WLAN-案例-2-旁挂二层组网（直接转发/隧道转发）

3/旁挂二层组网直接转发

交换机上需要在trunk上允许管理的和业务的同时跑

直连和旁挂配置上有什么区别吗？

交换机部份，

不用说了，trunk+pvid ，(AC-AP的管理VLAN)放行管理vlan 以及业务vlan

核心交换

用来分担 AC的业务VLAN下放IP地址，所以要配置DHCP，还要连接上行的路由器

具体配置

Access-sw

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

coresw

#

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 20

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

#

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

IP及DHCP(业务)

interface Vlanif20

 ip address 192.168.20.2 255.255.255.0

 dhcp select interface

AC配置

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

#

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 dhcp select interface

#

wlan

security-profile name wfy

  security wpa2 psk pass-phrase %^%#X~g/A70^SCf1zEDOU9sQ0]q;;,!'rL\!,FY'0XBX%^%# aes

ssid-profile name wfy

  ssid wfy

vap-profile name wfy

  service-vlan vlan-id 20

  ssid-profile wfy

  security-profile wfy

  默认就是直接转发，所以没有显示

ap-group name wfy

ap-id 0 type-id 69 ap-mac 00e0-fc13-43a0 ap-sn 210235448310656FF341

  ap-name wfy

  ap-group wfy

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all

ap-group name wfy

  radio 0

   vap-profile wfy wlan 1

  radio 1

   vap-profile wfy wlan 1

  radio 2

   vap-profile wfy wlan 1

4/旁挂二层组网隧道转发

Accesssw

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

#

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

coresw

interface GigabitEthernet0/0/3

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20 //这里必须要放行20，因为业务数据也要经过AC

#

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20  //同上

#

interface GigabitEthernet0/0/1     //连接路由器

 port link-type access

 port default vlan 20

ip pool vlan20

 gateway-list 192.168.20.1

 network 192.168.20.0 mask 255.255.255.0

 excluded-ip-address 192.168.20.2

interface Vlanif20

 ip address 192.168.20.2 255.255.255.0

 dhcp select global

AC配置

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10 20

#

Dhcp enable

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 dhcp select interface

AP上线之前，查IP地址有没有收到

Interface                         IP Address/Mask      Physical   Protocol  

NULL0                             unassigned           up         up(s)     

Vlanif1                           192.168.10.109/24       up         up  

并且可以和AC通信

<wfy>ping 192.168.10.1

  PING 192.168.10.1: 56  data bytes, press CTRL_C to break

    Reply from 192.168.10.1: bytes=56 Sequence=1 ttl=255 time=60 ms

    Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=255 time=60 ms

Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=255 time=40 ms

WLAN配置

Wlan   其它的都和直连一样，只有一点区别，就是forward-mode – tunnel

vap-profile name wfy

  forward-mode tunnel

  service-vlan vlan-id 20

  ssid-profile wfy

  security-profile wfy

 

--------------------------------------

CCIE成长之路   --- 梅利