WLAN三层组网及实验

WLAN三层组网实验

WLAN三层组网：AP和AC之间的组网为三层
VLAN101 102 ：业务VLAN
VLAN200 管理VLAN->管理AP
DHCP Server：①为AP分配地址->SW1为DHCP服务器
②为STA分配地址->SW1为DHCP服务器

组网图如下：

DHCP中继：DHCP中继能够跨网段“透传”DHCP报文，使得一个DHCP服务器同时为多个网段服务成为可能。

如上所示，RTA为DHCP中继，ClientB可以通过RTA连接到DHCP服务器而获得地址。

DHCP中继相关配置命令：

配置案例关键部分：

上图中AC的配置如下：

[AC] interface Vlanif 10
[AC-Vlanif10] ip address 10.1.1.2 24
[AC-Vlanif10] quit
[AC] interface Vlanif 20
[AC-Vlanif20] ip address 172.21.1.1 24
[AC-Vlanif20] quit

[AR] interface GigabitEthernet 0/0/1
[AR-GigabitEthernet0/0/1] ip address 172.21.1.2 24
[AR-GigabitEthernet0/0/1] quit

[AC] dhcp server group AP
[AC-dhcp-server-group-AP] dhcp-server 172.21.1.2
[AC-dhcp-server-group-AP] quit
[AC] interface Vlanif 10
[AC-Vlanif10] dhcp select relay
[AC-Vlanif10] dhcp relay server-select AP
[AC-Vlanif10] quit
//AR的配置如下
[AR] ip pool AP	
[AR-ip-pool-AP] network 10.1.1.0 mask 24
[AR-ip-pool-AP] gateway-list 10.1.1.2
[AR-ip-pool-AP] excluded-ip-address 10.1.1.1
[AR-ip-pool-AP] quit
[AR] interface GigabitEthernet 0/0/1
[AR-GigabitEthernet0/0/1] dhcp select global
[AR-GigabitEthernet0/0/1] quit
[AR] ip route-static 10.1.1.0 255.255.255.0 172.21.1.1

在AC和AP间是二层组网的情况下，也可以配置Option43，AP会根据Option43的内容先向指定IP地址的AC发送单播请求报文，如果发送十次报文，AP都没有收到回应，则AP会继续以广播的方式来发现同一网段的AC。所以在二层组网的情况下Option 43不是必配的参数，但在三层组网的情况下则是必配的。

Option 43即为Type值为43（0x2B）的Option字段，又称为厂商特定信息选项，DHCP服务器和DHCP客户端通过Option43交换厂商特定的信息。当DHCP服务器接收到请求Option43信息的DHCP请求报文后，将在回复报文中携带Option43，为DHCP客户端分配厂商指定的信息（本文中特指AC的IP地址）。

在华为ENSP模拟器上配置ASCII模式可以生效。

option 43 sub-option 3 ascii 192.168.0.1,192.168.0.2配置设备为AP指定AC的IP地址为192.168.0.1和192.168.0.2，选项使用ASCII字符串类型时，如果要配置多个IP地址，IP地址之间要使用“,”隔开。

[Huawei]sys R1
[R1]int loop0
[R1-LoopBack0]ip address 10.10.10.10 32
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.12.2 24
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0                       

[R1]ip pool AP                                                         //AP的IP地址段
[R1-ip-pool-AP]gateway-list 10.0.22.1
[R1-ip-pool-AP]network 10.0.22.0 mask 24
[R1-ip-pool-AP]dns-list 114.114.114.114 8.8.8.8
[R1-ip-pool-AP]option 43 sub-option 3 ascii 11.11.11.11                              //AP通过dhcp获取到AC的capwap隧道建立的地址

[R1]ip pool VLAN101														//业务VLAN101 IP地址段
[R1-ip-pool-VLAN101]gateway-list 192.168.1.254
[R1-ip-pool-VLAN101]network 192.168.1.0 mask 24

[R1]ip pool VLAN102														//业务VLAN102 IP地址段
[R1-ip-pool-VLAN102]gateway-list 192.168.2.254
[R1-ip-pool-VLAN102]network 192.168.2.0 mask 24

[R1]dhcp enable
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global								//在接口开其dhcp功能，选择全局地址池

[SW1]vlan batch 10 100 101 102 200

[SW1]int g0/0/1													//与R1互联的地址
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10

[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 4094

[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 200

[SW1-Vlanif10]ip address 10.0.12.1 255.255.255.0
[SW1-Vlanif100]ip address 10.0.11.2 255.255.255.0
[SW1-Vlanif101]ip address 192.168.1.254 255.255.255.0
[SW1-Vlanif102]ip address 192.168.2.254 255.255.255.0
[SW1-Vlanif200]ip address 10.0.22.1 255.255.255.0

[SW1]ospf 1
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0

SW1上配置DHCP中继：

[SW1]dhcp server group AP										//配置dhcp服务器组
[SW1-dhcp-server-group-ap]dhcp-server 10.0.12.2					//配置dhcp服务器地址	

[SW1]int vlanif101												
[SW1-Vlanif101]dhcp select relay								//开启dhcp中继
[SW1-Vlanif101]dhcp relay server-select ap	

[SW1]int vlanif102
[SW1-Vlanif102]dhcp select relay
[SW1-Vlanif102]dhcp relay server-select ap

[SW1]int vlanif200
[SW1-Vlanif200]dhcp select relay
[SW1-Vlanif200]dhcp relay server-select ap

查看AP通过DHCP获取是否获取到地址：AP正确获取到地址

SW2相关配置：

[SW2]vlan batch 101 to 102 200
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 200
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk pvid vlan 200
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 200
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk pvid vlan 200
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 200

AC的配置：

[AC1]vlan batch 100 101 102
[AC1]int g0/0/2
[AC1-GigabitEthernet0/0/2]port link-type trunk
[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 to 4094    //允许所有VLAN通过

[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name wlan-net           //创建域管理模版
[AC1-wlan-regulate-domain-hcip]country-code cn				//指定国家码
[AC1-wlan-view]ap-group name linus
[AC1-wlan-ap-group-linus]regulatory-domain-profile wlan-net     //在ap-group中引入域管理模版

[AC1]capwap source interface loopback0						//指定capwap隧道建立的接口或者源地址
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth            			//配置认证模式，此处为MAC地址认证
[AC1-wlan-ap-1]ap-id 1 type-id 56 ap-mac 00e0-fce5-3400 ap-sn 21023544831089034427
[AC1-wlan-ap-1]ap-name AP1
[AC1-wlan-ap-1]ap-group linus
[AC1-wlan-ap-2]ap-id 2 type-id 56 ap-mac 00e0-fc60-0490 ap-sn 2102354483104A7EAA12
[AC1-wlan-ap-2]ap-name AP2
[AC1-wlan-ap-2]ap-group linus

[AC1-wlan-view]security-profile name wlan-net				//配置安全模版
[AC1-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase 12345678 aes
[AC1-wlan-view]ssid-profile name wlan-net					//配置ssid模版
[AC1-wlan-ssid-prof-wlan-net]ssid HCIP2001
[AC1-wlan-view]vap-profile name wlan-net
[AC1-wlan-vap-prof-wlan-net] forward-mode tunnel			//指定转发模式：隧道转发 直通转发
[AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101		//配置业务VLAN
[AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net			//ssid模版引入ap-group
[AC1-wlan-vap-prof-wlan-net] security-profile wlan-net		//安全模版引入ap-group

[AC1-wlan-ap-group-linus]vap-profile wlan-net wlan 1 radio 1  //在ap组中应用vap模版
[AC1-wlan-ap-group-linus]vap-profile wlan-net wlan 1 radio 2

查看AP是否上线：

查看STA通过DHCP获取的地址：

AP运行结果：

实验结果如上：STA正常连接到WLAN，可以ping通10.10.10.10

posted @ 2023-03-10 00:37 LXVC_Z 阅读(1068) 评论(0) 收藏举报

刷新页面返回顶部

LXVC_Z

WLAN三层组网及实验

WLAN三层组网实验

公告