华为无线典型场景之AC旁挂核心交换机直接转发

上张贴CrossGrave发表回复

场景说明:业务vlan为10,管理vlan为201和200,其中VLAN 201为管理AP使用,VLAN 200为AC与核心交换机连接使用。核心交换机作为业务vlan的DHCP服务器,AP的管理地址由AC进行分配,在Router处做NAT,配置完毕后使STA可以正常上网访问111.111.111.111。

CSW配置:

#
sysname SW
#
vlan batch 10 100 200 to 201
#
dhcp enable
#
ip pool vlan10   //这里配置AP业务vlan的DHCP地址池
 gateway-list 192.168.10.254
 network 192.168.10.0 mask 255.255.255.0
 dns-list 114.114.114.114
#
interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
 dhcp select global
#
interface Vlanif100
 ip address 192.168.100.2 255.255.255.252
#
interface Vlanif200
 ip address 192.168.200.254 255.255.255.0
#
interface Vlanif201  
 ip address 192.168.201.254 255.255.255.0
 dhcp select relay  //这里采用中继模式,中继地址为AC,为AP分配管理地址
 dhcp relay server-ip 192.168.200.253
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 201
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 201
 port-isolate enable group 1
#
interface GigabitEthernet0/0/23
 port link-type access
 port default vlan 100
 stp edged-port enable
#
interface GigabitEthernet0/0/24
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 200
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
#
return

AC配置:

#
sysname AC
#
vlan 200
#
vlan pool AP-1  //创建业务vlan池,这里指定业务vlan为vlan10
 vlan 10
#
dhcp enable
#
ip pool AP  //配置AP管理地址池,用于给AP分配管理地址
 gateway-list 192.168.201.254 
 network 192.168.201.0 mask 255.255.255.0 
 option 43 sub-option 3 ascii 192.168.200.253 
#
interface Vlanif200  //这里是与交换机进行三层通讯使用
 ip address 192.168.200.253 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 200
#
ip route-static 192.168.201.0 255.255.255.0 192.168.200.254
#
capwap source interface vlanif200 //指定AC与AP建立的CAPWAP接口
#
wlan
 security-profile name AP-1 //设置安全配置文件,和预设密码
  security wpa-wpa2 psk pass-phrase %^%#A$BLST*u==ktOTNU|7`%uvGMN|ET:NKBNJ/jk{XY
%^%# aes
 ssid-profile name AP-1 //设置SSID配置文件用于设置无线名称
  ssid AP-1
 vap-profile name AP-1  //设置VAP模板,用于组合SSID和安全文件,指定业务vlan等功能
  service-vlan vlan-pool AP-1
  ssid-profile AP-1
  security-profile AP-1
 regulatory-domain-profile name AP-1 //设置地域配置,默认国家码为cn
 ap-group name ap-group-1 //配置AP组,指定相应的地址配置文件
  regulatory-domain-profile AP-1
  radio 0
   vap-profile AP-1 wlan 1
  radio 1
   vap-profile AP-1 wlan 1
 ap-id 0 type-id 60 ap-mac 00e0-fcaa-5710 ap-sn 210235448310D571237B //通过MAC方式绑定AP,并且指定AP范围和AP所分配的组
  ap-name Area-1
  ap-group ap-group-1
#
return

发表评论

您的电子邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据