5/直连三层组网直接转发
AP管理vlan 10 11
业务vlan 20 30
DHCP 分配
AC-AP dhcp
LSW2 --- STA dhcp
配置要点,
1 二层部份
1) 接入层LSW3的两个接口,肯定是都要trunk的,但是需要注意的是,要放行哪些VLAN的数据呢?哪里应该配置pvid 呢?
这要看数据的二层封装了,要结合三层的DHCP来看,
LSW2为AP提供DHCP 中继,并且由AC下发IP地址,那这样一来,我得在LSW2上能够看到VLAN ID是10的数据我才可以下发地址吧,才知道去找vlan10,然后再则LSW2的dhcp 中继去处理
如图中所示,在LSW3上抓包所得,显示的802.1Q 是10,才会正常
那就应该是这样
让SW3发出来的帧打tag ,10 ,为的是让sw2认识,去做DHCP
而后面的SW2—AC,要打VLAN 11的tag,
至于放行的流量,则于是直接转发模式,所以都放就行了,
[coresw2]
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30
在coresw2上,和AC相连的接口,向下不再需要VLAN 11的流量了,所以可以不放,即使是放了也没事儿
详细配置
Access sw
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 to 11 20 30
#
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 11 20 30
port-isolate enable group 1
CORESW
二层部份
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 20 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1 11 20 30
GigabitEthernet0/0/2 trunk 1 1 10-11 20 30
三层部份
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select relay //dhcp 中继
dhcp relay server-ip 192.168.11.1 //指向AC地址/dhcp server 地址
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
dhcp select global
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
dhcp select global
interface Vlanif11
ip address 192.168.11.2 255.255.255.0
-------------------------
ip pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
ip pool vlan30
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
AC配置
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20 30 //上行只放行业务流量即可
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 to 11 20 30 //下连接口要放行所有流量
Interface IP Address/Mask Physical Protocol
NULL0 unassigned up up(s)
Vlanif11 192.168.11.1/24 up up
仅仅配置一个和SW2相连的VLAN if
上联接口使用trunk
DHCP部份,为ap下放地址
ip pool 11
gateway-list 192.168.10.1 网关并不是自己,所以肯定只能用global模式的
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.11.1 //告诉AP AC的地址是哪一个,不在同一网段
最主要的还需要一个静态路由指过去,因为想要DHCP生效,必须两端可以通信才OK
[AC]ip route-s 192.168.10.0 24 192.168.11.2
AP获取地址成功后,开始配置WLAN部份
隧道 capwap source interface vlan 11 在AC上肯定指11,因为从两个地方看,AP的管理VLAN是不同的,只看AC自己的
另外,还为STA创建了VLAN池,为用户提供服务
[AC6005]dis vlan pool name wfy
-------------------------------------------------------------------------------
Name : wfy
Total : 2
Assignment : hash
VLAN ID : 20 30
-------------------------------------------------------------------------------
[AC6005]
其它的配置不变
wlan
security-profile name wfy
security wpa2 psk pass-phrase %^%#DVii4zoBFT!!K*CM#A:;Z6HEGYiNX8MOy{I&TnqE%^%# aes
ssid-profile name wfy
ssid wfy
ssid-profile name default
vap-profile name wfy
service-vlan vlan-pool wfy
ssid-profile wfy
security-profile wfy
ap-group name wfy
radio 0
vap-profile wfy wlan 1
radio 1
vap-profile wfy wlan 1
radio 2
vap-profile wfy wlan 1
ap-id 0 type-id 69 ap-mac 00e0-fc1e-7b80 ap-sn 2102354483104F1AAF2A
ap-name wfy
ap-group wfy
6/直连三层组网隧道转发
基本情况和上面一样
core
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 20 30
ip route-static 192.168.10.0 255.255.255.0 192.168.11.1
interface Vlanif11
ip address 192.168.11.2 255.255.255.0
dhcp select global
#
ip pool vlan10
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.11.2
------------------------------
CCIE成长之路 --- 梅利
3843
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
