Contents
旁挂三层组网-隧道转发
1.拓扑图
2.配置AR1
<Huawei>sy
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.111.1 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 192.168.0.0 16 192.168.111.2
3.配置LSW1
<Huawei>sys
[Huawei]vlan batch 100 200 111
[Huawei]undo info-center enable
[Huawei]interface vlanif 100
[Huawei-Vlanif100]ip address 192.168.100.1 24
[Huawei-Vlanif100]interface vlanif 111
[Huawei-Vlanif111]ip address 192.168.111.2 24
[Huawei-Vlanif111]interface vlanif 200
[Huawei-Vlanif200]ip address 192.168.200.1 24
[Huawei-Vlanif200]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 111
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 200
[Huawei-GigabitEthernet0/0/3]quit
[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 100
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]display ip interface brief
[Huawei]ip pool 100
[Huawei-ip-pool-100]network 192.168.100.0 mask 24
[Huawei-ip-pool-100]gateway-list 192.168.100.1
[Huawei-ip-pool-100]option 43 sub-option 3 ascii 192.168.200.10
[Huawei-ip-pool-100]quit
[Huawei]dhcp enable
[Huawei]interface vlanif100
[Huawei-Vlanif100]dhcp select global
[Huawei-Vlanif100]quit
[Huawei]ip route-static 0.0.0.0 0 192.168.111.1
[Huawei]ip route-static 192.168.0.0 16 192.168.200.10
4.配置LSW2
<Huawei>sys
[sw2]vlan 100
[sw2-vlan100]quit
[sw2]undo info-center enable
[sw2]port-group 1to4
[sw2-port-group-1to4]group-member Ethernet 0/0/1 to Ethernet 0/0/4
[sw2-port-group-1to4]port link-type access
[sw2-port-group-1to4]port default vlan 100
[sw2]interface GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 100
5.配置AC
<AC6005>sys
[AC6005]sysname AC1
[AC1]undo info-center enable
[AC1]vlan batch 101 102 200
[AC1]interface vlanif 101
[AC1-Vlanif101]ip address 192.168.101.1 24
[AC1-Vlanif101]interface vlanif 102
[AC1-Vlanif102]ip address 192.168.102.1 24
[AC1-Vlanif102]interface vlanif 200
[AC1-Vlanif200]ip address 192.168.200.10 24
[AC1-Vlanif200]quit
[AC1]interface GigabitEthernet 0/0/1
[AC1-GigabitEthernet0/0/1]port link-type access
[AC1-GigabitEthernet0/0/1]port default vlan 200
[AC1-GigabitEthernet0/0/1]quit
[AC1]ip pool 101
Info: It is successful to create an IP address pool.
[AC1-ip-pool-101]network 192.168.101.0 mask 24
[AC1-ip-pool-101]gateway-list 192.168.101.1
[AC1-ip-pool-101]dns-list 8.8.8.8
[AC1-ip-pool-101]quit
[AC1]ip pool 102
Info: It is successful to create an IP address pool.
[AC1-ip-pool-102]network 192.168.102.0 mask 24
[AC1-ip-pool-102]gateway-list 192.168.102.1
[AC1-ip-pool-102]dns-list 8.8.8.8
[AC1-ip-pool-102]quit
[AC1]dhcp enable
[AC1]interface vlanif101
[AC1-Vlanif101]dhcp select global
[AC1-Vlanif101]interface vlanif102
[AC1-Vlanif102]dhcp select global
[AC1-Vlanif102]quit
[AC1]ip route-static 0.0.0.0 0 192.168.200.1
6.配置AP上线
6.1.指定和AP建立CAPWAP的地址或接口
<AC>sys
[AC]capwap source interface vlanif 100
6.2.配置域管理模块
[AC]wlan
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
6.3.创建AP组
[AC-wlan-view]ap-group name ap-office1
[AC-wlan-ap-group-ap-office1]regulatory-domain-profile default
[AC-wlan-ap-group-ap-office1]quit
[AC-wlan-view]ap-group name ap-office2
[AC-wlan-ap-group-ap-office2]regulatory-domain-profile default
[AC-wlan-ap-group-ap-office2]quit
6.4.将AP添加到AP组
[AC-wlan-view]ap auth-mode ?
mac-auth MAC authenticated mode, default authenticated mode
no-auth No authenticated mode
sn-auth SN authenticated mode
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 1 ap-mac 00E0-FCF1-1820
[AC-wlan-ap-1]ap-name ap1
[AC-wlan-ap-1]ap-group ap-office1
[AC-wlan-ap-1]quit
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 2 ap-mac 00e0-fc08-7db0
[AC-wlan-ap-2]ap-name ap2
[AC-wlan-ap-2]ap-group ap-office1
[AC-wlan-ap-2]quit
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 3 ap-mac 00e0-fc46-0420
[AC-wlan-ap-3]ap-name ap3
[AC-wlan-ap-3]ap-group ap-office2
[AC-wlan-ap-3]quit
[AC-wlan-view]ap auth-mod mac-auth
[AC-wlan-view]ap-id 4 ap-mac 00e0-fceb-1690
[AC-wlan-ap-4]ap-name ap4
[AC-wlan-ap-4]ap-group ap-office2
[AC-wlan-ap-4]quit
6.5.配置SSID模板
[AC-wlan-view]ssid-profile name ssid-office1
[AC-wlan-ssid-prof-ssid-office1]ssid AP-office1
[AC-wlan-ssid-prof-ssid-office1]quit
[AC-wlan-view]ssid-profile name ssid-office2
[AC-wlan-ssid-prof-ssid-office2]ssid AP-office2
[AC-wlan-ssid-prof-ssid-office2]quit
6.6.配置安全模板
[AC-wlan-view]security-profile name Sec-office1
[AC-wlan-sec-prof-Sec-office1]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-Sec-office1]quit
[AC-wlan-view]security-profile name Sec-office2
[AC-wlan-sec-prof-Sec-office2]security wpa-wpa2 psk pass-phrase b1234567 aes
[AC-wlan-sec-prof-Sec-office2]quit
6.7.配置VAP模板
[AC-wlan-view]vap-profile name vap-office1
[AC-wlan-vap-prof-vap-office1]forward-mode tunnel
[AC-wlan-vap-prof-vap-office1]service-vlan vlan-id 101
[AC-wlan-vap-prof-vap-office1]ssid-profile ssid-office1
[AC-wlan-vap-prof-vap-office1]security-profile Sec-office1
[AC-wlan-vap-prof-vap-office1]quit
[AC-wlan-view]vap-profile name vap-office2
[AC-wlan-vap-prof-vap-office2]forward-mode tunnel
[AC-wlan-vap-prof-vap-office2]service-vlan vlan-id 102
[AC-wlan-vap-prof-vap-office2]ssid-profile ssid-office2
[AC-wlan-vap-prof-vap-office2]security-profile Sec-office2
[AC-wlan-vap-prof-vap-office2]quit
6.8.在AP组中应用模板
[AC-wlan-view]ap-group name ap-office1
[AC-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 0
[AC-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 1
[AC-wlan-ap-group-ap-office1]quit
[AC-wlan-view]ap-group name ap-office2
[AC-wlan-ap-group-ap-office2]vap-profile vap-offcie2 wlan 2 radio 0
[AC-wlan-ap-group-ap-office2]vap-profile vap-office2 wlan 2 radio 1
[AC-wlan-ap-group-ap-office2]quit
7.测试
