WLAN无线技术之旁挂二层组网配置AC+AP+ENSP组网配置
一、WLAN拓扑
二、WLAN旁挂隧道转发
1、AC配置,配置AC作为DHCP服务器为AP分配管理IP
[AC6605]dhcp enable//开启DHCP
[AC6605]vlan 100
[AC6605-vlan100]vlan 101
[AC6605-vlan100]int vlan 100
[AC6605-Vlanif100]ip add 172.16.100.1 24
[AC6605-Vlanif100]dhcp select interface //开启接口分配IP地址
[AC6605-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
2、SW2配置VLAN101为终端分配IP地址
[SW2-Vlanif101]dhcp enable
[SW2]vlan 101
[SW2-vlan101]int vla 101
[SW2-Vlanif101]ip add 172.16.101.1 24
[SW2-Vlanif101]dhcp select interface
3、创建VLAN及Trunk
[SW1]vlan 100 batch 101
[SW1-vlan100]int g 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk pvid vlan 100 //配置AP管理VLAN100用于和AC通信
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[SW2]vlan batch 100 101
[SW2-GigabitEthernet0/0/1
]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
4、创建AP上线
(1)、创建AP组及域管理模板,配置AC国家码
[AC6605]wlan
[AC6605-wlan-view]ap-group name ap-1
[AC6605-wlan-view]regulatory-domain-profile name default
[AC6605-wlan-regulate-domain-default]country-code CN
[AC6605-wlan-view]ap-group name ap-1
[AC6605-wlan-ap-group-ap-1]regulatory-domain-profile default
(2)、配置AC的源接口
[AC6605]capwap source interface Vlanif 100
(3)、AC上离线导入AP(AP5030)
[AC6605]wlan
[AC6605-wlan-view]ap auth-mode mac-auth
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fc10-3650
[AC6605-wlan-ap-0]ap-name area_1
[AC6605-wlan-ap-0]ap-group ap-1
(4)、查看AP上线
[AC6605]display ap all
5、配置WLAN业务参数
(1)、创建安全模板及策略
[AC6605-wlan-view]security-profile name WLAN //创建安全模板
[AC6605-wlan-sec-prof-WLAN]security wpa-wpa2 psk pass-phrase [email protected] aes//创建WPA-WPA2+PSK+AES的安全策略
(2)、创建名为WLAN的SSID模板,配置SSID为WLAN
[AC6605-wlan-view]ssid-profile name WLAN
[AC6605-wlan-ssid-prof-WLAN]ssid WLAN
(3)、创建VAP模板及业务VLAN转发模式并引用安全模板SSID
[AC6605-wlan-view]vap-profile name WLAN
[AC6605-wlan-vap-prof-WLAN]forward-mode tunnel
[AC6605-wlan-vap-prof-WLAN]service-vlan vlan-id 101
[AC6605-wlan-vap-prof-WLAN]security-profile WLAN
[AC6605-wlan-vap-prof-WLAN]ssid-profile WLAN
(4)、配置AP组引用VAP模板,AP射频1和0使用VAP WLAN模板
[AC6605-wlan-view]ap-group name ap-1
[AC6605-wlan-ap-group-ap-1]vap-profile WLAN wlan 1 radio 0
[AC6605-wlan-ap-group-ap-1]vap-profile WLAN wlan 1 radio 1
(5)、查看VAP模板信息
[AC6605]display vap ssid WLAN
6、测试验证:
终端输入密码后可以获取ip地址,和网关通信正常。
SW2配置10.1.23.2与10.1.23.3互联,路由器AR配置回程路由
[AR]ip route-static 172.16.101.0 255.255.255.0 10.1.23.2
STA>ping 10.1.23.3
Ping 10.1.23.3: 32 data bytes, Press Ctrl_C to break
From 10.1.23.3: bytes=32 seq=1 ttl=254 time=172 ms
From 10.1.23.3: bytes=32 seq=2 ttl=254 time=234 ms
此时AC接口抓包查看隧道模式下报文:
源IP为172.16.101.254 ping 10.1.23.3 , 封装UDP及新的IP报头172.16.100.118及172.16.100.1
UDP端口5247用于CAPWAP业务数据
UDP端口5246用于CAPWAP控制报文
每天关注的前10名小伙伴关注分享该WX Gongzhonghao:
华亿网络实验室 或 huayinetwork 进行资料下载