1 問題
如圖規劃VLAN和IP地址
R1作爲DHCP服務器
AP的管理VLAN爲100,實現自動註冊
VLAN101/102分配給外來人員
VLAN103/104分配給內部員工
實現無線終端之間互通
2 方案
搭建實驗環境,如圖-1所示。
圖-1
3 步驟
實現此案例需要按照如下步驟進行。
1)配置 SW1
<Huawei>undo terminal monitor
[Huawei]sysname SW1
[SW1]vlan batch 100 101 102 103 104 //批量創建VLAN
[SW1]interface gi0/0/1 //連接AP1所用的接口
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100 //修改PVID爲100
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface gi0/0/2 //連接AP2所用的接口
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]port trunk pvid vlan 100 //修改PVID爲100
[SW1-GigabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet 0/0/3 //連接AP3所用的接口
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/3]port trunk pvid vlan 100 //修改PVID爲100
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface GigabitEthernet 0/0/4 //連接AP4所用的接口
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/4]port trunk pvid vlan 100 //修改PVID爲100
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet 0/0/5 //連接SW2所用的接口
[SW1-GigabitEthernet0/0/5]port link-type trunk
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/5]port trunk pvid vlan 100 //修改PVID爲100
[SW1-GigabitEthernet0/0/5]quit
2)配置 SW2
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan batch 100 101 102 103 104 200 201 //批量創建VLAN
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/1]quit
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 200
[SW2-GigabitEthernet0/0/2]quit
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 201
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface Vlanif 100 //配置 VLAN100的網關接口
[SW2-Vlanif100]ip address 10.23.100.1 24
[SW2-Vlanif100]quit
[SW2]interface Vlanif 101 //配置 VLAN101的網關接口
[SW2-Vlanif101]ip address 10.23.101.1 24
[SW2-Vlanif101]quit
[SW2]interface Vlanif 102 //配置 VLAN102的網關接口
[SW2-Vlanif102]ip address 10.23.102.1 24
[SW2-Vlanif102]quit
[SW2]interface Vlanif 103 //配置 VLAN103的網關接口
[SW2-Vlanif103]ip address 10.23.103.1 24
[SW2-Vlanif103]quit
[SW2]interface Vlanif 104 //配置 VLAN104的網關接口
[SW2-Vlanif104]ip address 10.23.104.1 24
[SW2-Vlanif104]quit
[SW2]interface Vlanif 200 //配置連接 AC 所用的IP接口
[SW2-Vlanif200]ip address 10.45.200.2 24
[SW2-Vlanif200]quit
[SW2]interface Vlanif 201 //配置連接 R1 所用的IP接口
[SW2-Vlanif201]ip address 10.67.201.2 24
[SW2-Vlanif201]quit
[SW2]dhcp enable //開啓 DHCP 功能
[SW2]interface vlanif 100 //配置 DHCP 中繼
[SW2-Vlanif100]dhcp select relay
[SW2-Vlanif100]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif100]quit
[SW2]interface Vlanif 101 //配置 DHCP 中繼
[SW2-Vlanif101]dhcp select relay
[SW2-Vlanif101]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif101]quit
[SW2]interface Vlanif 102 //配置 DHCP 中繼
[SW2-Vlanif102]dhcp select relay
[SW2-Vlanif102]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif102]quit
[SW2]interface Vlanif 103 //配置 DHCP 中繼
[SW2-Vlanif103]dhcp select relay
[SW2-Vlanif103]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif103]quit
[SW2]interface Vlanif 104 //配置 DHCP 中繼
[SW2-Vlanif104]dhcp select relay
[SW2-Vlanif104]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif104]quit
3)配置 R1
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0 //連接SW2所用的接口
[R1-GigabitEthernet0/0/0]ip address 10.67.201.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]dhcp enable //開啓 DHCP 功能
[R1]ip pool VLAN100 //創建 VLAN 100 的 DHCP 地址池
[R1-ip-pool-VLAN100]network 10.23.100.0 mask 24
[R1-ip-pool-VLAN100]gateway-list 10.23.100.1
[R1-ip-pool-VLAN100]option 43 sub-option 3 ascii 10.45.200.1
[R1-ip-pool-VLAN100]quit
[R1]ip pool VLAN101 //創建 VLAN 101 的 DHCP 地址池
[R1-ip-pool-VLAN101]network 10.23.101.0 mask 24
[R1-ip-pool-VLAN101]gateway-list 10.23.101.1
[R1-ip-pool-VLAN101]quit
[R1]ip pool VLAN102 //創建 VLAN 102 的 DHCP 地址池
[R1-ip-pool-VLAN102]network 10.23.102.0 mask 24
[R1-ip-pool-VLAN102]gateway-list 10.23.102.1
[R1-ip-pool-VLAN102]quit
[R1]ip pool VLAN103 //創建 VLAN 103 的 DHCP 地址池
[R1-ip-pool-VLAN103]network 10.23.103.0 mask 24
[R1-ip-pool-VLAN103]gateway-list 10.23.103.1
[R1-ip-pool-VLAN103]quit
[R1]ip pool VLAN104 //創建 VLAN 104 的 DHCP 地址池
[R1-ip-pool-VLAN104]network 10.23.104.0 mask 24
[R1-ip-pool-VLAN104]gateway-list 10.23.104.1
[R1-ip-pool-VLAN104]quit
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global //配置接口的DHCP模式
[R1-GigabitEthernet0/0/0]quit
[R1]ip route-static 10.23.0.0 16 10.67.201.2 //配置去往其他網段的路由條目
4)配置AC
<AC6605>undo terminal monitor
<AC6605>system-view
[AC6605]sysname AC
[AC]vlan 200 //在 AC上創建 VLAN 200
[AC-vlan200]quit
[AC]interface Vlanif 200 //創建用於連接 SW2 的IP接口
[AC-Vlanif200]ip address 10.45.200.1 24
[AC-Vlanif200]quit
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type access
[AC-GigabitEthernet0/0/1]port default vlan 200
[AC-GigabitEthernet0/0/1]quit
[AC]ip route-static 10.0.0.0 8 10.45.200.2 //去往其他網段的路由條目
[AC]vlan pool sta-pool1 //創建VLAN Pool ,讓AP的客戶端加入特定的VLAN
[AC-vlan-pool-sta-pool1]vlan 101 102
[AC-vlan-pool-sta-pool1]quit
[AC]vlan pool sta-pool2 //創建VLAN Pool ,讓AP的客戶端加入特定的VLAN
[AC-vlan-pool-sta-pool2]vlan 103 104
[AC-vlan-pool-sta-pool2]quit
[AC]wlan //進入WLAN的配置模式
[AC-wlan-view]ap-group name guest1 //創建 ap-grop,用於來賓
[AC-wlan-ap-group-guest1]quit
[AC-wlan-view]ap-group name yuangong //創建 ap-grop,用於內部員工
[AC-wlan-ap-group-yuangong]quit
[AC-wlan-view]regulatory-domain-profile name domain1 //配置域模板,指定國家代碼
[AC-wlan-regulate-domain-domain1]country-code CN
[AC-wlan-regulate-domain-domain1]quit
[AC-wlan-view]ap-group name guest //進入ap-group,關聯指定的域模板
[AC-wlan-ap-group-guest]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-guest]quit
[AC-wlan-view]ap-group name yuangong //進入ap-group,關聯指定的域模板
[AC-wlan-ap-group-yuangong]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-yuangong]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 200 //指定 CAPWAP信令協議的源IP地址
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth //AP上線的認證方式,基於MAC地址進行自注冊
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc62-5290 //指定第一個AP的MAC地址
[AC-wlan-ap-0] ap-name qiantai1 //爲 AP 取一個名字,便於AC內部管理
[AC-wlan-ap-0] ap-group guest //將AP加入到特定的 ap-group
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc4e-1de0
[AC-wlan-ap-1] ap-name qiantai2
[AC-wlan-ap-1] ap-group guest
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc03-5640
[AC-wlan-ap-2] ap-name bangong1
[AC-wlan-ap-2] ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc43-3df0
[AC-wlan-ap-3] ap-name bangong2
[AC-wlan-ap-3] ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] security-profile name guest //配置加密配置文件,爲AP配置密碼
[AC-wlan-sec-prof-guest] security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-guest] quit
[AC-wlan-view] security-profile name bangong //配置加密配置文件,爲AP配置密碼
[AC-wlan-sec-prof-bangong] security wpa2 psk pass-phrase b1234567 aes
[AC-wlan-sec-prof-bangong] quit
[AC-wlan-view] ssid-profile name guest //配置SSID配置文件,爲AP的WiFi信號取名字
[AC-wlan-ssid-prof-guest] ssid guest
[AC-wlan-ssid-prof-guest] quit
[AC-wlan-view] ssid-profile name bangong //配置SSID配置文件,爲AP的WiFi信號取名字
[AC-wlan-ssid-prof-bangong] ssid bangong
[AC-wlan-ssid-prof-bangong] quit
[AC-wlan-view] vap-profile name guest //配置VAP末班,用於關聯各種配置模板,給來賓用
[AC-wlan-vap-prof-guest] service-vlan vlan-pool sta-pool1
[AC-wlan-vap-prof-guest] security-profile guest
[AC-wlan-vap-prof-guest] ssid-profile guest
[AC-wlan-vap-prof-guest] quit
[AC-wlan-view] vap-profile name bangong //配置VAP末班,用於關聯各種配置模板,給內部員工用
[AC-wlan-vap-prof-bangong] service-vlan vlan-pool sta-pool2
[AC-wlan-vap-prof-bangong] security-profile bangong
[AC-wlan-vap-prof-bangong] ssid-profile bangong
[AC-wlan-vap-prof-bangong] quit
[AC-wlan-view] ap-group name guest //爲指定的ap-group開啓無線信道
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 0
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 1
[AC-wlan-ap-group-guest] quit
[AC-wlan-view] ap-group name yuangong //爲指定的ap-group開啓無線信道
[AC-wlan-ap-group-yuangong] vap-profile bangong wlan 1 radio 0
[AC-wlan-ap-group-yuangong] vap-profile bangong wlan 1 radio 1
[AC-wlan-ap-group-yuangong] quit
5)無線終端連接“無線網絡”,獲得IP地址,測試連通性
STA2 訪問 STA 4 ,順利互通
STA>ping 10.23.104.254
Ping 10.23.104.254: 32 data bytes, Press Ctrl_C to break
From 10.23.104.254: bytes=32 seq=1 ttl=127 time=250 ms
From 10.23.104.254: bytes=32 seq=2 ttl=127 time=297 ms
From 10.23.104.254: bytes=32 seq=3 ttl=127 time=265 ms
From 10.23.104.254: bytes=32 seq=4 ttl=127 time=296 ms
From 10.23.104.254: bytes=32 seq=5 ttl=127 time=266 ms
--- 10.23.104.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 250/274/297 ms