1.组网需求
企业有出口网关R1
、汇聚交换机SW1
(L3
)、接入交换机SW2
(L2
)、AC
和AP
设备,要求部署无线网络,为员工提供无线上网服务。
具体需要求描述如下表:
组网需求 | 相关描述 |
---|---|
无线组网方式 | 旁挂三层组网 |
业务数据转发方式 | 直接转发 |
DHCP 部署方式 | 汇聚交换机SW1 作为DHCP 服务器为AP 和STA 分配IP 地址,并且在AP 的地址池中配置Option43 字段指定AC 源接口地址。 |
AP 管理 | VLAN 2 ,网段为192.168.2.0/24 。网关为汇聚交换机SW1 上的VLANIF2 接口IP |
无线业务 | VLAN 3 ,SSID 为OFFICE ,密码为HUAwei@2024 ,网段为192.168.3.0/24 。网关为汇聚交换机SW1 上的VLANIF3 接口IP 。 |
AC 与AP 建立管理隧道的源接口 | AC 上的VLANIF20 |
AC与汇聚交换机三层互联的接口 | VLANIF20 |
汇聚交换机SW1 与出口网关R1 三层互联的接口 | VLANIF10 |
2.组网图
3.配置过程
3.1配置接入交换机SW2
# 批量创建VLAN2
和VLAN3
,配置连接AP
的接口E0/0/1
和E0/0/2
链路类型为TRUNK
,修改PVID值=2
,允许VLAN2
和VLAN3
通过
[SW2]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]inter
[SW2]port-group group-member Ethernet 0/0/1 to Ethernet 0/0/2
[SW2-port-group]port link-type trunk
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/2]port link-type trunk
[SW2-port-group]port trunk pvid vlan 2
[SW2-Ethernet0/0/1]port trunk pvid vlan 2
[SW2-Ethernet0/0/2]port trunk pvid vlan 2
[SW2-port-group]port trunk allow-pass vlan 2 3
[SW2-Ethernet0/0/1]port trunk allow-pass vlan 2 3
[SW2-Ethernet0/0/2]port trunk allow-pass vlan 2 3
[SW2-port-group]quit
[SW2]
# 配置上连汇聚交换机SW1
的接口ge0/0/1
链路类型为trunk
,允许管理VLAN2
和业务VLAN3
通过
[SW2]int GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[SW2-GigabitEthernet0/0/1]quit
[SW2]
3.2配置汇聚交换机SW1
3.2.1透传管理VLAN
和业务VLAN
[SW1]vlan batch 2 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3
[SW1-GigabitEthernet0/0/2]quit
[SW1]
3.2.2配置DHCP服务器
配置DHCP
服务功能,为AP
和STA
分配IP
地址
[SW1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
# 创建管理VLAN三层接口,并指定AC与AP建立CAPWAP隧道的源地址
[SW1]interface vlanif 2
[SW1-Vlanif2]ip address 192.168.2.1 24
[SW1-Vlanif2]dhcp select interface
[SW1-Vlanif2]dhcp server option 43 sub-option 3 ascii 192.168.20.2
[SW1-Vlanif2]quit
# 创建业务VLAN三层接口,配置DHCP地址池
[SW1]interface vlanif 3
[SW1-Vlanif3]ip address 192.168.3.1 255.255.255.0
[SW1-Vlanif3]dhcp select interface
[SW1-Vlanif3]dhcp server dns-list 223.5.5.5 223.6.6.6
[SW1-Vlanif3]quit
[SW1]
3.2.3配置SW1与AC的三层互联
[SW1]vlan b 20
Info: This operation may take a few seconds. Please wait for a moment...done.
# 配置二层链路类型及允许通过的VLAN
[SW1]interface GigabitEthernet 0/0/24
[SW1-GigabitEthernet0/0/24]port link-type trunk
[SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan 20
[SW1-GigabitEthernet0/0/24]quit
[SW1]
# 配置三层互联地址
[SW1]interface vlanif 20
[SW1-Vlanif20]ip address 192.168.20.1 255.255.255.0
[SW1-Vlanif20]quit
[SW1]
3.2.4配置SW1与出口网关R1的三层互联
[SW1]vlan b 10
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]quit
# 配置三层接口及IP地址
[SW1]interface vlanif 10
[SW1-Vlanif10]ip address 192.168.10.2 255.255.255.0
[SW1-Vlanif10]quit
# 配置默认路由,下一跳为对端设备的IP
[SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.10.1
[SW1]
3.3配置无线网络控制器AC6005
3.3.1配置AP上线
(1)配置与汇聚交换机三层互联
[AC6005]vlan 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC6005-vlan20]quit
[AC6005]
[AC6005]interface GigabitEthernet 0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 20
[AC6005-GigabitEthernet0/0/1]quit
[AC6005]
[AC6005]interface vlanif 20
[AC6005-Vlanif20]ip address 192.168.20.2 255.255.255.0
[AC6005-Vlanif20]quit
[AC6005]
[AC6005]ip route-static 0.0.0.0 0.0.0.0 192.168.20.1
[AC6005]
(2)指定与AP
建立CAPWAP
隧道的源接口
[AC6005]capwap source interface vlanif 20
[AC6005]
(3)配置AP
认证模式
首先分别在AP
上查看其SN
信息,如下图:
同时在AC
上查看ap
类型,如下:
<AC6005>display ap-type all
--------------------------------------------------------------------------------
ID Type
--------------------------------------------------------------------------------
17 AP6010SN-GN
19 AP6010DN-AGN
21 AP6310SN-GN
23 AP6510DN-AGN
25 AP6610DN-AGN
27 AP7110SN-GN
28 AP7110DN-AGN
29 AP5010SN-GN
30 AP5010DN-AGN
31 AP3010DN-AGN
33 AP6510DN-AGN-US
34 AP6610DN-AGN-US
35 AP5030DN
36 AP5130DN
37 AP7030DE
38 AP2010DN
39 AP8130DN
40 AP8030DN
41 AP9130DN
42 AP9330DN
43 AP4030DN
44 AP4130DN
45 AP3030DN
46 AP2030DN
47 AP9131DN
48 AP9132DN
49 AP5030DN-S
50 AP3010DN-V2
51 AP4030DN-E
52 AD9430DN-24
53 AD9430DN-12
54 R230D
55 R240D
56 AP6050DN
57 AP6150DN
58 AP7050DE
59 AP7050DN-E
60 AP4030TN
61 AP4050DN-E
62 AP4050DN-HD
64 AP430-E
65 R250D
66 R250D-E
68 AP1010SN
69 AP2050DN
70 AP2050DN-E
71 AP8130DN-W
73 AP2050DN-S
74 AP5030DN-C
--------------------------------------------------------------------------------
Total: 49
<AC6005>
然后进行配置:
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode sn-auth
[AC6005-wlan-view]ap-id 1 type-id 56 ap-sn 210235448310EC0E2277
[AC6005-wlan-ap-1]quit
[AC6005-wlan-view]ap-id 2 type-id 56 ap-sn 2102354483104A30DA53
[AC6005-wlan-ap-2]quit
[AC6005-wlan-view]
此时,给AP
通电,在AC
上查看AP
的状态:
[AC6005]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
----------------------------------------------------------------------------------------------------
1 00e0-fcd5-1940 00e0-fcd5-1940 default 192.168.2.254 AP6050DN nor 0 7M:32S
2 00e0-fca8-1520 00e0-fca8-1520 default 192.168.2.253 AP6050DN nor 0 5M:23S
----------------------------------------------------------------------------------------------------
Total: 2
[AC6005]
3.3.2配置WLAN业务
(1)配置VAP模板(office)
[AC6005]vlan batch 3
Info: This operation may take a few seconds. Please wait for a moment...done.
[AC6005]wlan
[AC6005-wlan-view]security-profile name office
[AC6005-wlan-sec-prof-office]security wpa-wpa2 psk pass-phrase HUAwei@2024 aes
[AC6005-wlan-sec-prof-office]quit
[AC6005-wlan-view]ssid-profile name office
[AC6005-wlan-ssid-prof-office]ssid office
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-office]quit
[AC6005-wlan-view]vap-profile name office
[AC6005-wlan-vap-prof-office]security-profile office
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-office]ssid-profile office
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-office]service-vlan vlan-id 3
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-office]quit
[AC6005-wlan-view]quit
[AC6005]
(2)配置并引用VAP模板
[AC6005]wlan
[AC6005-wlan-view]ap-group name default
[AC6005-wlan-ap-group-default]vap-profile office wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
[AC6005-wlan-ap-group-default]quit
[AC6005-wlan-view]quit
[AC6005]
3.4配置出口网关路由器R1
3.4.1配置R1的局域网侧(与汇聚交换机SW1三层互联)
# 1)配置互联接口IP
配置R1
的ge0/0/2
接口IP
地址:
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.10.1 24
[R1-GigabitEthernet0/0/2]
# 2)配置到内网段的路由
[R1]ip route-static 192.168.2.0 255.255.255.0 192.168.10.2
[R1]ip route-static 192.168.3.0 255.255.255.0 192.168.10.2
[R1]ip route-static 192.168.20.0 255.255.255.0 192.168.10.2
[R1]quit
<R1>
3.4.2配置网关路由器R1外网侧
# 配置外网侧IP
地址
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 1.1.1.2 24
[R1-GigabitEthernet0/0/1]quit
[R1]
3.4.3配置nat
转换功能
# 配置ACL
,确定需要访问外网的网段
这里只允许192.168.3.0/24
网段主机访问外网,创建如下ACL
:
[R1]acl number 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.3.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]
# 配置nat转换
在出接口GE0/0/1
上做Easy IP
方式的NAT
:
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
[R1-GigabitEthernet0/0/1]quit
[R1]ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
[R1]
5.4配置外网模拟路由器R2
请看:《实战演练:用eNSP模拟华为S5700交换机旁挂AC6005三层组网隧道转发,通过Easy IP方式访问互联网》最后的配置。