交换机sw2配置
创建vlanvlan batch 10 20 30 40 50 60 70
进入接口,trunk模式
interface gigabitethernet g0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60
批量创建接口加入trunk模式,pvid为10
port-group group-member g0/0/2 to g0/0/6
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60
port trunk pvid vlan 10
交换机sw1配置
批量创建vlan10 20 30 40 50 60 70
vlan batch 10 20 30 40 50 60 70
交换机sw1核心交换机,为用户的网关,也为dhcp服务器
进入vlan接口,创建IP地址
interface vlanif 10
ip address 192.168.10.2 24
quit
interface vlanif 20
ip address 192.168.20.1 24
quit
interface vlanif 30
ip address 192.168.30.1 24
quit
interface vlanif 40
ip address 192.168.40.1 24
quit
interface vlanif 50
ip address 192.168.50.1 24
quit
interface vlanif 60
ip address 192.168.60.1 24
quit
开启dhcp服务
dhcp enable
创建ip地址池
ip pool vlan20
network 192.168.20.0 mask 24
gateway-list 192.168.20.1
quit
ip pool vlan30
network 192.168.30.0 mask 24
gateway-list 192.168.30.1
quit
ip pool vlan40
network 192.168.40.0 mask 24
gateway-list 192.168.40.1
quit
ip pool vlan50
network 192.168.50.0 mask 24
gateway-list 192.168.50.1
quit
ip pool vlan60
network 192.168.60.0 mask 24
gateway-list 192.168.60.1
quit
进入vlan接口,开启全局模式
interface vlanif 20
dhcp select global
quit
interface vlanif 30
dhcp select global
quit
interface vlanif 40
dhcp select global
quit
interface vlanif 50
dhcp select global
quit
interface vlanif 60
dhcp select global
quit
与路由器AC、sw2接口配置
interface gigabitethernet 0/0/1
port link-type access
port default vlan 70
interface gigabitethernet 0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 40 50 60
iinterface gigabitethernet 0/0/3
port link-type access
port default vlan 10
默认路由
ip route-static 0.0.0.0 0 192.168.70.1
AC的配置
创建vlan10
vlan batch 10
开启dhcp服务
dhcp enable
进入vlan10接口
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
quit
进入g0/0/1接口
interface GigabitEthernet0/0/1
接口为access模式并加入vlan10
port link-type access
port default vlan 10
AC到路由器的静态路由
ip route-static 192.168.70.0 255.255.255.0 192.168.10.2
进入无线
wlan
创建AP组
ap-group name vlan20
quit
ap-group name vlan30
quit
ap-group name vlan40
quit
ap-group name vlan50
quit
ap-group name vlan60
quit
创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板
regulatory-domain-profile name default
country-mode cn
quit
ap-group name vlan20
regulatory-domain-profile default
quit
ap-group name vlan30
regulatory-domain-profile default
quit
ap-group name vlan40
regulatory-domain-profile default
quit
ap-group name vlan50
regulatory-domain-profile default
quit
ap-group name vlan60
regulatory-domain-profile default
quit
quit
配置AC源接口
capwap source interface vlanif 10
进入无线
wlan
MAC地址认证,并将AP加入组vlan20
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fc53-1a40
ap-name 1
ap-group vlan20
quit
ap-id 2 ap-mac 00e0-fcde-5c30
ap-name 2
ap-group vlan30
quit
ap-id 3 ap-mac 00e0-fc60-2040
ap-name 3
quit
ap-group vlan40
ap-id 4 ap-mac 00e0-fc14-2590
ap-name 4
ap-group vlan50
quit
ap-id 5 ap-mac 00e0-fc60-6ec0
ap-name 6
ap-group vlan60
quit
将AP插上电后,输入display ap all 查看“State”字段是否显示nor“,如显示“nor”表示AP正常上线
display ap all
配置安全模板,设置密码
security-profile name vlan20
security wpa-wap2 psk pass-phrase 12345678 aes
quit
security-profile name vlan30
security wpa-wpa2 psk pass-phrase 12345678 aes
quit
security-profile name vlan40
security wpa-wpa2 psk pass-phrase 12345678 aes
quit
security-profile name vlan50
security wpa-wpa2 psk pass-phrase 12345678 aes
quit
security-profile name vlan60
security wpa-wpa2 psk pass-phrase 12345678 aes
quit
创建ssid模板
ssid-profile name vlan20
ssid HUAWEI
quit
ssid-profile name vlan30
ssid HUAWEI
quit
ssid-profile name vlan40
ssid HUAWEI
quit
ssid-profile name vlan50
ssid HUAWEI
quit
ssid-profile name vlan60
ssid HUAWEI
quit
创建VAP模板,配置业务数据转发模式、业务vlan,引用ssid模板和安全模板
vap-profile name vlan20
forward-mode direct-forward
ssid-profile vlan20
security-prifile vlan20
service-vlan vlanid 20
quit
vap-profile name vlan30
forward-mode direct-forward
ssid-prodile vlan30
security-profile vlan30
service-vlan vlan-id 30
quit
vap-profile name vlan40
ssid-profile vlan40
security-profile vlan40
service-vlan vlan-id 40
forward-mode direct-forward
quit
vap-profile name vlan50
security-profile vlan50
ssid-profile vlan50
service-vlan vlan-id 50
forward-mode direct-forward
quit
vap-profile name vlan60
service-vlan vlan-id 60
ssid-profile vlan60
security-profile vlan60
forward-mode direct-forward
quit
配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板的配置
ap-group name vlan20
vap-profile vlan20 wlan 1 radio 0
vap-profile vlan20 wlan 1 radio 1
quit
ap-group name vlan30
vap-profile vlan30 wlan 1 radio 0
vap-profile vlan30 wlan 1 radio 1
quit
ap-group name vlan40
vap-profile vlan40 wlan 1 radio 0
vap-profile vlan40 wlan 1 radio 1
quit
ap-group name vlan50
vap-profile vlan50 wlan 1 radio 0
vap-profile vlan50 wlan 1 radio 1
quit
ap-group name vlan60
vap-profile vlan60 wlan 1 radio 0
vap-profile vlan60 wlan 1 radio 1
quit
通过命令display vap ssid HUAWEI可查询AP是否在VAP创建成功
通过命令display station ssid HUAWEI可查询用户分别接入无线网络
路由器ar1配置
接口配置
interface gigabitethernet 0/0/1
ip address 192.168.70.1 24
配置到达sw1的静态路由
ip route-static 192.168.20.0 24 192.168.70.2
ip route-static 192.168.30.0 24 192.168.70.2
ip route-static 192.168.40.0 24 192.168.70.2
ip route-static 192.168.50.0 24 192.168.70.2
ip route-static 192.168.60.0 24 192.168.70.2