WLAN综合实验-三层旁挂组网+直接转发+隧道转发
实验说明
本次实验采用三层旁挂组网方式,同时采用隧道转发和本地转发两种模式进行数据转发。
实验拓扑图
实验要求:
1、完成基础网络的互联互通配置;
2、WLAN采购三层旁挂组网+隧道转发+直接转发;
3、提供2个无线SSID,分别为给企业员工和外部访客上网
实验规划:
管理VLAN:10
业务VLAN:20/30
① SSID:Niu-Office 密码:12345678
VLAN:20
安全策略:WPA-WPA2+AES
转发模式:直接转发
② SSID:Niu-Guest 密码:无
VLAN:30
安全策略:开放系统
转发模式:隧道转发
步骤一:基础配置网络互通
SW2配置如下: [SW2]vlan batch 10 20 [SW2]interface GigabitEthernet0/0/1 [SW2-GigabitEthernet0/0/1] port link-type trunk [SW2-GigabitEthernet0/0/1] port trunk pvid vlan 10 ..........PVID设置为管理vlan10 [SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 ....允许管理vlan10和直接转发的业务vlan20 [SW2-GigabitEthernet0/0/1] quit [SW2]interface GigabitEthernet0/0/2 [SW2-GigabitEthernet0/0/2] port link-type trunk [SW2-GigabitEthernet0/0/2] port trunk pvid vlan 10 [SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20 [SW2-GigabitEthernet0/0/2] quit [SW2]interface GigabitEthernet0/0/3 [SW2-GigabitEthernet0/0/3] port link-type trunk [SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 ....允许管理vlan10和直接转发的业务vlan20 [SW2-GigabitEthernet0/0/3] quit
SW1配置如下:
[SW1]vlan batch 10 20 30 50 60 .........................批量创建VLAN10/20/30/50/60 [SW1]interface GigabitEthernet0/0/1 ...................端口划分及放行对应VLAN [SW1-GigabitEthernet0/0/1] port link-type access [SW1-GigabitEthernet0/0/1] port default vlan 50 [SW1-GigabitEthernet0/0/1] quit [SW1]interface GigabitEthernet0/0/2 [SW1-GigabitEthernet0/0/2] port link-type trunk [SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 30 60 .....允许互通的VLAN60和隧道转发的业务VLAN30 [SW1-GigabitEthernet0/0/2] quit [SW1]interface GigabitEthernet0/0/3 [SW1-GigabitEthernet0/0/3] port link-type trunk [SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 .....允许管理VLAN10和直接转发的业务VLAN20 [SW1-GigabitEthernet0/0/3] quit
[SW1]interface Vlanif10 [SW1-Vlanif10] ip address 10.0.10.1 255.255.255.0 ............配置虚拟端口,实现三层互通 [SW1-Vlanif10] quit [SW1]interface Vlanif20 [SW1-Vlanif20] ip address 10.0.20.1 255.255.255.0 [SW1-Vlanif20] quit [SW1]interface Vlanif30 [SW1-Vlanif30] ip address 10.0.30.1 255.255.255.0 [SW1-Vlanif30] quit [SW1]interface Vlanif50 [SW1-Vlanif50] ip address 10.0.50.2 255.255.255.0 [SW1-Vlanif50] quit [SW1]interface Vlanif60 [SW1-Vlanif60] ip address 10.0.60.2 255.255.255.0 [SW1-Vlanif60] quit [SW1]ip route-static 0.0.0.0 0.0.0.0 10.0.50.1 [SW1]ip route-static 10.10.10.10 255.255.255.255 10.0.60.1
AR1配置如下:
[AR1]interface GigabitEthernet0/0/1 [AR1-GigabitEthernet0/0/1] ip address 10.0.50.1 255.255.255.0 [AR1-GigabitEthernet0/0/1] quit [AR1]interface LoopBack0 [AR1-LoopBack0] ip address 1.1.1.1 255.255.255.255 [AR1-LoopBack0] quit [AR1]ip route-static 10.0.20.0 255.255.255.0 10.0.50.2 [AR1]ip route-static 10.0.30.0 255.255.255.0 10.0.50.2
AC1配置如下:
[AC1]vlan batch 30 60 [AC1]interface Vlanif60 [AC1-Vlanif60] ip address 10.0.60.1 255.255.255.0 [AC1-Vlanif60]quit [AC1]interface GigabitEthernet0/0/1 [AC1-GigabitEthernet0/0/1] port link-type trunk [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 30 60 [AC1-GigabitEthernet0/0/1] quit [AC1]interface LoopBack0 [AC1-LoopBack0] ip address 10.10.10.10 255.255.255.255
[AC1-LoopBack0] quit
[AC1] ip route-static 10.0.10.0 24 10.0.60.2
步骤二:配置AP上线
【SW1】配置DHCP服务
在【SW1】的DHCP服务中为AP指定AC的地址
[SW1]dhcp enable ..................启用全局DHCP功能
#为管理VLAN和业务VLAN创建地址池 [SW1]ip pool vlan10 ..................创建地址池vlan10 [SW1-ip-pool-vlan10] gateway-list 10.0.10.1 ..................配置网关IP地址 [SW1-ip-pool-vlan10] network 10.0.10.0 mask 255.255.255.0 ........配置网关及掩码 [SW1-ip-pool-vlan10] option 43 sub-option 2 ip-address 10.10.10.10
...................................在dhcp服务中为AP指定AC的IP地址 [SW1-ip-pool-vlan10] quit [SW1]ip pool vlan20 ....................为企业员工创建地址池vlan20 [SW1-ip-pool-vlan20] gateway-list 10.0.20.1 [SW1-ip-pool-vlan20] network 10.0.20.0 mask 255.255.255.0 [SW1-ip-pool-vlan20] quit [SW1]ip pool vlan30 .....................为外部访客创建地址池vlan30 [SW1-ip-pool-vlan30] gateway-list 10.0.30.1 [SW1-ip-pool-vlan30] network 10.0.30.0 mask 255.255.255.0 [SW1-ip-pool-vlan30] quit
#接口下启用全局地址池 [SW1]interface Vlanif10 [SW1-Vlanif10] dhcp select global [SW1-Vlanif10] quit [SW1]interface Vlanif20 [SW1-Vlanif20] dhcp select global [SW1-Vlanif20] quit [SW1]interface Vlanif30 [SW1-Vlanif30] dhcp select global [SW1-Vlanif30] quit
【AC1】配置如下:
#配置AC源接口地址为loopback0
[AC1] capwap source interface loopback0
#创建AP组xiaoniu
[AC1-wlan-view] ap-group name xiaoniu
[AC1-wlan-ap-group-xiaoniu]
[AC1-wlan-ap-group-xiaoniu] quit
#配置AP认证方式为MAC认证,并添加AP,进行命名后加入AP组xiaoniu
[AC1-wlan-ap-0]ap-id 0 ap-mac 00e0-fcad-4a30
[AC1-wlan-view] ap-name AP1
[AC1-wlan-ap-0] ap-group xiaoniu
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:Y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-view] ap-id 1 ap-mac 00e0-fc69-02d0
[AC1-wlan-view] ap-name AP2
[AC1-wlan-ap-1] ap-group xiaoniu
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:Y
Info: This operation may take a few seconds. Please wait for a moment.. done.
步骤三:配置WLAN业务
【AC1】配置如下
[AC1]wlan .............................进入WLAN视图
[AC1-wlan-view] ssid-profile name Niu-Office .................创建SSID模板Niu-Office(名称可随意写) [AC1-wlan-ssid-prof-Niu-Office] ssid Niu-Office .................创建SSID:Niu-Office,就是无线WiFi名称 [AC1-wlan-ssid-prof-Niu-Office] quit [AC1-wlan-view] ssid-profile name Niu-Guest .................如上 [AC1-wlan-ssid-prof-Niu-Guest] ssid Niu-Guest .................如上 [AC1-wlan-ssid-prof-Niu-Guest] quit [AC1-wlan-view] security-profile name Niu-Office .................创建安全模板Niu-Office(名称可随意写) [AC1-wlan-sec-prof-Niu-Office] security wpa-wpa2 psk pass-phrase 12345678 aes ...设置安全策略为WPA-WPA2(认证方式)+AES(加密算法),密码为12345678 [AC1-wlan-sec-prof-Niu-Office] quit [AC1-wlan-view]security-profile name Niu-Guest .................如上 [AC1-wlan-sec-prof-Niu-Guest] security open .................无密码,可直接连接WiFi [AC1-wlan-sec-prof-Niu-Guest] quit [AC1-wlan-view] vap-profile name Niu-Office .................创建虚拟AP模板Niu-Office(名称可随意写) [AC1-wlan-vap-prof-Niu-Office] ssid-profile Niu-Office .............绑定SSID模板 [AC1-wlan-vap-prof-Niu-Office] security-profile Niu-Office ..........绑定安全模板 [AC1-wlan-vap-prof-Niu-Office] forward-mode direct-forward ..........设置数据转发模式为 直接转发(或者叫本地转发,即数据不经过无线控制器AC) [AC1-wlan-vap-prof-Niu-Office] service-vlan vlan-id 20 ..........设置业务VLAN为20 [AC1-wlan-vap-prof-Niu-Office] quit [AC1-wlan-view] vap-profile name Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] forward-mode tunnel [AC1-wlan-vap-prof-Niu-Guest] service-vlan vlan-id 30 [AC1-wlan-vap-prof-Niu-Guest] ssid-profile Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] security-profile Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] quit #配置域管理模板,此项可以省略 [AC1-wlan-view] regulatory-domain-profile name xiaoniu ............创建域管理模板 [AC1-wlan-regulate-domain-xiaoniu] country-code CN ............配置国家代码CN(即中国) [AC1-wlan-regulate-domain-xiaoniu] quit
#进入AP组xiaoniu,然后绑定VAP模板和域管理模板
[AC1-wlan-ap-group-xiaoniu] ap-group name xiaoniu
[AC1-wlan-view-ap-group-xiaoniu] vap-profile Niu-Office wlan 1 radio all ...绑定vap模板,并设置双频(即2.4GHz和5.0GHz)
[AC1-wlan-view-ap-group-xiaoniu] vap-profile Niu-Guest wlan 2 radio all
验证命令:
验证AP是否正常上线命令:display ap all
截图如下:
易错点
(•◡•) 觉得还不错,点个赞呗!!!
暂未写完,后续会慢慢补充每一步骤详细说明
浙公网安备 33010602011771号