1 问题
如图规划VLAN和IP地址
R1作为DHCP服务器
AP的管理VLAN为100,实现自动注册
VLAN101/102分配给外来人员
VLAN103/104分配给内部员工
实现无线终端之间互通
2 方案
搭建实验环境,如图-1所示。
图-1
3 步骤
实现此案例需要按照如下步骤进行。
1)配置 SW1
<Huawei>undo terminal monitor
[Huawei]sysname SW1
[SW1]vlan batch 100 101 102 103 104 //批量创建VLAN
[SW1]interface gi0/0/1 //连接AP1所用的接口
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100 //修改PVID为100
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface gi0/0/2 //连接AP2所用的接口
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]port trunk pvid vlan 100 //修改PVID为100
[SW1-GigabitEthernet0/0/2]quit
[SW1]interface GigabitEthernet 0/0/3 //连接AP3所用的接口
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/3]port trunk pvid vlan 100 //修改PVID为100
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface GigabitEthernet 0/0/4 //连接AP4所用的接口
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/4]port trunk pvid vlan 100 //修改PVID为100
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet 0/0/5 //连接SW2所用的接口
[SW1-GigabitEthernet0/0/5]port link-type trunk
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/5]port trunk pvid vlan 100 //修改PVID为100
[SW1-GigabitEthernet0/0/5]quit
2)配置 SW2
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname SW2
[SW2]vlan batch 100 101 102 103 104 200 201 //批量创建VLAN
[SW2]interface GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/1]quit
[SW2]interface GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 200
[SW2-GigabitEthernet0/0/2]quit
[SW2]interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 201
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface Vlanif 100 //配置 VLAN100的网关接口
[SW2-Vlanif100]ip address 10.23.100.1 24
[SW2-Vlanif100]quit
[SW2]interface Vlanif 101 //配置 VLAN101的网关接口
[SW2-Vlanif101]ip address 10.23.101.1 24
[SW2-Vlanif101]quit
[SW2]interface Vlanif 102 //配置 VLAN102的网关接口
[SW2-Vlanif102]ip address 10.23.102.1 24
[SW2-Vlanif102]quit
[SW2]interface Vlanif 103 //配置 VLAN103的网关接口
[SW2-Vlanif103]ip address 10.23.103.1 24
[SW2-Vlanif103]quit
[SW2]interface Vlanif 104 //配置 VLAN104的网关接口
[SW2-Vlanif104]ip address 10.23.104.1 24
[SW2-Vlanif104]quit
[SW2]interface Vlanif 200 //配置连接 AC 所用的IP接口
[SW2-Vlanif200]ip address 10.45.200.2 24
[SW2-Vlanif200]quit
[SW2]interface Vlanif 201 //配置连接 R1 所用的IP接口
[SW2-Vlanif201]ip address 10.67.201.2 24
[SW2-Vlanif201]quit
[SW2]dhcp enable //开启 DHCP 功能
[SW2]interface vlanif 100 //配置 DHCP 中继
[SW2-Vlanif100]dhcp select relay
[SW2-Vlanif100]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif100]quit
[SW2]interface Vlanif 101 //配置 DHCP 中继
[SW2-Vlanif101]dhcp select relay
[SW2-Vlanif101]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif101]quit
[SW2]interface Vlanif 102 //配置 DHCP 中继
[SW2-Vlanif102]dhcp select relay
[SW2-Vlanif102]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif102]quit
[SW2]interface Vlanif 103 //配置 DHCP 中继
[SW2-Vlanif103]dhcp select relay
[SW2-Vlanif103]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif103]quit
[SW2]interface Vlanif 104 //配置 DHCP 中继
[SW2-Vlanif104]dhcp select relay
[SW2-Vlanif104]dhcp relay server-ip 10.67.201.1
[SW2-Vlanif104]quit
3)配置 R1
<Huawei>undo terminal monitor
<Huawei>system-view
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0 //连接SW2所用的接口
[R1-GigabitEthernet0/0/0]ip address 10.67.201.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]dhcp enable //开启 DHCP 功能
[R1]ip pool VLAN100 //创建 VLAN 100 的 DHCP 地址池
[R1-ip-pool-VLAN100]network 10.23.100.0 mask 24
[R1-ip-pool-VLAN100]gateway-list 10.23.100.1
[R1-ip-pool-VLAN100]option 43 sub-option 3 ascii 10.45.200.1
[R1-ip-pool-VLAN100]quit
[R1]ip pool VLAN101 //创建 VLAN 101 的 DHCP 地址池
[R1-ip-pool-VLAN101]network 10.23.101.0 mask 24
[R1-ip-pool-VLAN101]gateway-list 10.23.101.1
[R1-ip-pool-VLAN101]quit
[R1]ip pool VLAN102 //创建 VLAN 102 的 DHCP 地址池
[R1-ip-pool-VLAN102]network 10.23.102.0 mask 24
[R1-ip-pool-VLAN102]gateway-list 10.23.102.1
[R1-ip-pool-VLAN102]quit
[R1]ip pool VLAN103 //创建 VLAN 103 的 DHCP 地址池
[R1-ip-pool-VLAN103]network 10.23.103.0 mask 24
[R1-ip-pool-VLAN103]gateway-list 10.23.103.1
[R1-ip-pool-VLAN103]quit
[R1]ip pool VLAN104 //创建 VLAN 104 的 DHCP 地址池
[R1-ip-pool-VLAN104]network 10.23.104.0 mask 24
[R1-ip-pool-VLAN104]gateway-list 10.23.104.1
[R1-ip-pool-VLAN104]quit
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global //配置接口的DHCP模式
[R1-GigabitEthernet0/0/0]quit
[R1]ip route-static 10.23.0.0 16 10.67.201.2 //配置去往其他网段的路由条目
4)配置AC
<AC6605>undo terminal monitor
<AC6605>system-view
[AC6605]sysname AC
[AC]vlan 200 //在 AC上创建 VLAN 200
[AC-vlan200]quit
[AC]interface Vlanif 200 //创建用于连接 SW2 的IP接口
[AC-Vlanif200]ip address 10.45.200.1 24
[AC-Vlanif200]quit
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type access
[AC-GigabitEthernet0/0/1]port default vlan 200
[AC-GigabitEthernet0/0/1]quit
[AC]ip route-static 10.0.0.0 8 10.45.200.2 //去往其他网段的路由条目
[AC]vlan pool sta-pool1 //创建VLAN Pool ,让AP的客户端加入特定的VLAN
[AC-vlan-pool-sta-pool1]vlan 101 102
[AC-vlan-pool-sta-pool1]quit
[AC]vlan pool sta-pool2 //创建VLAN Pool ,让AP的客户端加入特定的VLAN
[AC-vlan-pool-sta-pool2]vlan 103 104
[AC-vlan-pool-sta-pool2]quit
[AC]wlan //进入WLAN的配置模式
[AC-wlan-view]ap-group name guest1 //创建 ap-grop,用于来宾
[AC-wlan-ap-group-guest1]quit
[AC-wlan-view]ap-group name yuangong //创建 ap-grop,用于内部员工
[AC-wlan-ap-group-yuangong]quit
[AC-wlan-view]regulatory-domain-profile name domain1 //配置域模板,指定国家代码
[AC-wlan-regulate-domain-domain1]country-code CN
[AC-wlan-regulate-domain-domain1]quit
[AC-wlan-view]ap-group name guest //进入ap-group,关联指定的域模板
[AC-wlan-ap-group-guest]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-guest]quit
[AC-wlan-view]ap-group name yuangong //进入ap-group,关联指定的域模板
[AC-wlan-ap-group-yuangong]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-yuangong]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 200 //指定 CAPWAP信令协议的源IP地址
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth //AP上线的认证方式,基于MAC地址进行自注册
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc62-5290 //指定第一个AP的MAC地址
[AC-wlan-ap-0] ap-name qiantai1 //为 AP 取一个名字,便于AC内部管理
[AC-wlan-ap-0] ap-group guest //将AP加入到特定的 ap-group
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc4e-1de0
[AC-wlan-ap-1] ap-name qiantai2
[AC-wlan-ap-1] ap-group guest
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc03-5640
[AC-wlan-ap-2] ap-name bangong1
[AC-wlan-ap-2] ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc43-3df0
[AC-wlan-ap-3] ap-name bangong2
[AC-wlan-ap-3] ap-group yuangong
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-view] security-profile name guest //配置加密配置文件,为AP配置密码
[AC-wlan-sec-prof-guest] security wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-guest] quit
[AC-wlan-view] security-profile name bangong //配置加密配置文件,为AP配置密码
[AC-wlan-sec-prof-bangong] security wpa2 psk pass-phrase b1234567 aes
[AC-wlan-sec-prof-bangong] quit
[AC-wlan-view] ssid-profile name guest //配置SSID配置文件,为AP的WiFi信号取名字
[AC-wlan-ssid-prof-guest] ssid guest
[AC-wlan-ssid-prof-guest] quit
[AC-wlan-view] ssid-profile name bangong //配置SSID配置文件,为AP的WiFi信号取名字
[AC-wlan-ssid-prof-bangong] ssid bangong
[AC-wlan-ssid-prof-bangong] quit
[AC-wlan-view] vap-profile name guest //配置VAP末班,用于关联各种配置模板,给来宾用
[AC-wlan-vap-prof-guest] service-vlan vlan-pool sta-pool1
[AC-wlan-vap-prof-guest] security-profile guest
[AC-wlan-vap-prof-guest] ssid-profile guest
[AC-wlan-vap-prof-guest] quit
[AC-wlan-view] vap-profile name bangong //配置VAP末班,用于关联各种配置模板,给内部员工用
[AC-wlan-vap-prof-bangong] service-vlan vlan-pool sta-pool2
[AC-wlan-vap-prof-bangong] security-profile bangong
[AC-wlan-vap-prof-bangong] ssid-profile bangong
[AC-wlan-vap-prof-bangong] quit
[AC-wlan-view] ap-group name guest //为指定的ap-group开启无线信道
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 0
[AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio 1
[AC-wlan-ap-group-guest] quit
[AC-wlan-view] ap-group name yuangong //为指定的ap-group开启无线信道
[AC-wlan-ap-group-yuangong] vap-profile bangong wlan 1 radio 0
[AC-wlan-ap-group-yuangong] vap-profile bangong wlan 1 radio 1
[AC-wlan-ap-group-yuangong] quit
5)无线终端连接“无线网络”,获得IP地址,测试连通性
STA2 访问 STA 4 ,顺利互通
STA>ping 10.23.104.254
Ping 10.23.104.254: 32 data bytes, Press Ctrl_C to break
From 10.23.104.254: bytes=32 seq=1 ttl=127 time=250 ms
From 10.23.104.254: bytes=32 seq=2 ttl=127 time=297 ms
From 10.23.104.254: bytes=32 seq=3 ttl=127 time=265 ms
From 10.23.104.254: bytes=32 seq=4 ttl=127 time=296 ms
From 10.23.104.254: bytes=32 seq=5 ttl=127 time=266 ms
--- 10.23.104.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 250/274/297 ms