实验组网:
配置思路:
实验步骤:
配置交换机
S3:先创建VLAN、配置接口类型,允许VLAN通过
连接AP的接口G0/0/4的接口PVID为VLAN10
[S3]vlan batch 10 11 20 21 100 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[S3-GigabitEthernet0/0/1]q
[S3]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan 200
[S3-GigabitEthernet0/0/2]q
[S3]int g0/0/3
[S3-GigabitEthernet0/0/3]port link-type trunk
[S3-GigabitEthernet0/0/3]port trunk allow-pass vlan 20 21
[S3-GigabitEthernet0/0/3]int g0/0/4
[S3-GigabitEthernet0/0/4]port link-type trunk
[S3-GigabitEthernet0/0/4]port trunk pvid vlan 10
[S3-GigabitEthernet0/0/4]port trunk allow-pass vlan 10 11
S4:
创建VLAN:20 、21
连接AP的接口G0/0/4的接口PVID为VLAN20
AC1
[AC1]vlan 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC1-vlan100]int g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
AC2:
[AC2]vlan 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC2]int g0/0/1
[AC2-GigabitEthernet0/0/1]port link-type trunk
[AC2-GigabitEthernet0/0/1]port trunk allow-pass vlan 200
在S3配置VLANIF:
VLANIF10、20作为AP1和AP2的管理VLAN网关
VLANIF11、 21作为AP1和AP2下终端的业务VLAN网关
VLANIIF100、200用于AC1和AC2进行三层通信
[S3]int vlan 10
[S3-Vlanif10]ip address 10.0.10.1 24
[S3]int vlan 11
[S3-Vlanif11]ip address 10.0.11.1 24
[S3-Vlanif11]int vlan 20
[S3-Vlanif20]ip address 10.0.20.1 24
[S3-Vlanif20]int vlan 21
[S3-Vlanif21]ip address 10.0.21.1 24
[S3-Vlanif21]int vlan 100
[S3-Vlanif100]ip address 10.0.100.1 24
[S3-Vlanif100]int vlan 200
[S3-Vlanif200]ip address 10.0.200.1 24
AC1的VLANIF 100作为CAPWAP源接口
AC2的VLANIF 200作为CAPWAP源接口
在AC上配置前往AP管理网段的路由:
ip route-static 10.0.10.0 255.255.255.0 10.0.100.1 //AC1
ip route-static 10.0.20.0 255.255.255.0 10.0.200.1 //AC2
在S3上配置DHCP:
携带option 43指定AC地址
在接口下选择全局地址池
配置AC:
AC1
1、指定CAPWAP源接口
[AC1]capwap source interface vlan 100
2、创建AP组:depart1
3、创建域管理模板和AC国家码
[AC1-wlan-view]regulatory-domain-profile name default
[AC1-wlan-regulate-domain-default]country-code cn
Info: The current country code is same with the input country code.
4、AP组下引用域管理模板
[AC1-wlan-view]ap-group name depart1
[AC1-wlan-ap-group-depart1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
5、添加AP
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc3c-7800 //AP的MAC地址
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group depart1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
6、配置参数模板
[AC1-wlan-view]security-profile name depart1
[AC1-wlan-sec-prof-depart1]security wpa2 psk pass-phrase huawei123 aes
[AC1-wlan-sec-prof-depart1]q
[AC1-wlan-view]ssid-profile name depart1
[AC1-wlan-ssid-prof-depart1]ssid roam
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-ssid-prof-depart1]q
[AC1-wlan-view]vap
[AC1-wlan-view]vap-profile name depart1
[AC1-wlan-vap-prof-depart1]forward-mode direct-forward
[AC1-wlan-vap-prof-depart1]service-vlan vlan-id 11
[AC1-wlan-vap-prof-depart1]ssid-profile depart1
[AC1-wlan-vap-prof-depart1]security-profile depart1
[AC1-wlan-view]ap-group name depart1
[AC1-wlan-ap-group-depart1]vap-profile depart1 wlan 1 radio all
查看AP上线情况:
AC2重复上述步骤 !!!
配置三层漫游:
配置静态路由:
ip route-static 10.0.200.0 255.255.255.0 10.0.100.1 //AC1
ip route-static 10.0.100.0 255.255.255.0 10.0.200.1 //AC2
配置AC1:配置漫游组,添加AC1和AC2作为漫游组成员
AC2:配置一样
[AC1]wlan
[AC1-wlan-view]mobility-group name mobility
[AC1-mc-mg-mobility]member ip-address 10.0.100.254
[AC1-mc-mg-mobility]member ip-address 10.0.200.254
查看漫游组状态:
开启终端STA并连接无线网络
将STA放在两个AP信号覆盖范围,断开AP1,STA漫游连接AP2
查看漫游轨迹:
扫一扫
1546
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
