1/直连二层组网直接转发
配置建议
建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。
配置配置
1 GW配置
[r1]inter g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.101.100 24
2 SW配置(接入层)
[sw]vlan batch 100 101
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 1
3 AC配置
接口状态
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface //配置接口的DHCP
#
interface Vlanif101
ip address 192.168.101.1 255.255.255.0
dhcp select interface //配置接口的DHCP
dhcp server excluded-ip-address 192.168.101.100 //排除GW的IP地址
AC-WLAN配置
[AC6005]dis thiscapwap source interface vlanif100
[AC6005]wlan
[AC6005-wlan-view]ap-gr
[AC6005-wlan-view]ap-group name wfy
[AC6005-wlan-view]quit
[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fcaa-7e80
[AC6005-wlan-ap-0]ap-name wfy
[AC6005-wlan-ap-0]ap-group wfy
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC6005-wlan-view]security-profile name wfy
[AC6005-wlan-sec-prof-wfy]security wpa2 psk pass-phrase 12345678 aes
[AC6005-wlan-view]ssid-profile name wfy
[AC6005-wlan-ssid-prof-wfy]ssid wfy
[AC6005-wlan-view]vap-profile name wfy
[AC6005-wlan-vap-prof-wfy]ssid-profile wfy
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-wfy]security-profile wfy
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-wfy]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-wfy]forward-mode direct-forward
[AC6005-wlan-view]ap-group name wfy
[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
Ac上还需要有一条默认路由指向上层路由器
2/直连二层组网隧道转发
现在是隧道模式,其特点如下
并且在该模式下,在AC和AP之间的交换机,仅可以放行AP的管理VLAN通行即可
实际配置
Gw不变,
SW1
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
AC配置
[AC6005]capwap source inter vlan 10
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
#
interface Vlanif20
ip address 20.0.0.2 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 20.0.0.1
WLAN配置
只有一处改动,
那就是在VAP模板中的forward-mode 转发模式
vap-profile name wfy
forward-mode tunnel
service-vlan vlan-id 20
ssid-profile wfy
security-profile wfy
OK no problem
其实最主要的就是要搞明白,接入交换机上接口的VLAN配置,以及trunk的配置,
究竟哪里设置pvid,哪里放行具体的vlan,
------------------------------------------
CCIE成长之路 --- 梅利
2447
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
