]ssid-profile CJ
[AC-wlan-vap-prof-CJ]security-profile CJ
[AC-wlan-vap-prof-CJ]service-vlan vlan-id 30
[AC-wlan-view]ap-id 0 ap-mac 00E0-FC09-0970 
[AC-wlan-ap-0]ap-name cjwx
[AC-wlan-view]ap-id 1 ap-mac 00E0-FCB6-0E80
[AC-wlan-ap-1]ap-name office
[AC-wlan-view]ap-group name 1-2F 
[AC-wlan-view]ap-group name 3F
[AC-wlan-view]ap-id 0
[AC-wlan-ap-0]ap-group 1-2F
[AC-wlan-view]ap-id 1
[AC-wlan-ap-1]ap-group 3f
[AC-wlan-view]ap-group name 1-2F
[AC-wlan-ap-group-1-2F]vap-profile CJ wlan 1 radio all 
[AC-wlan-view]ap-group name 3F
[AC-wlan-ap-group-3F]vap-profile YG wlan 1 radio all 
[AC-wlan-ap-group-3F]vap-profile FK wlan 2 radio all

查看车间的SSID信号，这边只能看到车间的信号

连接可以看到是正常连接并且获取到30vlan的，可以上外网

查看办公区无线，可以看到有两个SSID

连接，可以看到获取到vlan10的地址，而且可以访问外网及服务器

连接访客无线，获取到是vlan20 的IP地址，并且可以访问外网及服务器

以上是全部配置，如果有帮助可以给个小爱心或关注，如果配置途中遇到问题可留言反馈，看到后会及时更新解答。