实验拓扑图展示了一个简单的网络架构,包含有线和无线网络的划分。
本实验采用ENSP
1、实验拓扑
设备布局:
LSW1:中心交换机,用于连接其他设备。
PC1:连接到交换机的有线设备,IP地址为
192.168.10.254。AP1和AP2:无线接入点,用于提供无线网络接入。
AC1:无线控制器(AP和AC用户),IP地址为
192.168.20.200。STA1:无线终端用户设备,连接到AP1或AP2。
VLAN配置:
VLAN 10:用于有线网络,IP地址范围为
192.168.10.0/24,包括PC1的IP地址。VLAN 20:用于AP和AC用户,IP地址范围为
192.168.20.0/24,包括AC1的IP地址。VLAN 30:用于无线用户,IP地址范围为
192.168.30.0/24。
2、交换机配置
[sw1]vlan batch 10 20 30
[sw1]dhcp enable
[sw1]ip pool sta
[sw1-ip-pool-sta]gateway-list 192.168.30.1
[sw1-ip-pool-sta]network 192.168.30.0 mask 255.255.255.0
[sw1-ip-pool-sta]q
[sw1]ip pool vlan20
[sw1-ip-pool-vlan20]gateway-list 192.168.20.1
[sw1-ip-pool-vlan20]network 192.168.20.0 mask 255.255.255.0
[sw1-ip-pool-vlan20]q
[sw1]int vlan 10
[sw1-Vlanif10]ip add 192.168.10.1 255.255.255.0
[sw1-Vlanif10]int vlan 20
[sw1-Vlanif20]ip add 192.168.20.1 255.255.255.0
[sw1-Vlanif20]dhcp select global
[sw1-Vlanif20]int vlan 30
[sw1-Vlanif30]ip add 192.168.30.1 255.255.255.0
[sw1-Vlanif30]dhcp select global
[sw1-Vlanif30]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link acc
[sw1-GigabitEthernet0/0/1]port defa vlan 10连接有线主机
[sw1-GigabitEthernet0/0/1]int g0/0/2
[sw1-GigabitEthernet0/0/2]port link trunk
[sw1-GigabitEthernet0/0/2]port trunk pvid vlan 20接收没有打标签的数据归到vlan 20,因为AP出来的数据没有标签的
[sw1-GigabitEthernet0/0/2]port trunk all vlan all
[sw1-GigabitEthernet0/0/2]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link trunk
[sw1-GigabitEthernet0/0/3]port trunk pvid vlan 20
[sw1-GigabitEthernet0/0/3]port trunk all vlan all
[sw1-GigabitEthernet0/0/3]int g0/0/4连接AC的端口
[sw1-GigabitEthernet0/0/4]port link acc
[sw1-GigabitEthernet0/0/4]port defa vlan 20
无线AC配置
3、 配置AP上线
[AC6005]vlan batch 20
[AC6005]int vlan 20
[AC6005-Vlanif20]ip add 192.168.20.200 24
[AC6005-Vlanif20]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link acc
[AC6005-GigabitEthernet0/0/1]port defa vlan 20
[AC6005-GigabitEthernet0/0/1]q
[AC6005]ip route-st 0.0.0.0 0.0.0.0 192.168.20.1
[AC6005]capwap sour int vlan 20
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth
4、配置业务参数之安全模板
[AC6005]wlan
[AC6005-wlan-view]security-profile name n2
[AC6005-wlan-sec-prof-n2]security wpa psk pass-phrase chuyue100 aes
5、配置业务参数之SSID模板
[AC6005-wlan-sec-prof-n2]ssid-profile name n1
[AC6005-wlan-ssid-prof-n1]ssid chuyue
6、创建VAP模板,配置业务数据转发模式、业务VLAN,并引用安全模板和SSID模板
[AC6005-wlan-view]vap-profile name n3
[AC6005-wlan-vap-prof-n3]service-vlan vlan-id 30
[AC6005-wlan-vap-prof-n3]ssid-profile n1
[AC6005-wlan-vap-prof-n3]security-profile n2
7、配置AP组引用VAP模板,针对AP组下发
[AC6005-wlan-view]ap-group name default 进入默认组,默认所有AP都在这
[AC6005-wlan-ap-group-default]vap-profile n3 wlan 1 radio all 关联VAP模板到所有射频卡
8、验证
