Contents
旁挂二层组网-隧道转发
1.拓扑图
2.VLAN划分,开启DHCP
2.1.配置AR1
<Huawei>sys
[Huawei]sysname AR1
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.111.1 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]ip route-static 192.168.0.0 16 192.168.111.2
2.2.配置SW1
#--划分路由
<Huawei>sys
[Huawei]sysname sw1
[sw1]undo info-center enable
[sw1]vlan batch 100 110 111
[sw1]interface vlanif111
[sw1-Vlanif111]ip address 192.168.111.2 24
[sw1-Vlanif111]quit
[sw1]interface GigabitEthernet 0/0/2
[sw1-GigabitEthernet0/0/2]port link-type access
[sw1-GigabitEthernet0/0/2]port default vlan 111
[sw1-GigabitEthernet0/0/2]quit
[sw1]interface vlanif110
[sw1-Vlanif110]ip address 192.168.110.1 24
[sw1-Vlanif110]quit
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]port link-type trunk
[sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 110
[sw1-GigabitEthernet0/0/3]port trunk pvid vlan 110
[sw1-GigabitEthernet0/0/3]quit
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 100
#--添加路由
[sw1]ip route-static 0.0.0.0 0 192.168.111.1
[sw1]ip route-static 192.168.0.0 16 192.168.110.2
2.3.配置AC
#--配置VLAN
<AC6005>sys
[AC6005]sysname AC
[AC]vlan batch 100 101 102 110
[AC]interface vlanif 100
[AC-Vlanif100]ip address 192.168.100.1 24
[AC-Vlanif100]interface vlanif 101
[AC-Vlanif101]ip address 192.168.101.1 24
[AC-Vlanif101]interface vlanif 102
[AC-Vlanif102]ip address 192.168.102.1 24
[AC-Vlanif102]interface vlanif 110
[AC-Vlanif110]ip address 192.168.110.2 24
[AC-Vlanif110]quit
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk pvid vlan 110
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
[AC-GigabitEthernet0/0/1]quit
[AC]interface vlanif110
[AC-Vlanif110]ip address 192.168.110.2 24
[AC-Vlanif110]quit
[AC]display ip interface brief
#--开启DHCP
[AC]dhcp enable
[AC]ip pool vlan100
[AC-ip-pool-vlan100]network 192.168.100.0 mask 24
[AC-ip-pool-vlan100]gateway-list 192.168.100.1
[AC-ip-pool-vlan100]quit
[AC]ip pool vlan101
[AC-ip-pool-vlan101]network 192.168.101.0 mask 24
[AC-ip-pool-vlan101]gateway-list 192.168.101.1
[AC-ip-pool-vlan101]dns-list 8.8.8.8
[AC-ip-pool-vlan101]quit
[AC]ip pool vlan102
[AC-ip-pool-vlan102]network 192.168.102.0 mask 24
[AC-ip-pool-vlan102]gateway-list 192.168.102.1
[AC-ip-pool-vlan102]dns-list 8.8.8.8
[AC-ip-pool-vlan102]quit
[AC]interface vlanif100
[AC-Vlanif100]dhcp select global
[AC-Vlanif100]interface vlanif101
[AC-Vlanif101]dhcp select global
[AC-Vlanif101]interface vlanif102
[AC-Vlanif102]dhcp select global
#--添加路由
[AC]ip route-static 0.0.0.0 0 192.168.110.1
3.配置AP上线
3.1.指定和AP建立CAPWAP的地址或接口
<AC>sys
[AC]capwap source interface vlanif 100
3.2.配置域管理模块
[AC]wlan
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
3.3.创建AP组
[AC-wlan-view]ap-group name ap-office1
[AC-wlan-ap-group-ap-office1]regulatory-domain-profile default
[AC-wlan-ap-group-ap-office1]quit
[AC-wlan-view]ap-group name ap-office2
[AC-wlan-ap-group-ap-office2]regulatory-domain-profile default
[AC-wlan-ap-group-ap-office2]quit
3.4.将AP添加到AP组
[AC-wlan-view]ap auth-mode ?
mac-auth MAC authenticated mode, default authenticated mode
no-auth No authenticated mode
sn-auth SN authenticated mode
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 1 ap-mac 00E0-FCF1-1820
[AC-wlan-ap-1]ap-name ap1
[AC-wlan-ap-1]ap-group ap-office1
[AC-wlan-ap-1]quit
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 2 ap-mac 00e0-fc08-7db0
[AC-wlan-ap-2]ap-name ap2
[AC-wlan-ap-2]ap-group ap-office1
[AC-wlan-ap-2]quit
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 3 ap-mac 00e0-fc46-0420
[AC-wlan-ap-3]ap-name ap3
[AC-wlan-ap-3]ap-group ap-office2
[AC-wlan-ap-3]quit
[AC-wlan-view]ap auth-mod mac-auth
[AC-wlan-view]ap-id 4 ap-mac 00e0-fceb-1690
[AC-wlan-ap-4]ap-name ap4
[AC-wlan-ap-4]ap-group ap-office2
[AC-wlan-ap-4]quit
3.5.配置SSID模板
[AC-wlan-view]ssid-profile name ssid-office1
[AC-wlan-ssid-prof-ssid-office1]ssid AP-office1
[AC-wlan-ssid-prof-ssid-office1]quit
[AC-wlan-view]ssid-profile name ssid-office2
[AC-wlan-ssid-prof-ssid-office2]ssid AP-office2
[AC-wlan-ssid-prof-ssid-office2]quit
3.6.配置安全模板
[AC-wlan-view]security-profile name Sec-office1
[AC-wlan-sec-prof-Sec-office1]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-Sec-office1]quit
[AC-wlan-view]security-profile name Sec-office2
[AC-wlan-sec-prof-Sec-office2]security wpa-wpa2 psk pass-phrase b1234567 aes
[AC-wlan-sec-prof-Sec-office2]quit
3.7.配置VAP模板
[AC-wlan-view]vap-profile name vap-office1
[AC-wlan-vap-prof-vap-office1]forward-mode tunnel
[AC-wlan-vap-prof-vap-office1]service-vlan vlan-id 101
[AC-wlan-vap-prof-vap-office1]ssid-profile ssid-office1
[AC-wlan-vap-prof-vap-office1]security-profile Sec-office1
[AC-wlan-vap-prof-vap-office1]quit
[AC-wlan-view]vap-profile name vap-office2
[AC-wlan-vap-prof-vap-office2]forward-mode tunnel
[AC-wlan-vap-prof-vap-office2]service-vlan vlan-id 102
[AC-wlan-vap-prof-vap-office2]ssid-profile ssid-office2
[AC-wlan-vap-prof-vap-office2]security-profile Sec-office2
[AC-wlan-vap-prof-vap-office2]quit
3.8.在AP组中应用模板
[AC-wlan-view]ap-group name ap-office1
[AC-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 0
[AC-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 1
[AC-wlan-ap-group-ap-office1]quit
[AC-wlan-view]ap-group name ap-office2
[AC-wlan-ap-group-ap-office2]vap-profile vap-offcie2 wlan 2 radio 0
[AC-wlan-ap-group-ap-office2]vap-profile vap-office2 wlan 2 radio 1
[AC-wlan-ap-group-ap-office2]quit
3.9.查看上线情况
[AC]display vap all
[AC]display vap ssid AP-office1
4.测试
[AC]display station all
抓包
