基于三层组网的ap上线，DHCP，mstp实验搭建及配置，由路由做DHCP服务器下发地址

 

基础配置：进sw1 开启DHCP

vlan batch 50 101 to 102 创建相关vlan

interface Vlanif50 配置vlan50 的接口

 ip address 192.168.50.2 255.255.255.0

#

interface Vlanif101

 ip address 192.168.101.1 255.255.255.0

 dhcp select relay在接口下开启DHCP 中继指向ac

 dhcp relay server-ip 192.168.50.1

#

interface Vlanif102

 ip address 192.168.102.1 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.50.1

与路由相连接口打acss ap接口的交换机打pvid 管理

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 50

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 50

 port trunk allow-pass vlan 50 101

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk pvid vlan 50

 port trunk allow-pass vlan 50 102

写一个下一跳的缺省

ip route-static 0.0.0.0 0.0.0.0 192.168.50.1

DHCP路由服务器

Vlan b 50 101 102 100 都要创建实现透传

ip pool vlan50（管理）

 gateway-list 192.168.50.1

 network 192.168.50.0 mask 255.255.255.0

 option 43 sub-option 2 ip-address 192.168.100.2 

#

ip pool vlan102（业务下发）

 gateway-list 192.168.102.1

 network 192.168.102.0 mask 255.255.255.0

 dns-list 8.8.8.8

#

ip pool vlan101

 gateway-list 192.168.101.1

 network 192.168.101.0 mask 255.255.255.0

 dns-list 8.8.8.8

ip pool vlan70

 gateway-list 192.168.70.1

 network 192.168.70.0 mask 255.255.255.0

 dns-list 8.8.8.8

 option 43 sub-option 2 ip-address 192.168.100.2

ip pool vlan104

 gateway-list 192.168.104.1

 network 192.168.104.0 mask 255.255.255.0

 dns-list 8.8.8.8

interface GigabitEthernet0/0/1

 ip address 192.168.50.1 255.255.255.0

 dhcp select global接口设置为全局获取

#

interface GigabitEthernet0/0/2

 ip address 192.168.100.1 255.255.255.0

interface GigabitEthernet2/0/0

 ip address 192.168.70.1 255.255.255.0

 dhcp select global

ip route-static 0.0.0.0 0.0.0.0 192.168.100.2

ip route-static 192.168.101.0 255.255.255.0 192.168.50.2

ip route-static 192.168.102.0 255.255.255.0 192.168.50.2

ip route-static 192.168.104.0 255.255.255.0 192.168.70.21

ip route-static 192.168.10.0 255.255.255.0 192.168.60.2

ip route-static 192.168.20.0 255.255.255.0 192.168.70.2

写两条精确的静态

Ac配置

vlan batch 50 100 to 104

batch 50 100 to 104

创建vlan实现透传

dhcp enable开启dhcp

ip pool vlan100

 gateway-list 192.168.100.1

 network 192.168.100.0 mask 255.255.255.0

 dns-list 114.114.114.114

创建管理vlan100的地址池

interface Vlanif100

 ip address 192.168.100.2 255.255.255.0

 dhcp select global

ip pool vlan103

 gateway-list 192.168.103.1

 network 192.168.103.0 mask 255.255.255.0

 dns-list 8.8.8.8

interface Vlanif103

 ip address 192.168.103.1 255.255.255.0

 dhcp select global

接口设置为全局获取

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 100

ac的接口打为acss加入到100里面

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 103

后面的ac相连接的ap

ip route-static 0.0.0.0 0.0.0.0 192.168.100.1

capwap source interface vlanif100 建立隧道指向100

Sw4配置

接口配置完成再配置stp

vlan batch 10 20 60创建vlan

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

#

interface Vlanif20

 ip address 192.168.20.1 255.255.255.0

#

interface Vlanif60

 ip address 192.168.60.2 255.255.255.0

stp region-configuration

 region-name huawei

 revision-level 11

 instance 10 vlan 10

 instance 20 vlan 20 70 104

 active region-configuration  完成基础配置再敲

interface Eth-Trunk1 链路聚合

 port link-type trunk

 port trunk allow-pass vlan 10 20 70 100 104

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 20

#

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 60

sw5配置

vlan batch 10 20 70 100 104

stp instance 10 root secondary

stp instance 20 root primary

dhcp enable

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 vrrp vrid 10 virtual-ip 192.168.10.254

#

interface Vlanif20

 ip address 192.168.20.1 255.255.255.0

 vrrp vrid 20 virtual-ip 192.168.20.254

 vrrp vrid 20 priority 120

#

interface Vlanif70

 ip address 192.168.70.2 255.255.255.0

#

interface Vlanif104

 ip address 192.168.104.1 255.255.255.0

 dhcp select relay

 dhcp relay server-ip 192.168.70.1

interface Eth-Trunk1

 port link-type trunk

 port trunk allow-pass vlan 10 20 70 100 104

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 10 70 100 104

#

interface GigabitEthernet0/0/3

 port link-type access

 port default vlan 70

ip route-static 0.0.0.0 0.0.0.0 192.168.70.1

写一条指到70的缺省

接口配置

Sw6配置

vlan batch 10 20 70 100 104interface Ethernet0/0/1

 port link-type access

 port default vlan 10

#

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 70

 port trunk allow-pass vlan 10 70 100 104

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk allow-pass vlan 10 70 100 104

wlan配置

开启不认证 拿到mac

Wlan配置

Wlan

Ap auth no 不认证

[ac1-wlan-view]ap-group name ap1

创建ap组1

[ac1-wlan-view]regulatory-domain-profile name default

配置管理模板

ap-group name ap1

[ac1-wlan-ap-group-ap1]regulatory-domain-profile default

引用管理模板选yes

ap auth-mode mac-auth改回mac

undo ap all

Warning: Deleting the AP will interrupt user services. Continue?[Y/N]:y

Info: Now starting to delete AP(s).done.

拿掉ap

ap-name ap1

ap-group ap1

选yes

四个ap同理

[ac1-wlan-view]security-profile name wlan-net

security open          

ssid-profile name wlan-net

ssid wlan-net