一、WLAN拓扑

 

二、WLAN旁挂隧道转发

1、AC配置，配置AC作为DHCP服务器为AP分配管理IP

[AC6605]dhcp enable//开启DHCP

[AC6605]vlan 100

[AC6605-vlan100]vlan 101

[AC6605-vlan100]int vlan 100

[AC6605-Vlanif100]ip add 172.16.100.1 24

[AC6605-Vlanif100]dhcp select interface //开启接口分配IP地址

[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

2、SW2配置VLAN101为终端分配IP地址

[SW2-Vlanif101]dhcp enable

[SW2]vlan 101

[SW2-vlan101]int vla 101

[SW2-Vlanif101]ip add 172.16.101.1 24

[SW2-Vlanif101]dhcp select interface

3、创建VLAN及Trunk

[SW1]vlan 100 batch 101

[SW1-vlan100]int g 0/0/1

[SW1-GigabitEthernet0/0/1]port link-type trunk

[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100 //配置AP管理VLAN100用于和AC通信

[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101

 

[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101

[SW2]vlan batch 100 101

[SW2-GigabitEthernet0/0/1

]port link-type trunk

[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101

4、创建AP上线

（1）、创建AP组及域管理模板，配置AC国家码

[AC6605]wlan

[AC6605-wlan-view]ap-group name ap-1

[AC6605-wlan-view]regulatory-domain-profile name default

[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-view]ap-group name ap-1

[AC6605-wlan-ap-group-ap-1]regulatory-domain-profile default

（2）、配置AC的源接口

[AC6605]capwap source interface Vlanif 100

(3)、AC上离线导入AP（AP5030）

[AC6605]wlan

[AC6605-wlan-view]ap auth-mode mac-auth

[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fc10-3650

[AC6605-wlan-ap-0]ap-name area_1

[AC6605-wlan-ap-0]ap-group ap-1

(4)、查看AP上线

[AC6605]display ap all

5、配置WLAN业务参数

(1)、创建安全模板及策略

[AC6605-wlan-view]security-profile name WLAN //创建安全模板

[AC6605-wlan-sec-prof-WLAN]security wpa-wpa2 psk pass-phrase [email protected] aes//创建WPA-WPA2+PSK+AES的安全策略

(2)、创建名为WLAN的SSID模板，配置SSID为WLAN

[AC6605-wlan-view]ssid-profile name WLAN

[AC6605-wlan-ssid-prof-WLAN]ssid WLAN

(3）、创建VAP模板及业务VLAN转发模式并引用安全模板SSID

[AC6605-wlan-view]vap-profile name WLAN

[AC6605-wlan-vap-prof-WLAN]forward-mode tunnel

[AC6605-wlan-vap-prof-WLAN]service-vlan vlan-id 101

 

[AC6605-wlan-vap-prof-WLAN]security-profile WLAN

[AC6605-wlan-vap-prof-WLAN]ssid-profile WLAN

（4）、配置AP组引用VAP模板，AP射频1和0使用VAP WLAN模板

[AC6605-wlan-view]ap-group name ap-1

[AC6605-wlan-ap-group-ap-1]vap-profile WLAN wlan 1 radio 0

[AC6605-wlan-ap-group-ap-1]vap-profile WLAN wlan 1 radio 1

（5）、查看VAP模板信息

[AC6605]display vap ssid WLAN

6、测试验证：

终端输入密码后可以获取ip地址，和网关通信正常。

SW2配置10.1.23.2与10.1.23.3互联，路由器AR配置回程路由

[AR]ip route-static 172.16.101.0 255.255.255.0 10.1.23.2

STA>ping 10.1.23.3

Ping 10.1.23.3: 32 data bytes, Press Ctrl_C to break

From 10.1.23.3: bytes=32 seq=1 ttl=254 time=172 ms

From 10.1.23.3: bytes=32 seq=2 ttl=254 time=234 ms

此时AC接口抓包查看隧道模式下报文：

源IP为172.16.101.254 ping 10.1.23.3 , 封装UDP及新的IP报头172.16.100.118及172.16.100.1

UDP端口5247用于CAPWAP业务数据

UDP端口5246用于CAPWAP控制报文

每天关注的前10名小伙伴关注分享该WX Gongzhonghao： 

 华亿网络实验室 或   huayinetwork 进行资料下载