- 创建AP组。
- 配置网络互通。
- 配置AC系统参数。
- 配置AC为瘦AP下发WLAN业务
案例:组建直连式二层无线局域网
配置以及参数数据
在交换机以及AC上配置VLAN、Trunk。配置接入交换机S1的G0/0/1-3接口为Trunk接口,并且加入VLAN 100、VLAN 101。
G0/0/1、G0/0/2接口的默认VLAN为VLAN 100,当AP1、AP2加电启动后会加入VLAN 100,VLAN 100是AP的管理VLAN。G0/0/3接口的默认VLAN保持为默认值VLAN 1
[S1]vlan batch 100 101
[S1]interface gigabitethernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[S1]interface gigabitethernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101
配置AC的接口G0/0/1加入VLAN 100和VLAN 101,接口G0/0/2加入VLAN 101。
[AC]vlan batch 100 101
[AC]interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1]quit
[AC]interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2]port link-type trunk
[AC-GigabitEthernet0/0/2]port trunk allow-pass vlan 101
[AC-GigabitEthernet0/0/2]quit
IP地址部署AC、R1上配置IP地址。在AC上配置VLANIF 100接口、VLANIF 101接口的IP地址。在R1上配置VLAN 101子接口G0/0/0.101的IP地址;创建LoopBack 10接口用于测试,该接口地址也模拟为DNS服务器的地址。
[AC]interface vlanif 100
[AC-Vlanif100]ip address 10.23.100.1 24
[AC]interface vlanif 101
[AC-Vlanif101]ip address 10.23.101.1 24
[R1]interface GigabitEthernet0/0/0.101
[R1-GigabitEthernet0/0/0.101]dot1q termination vid 101
[R1-GigabitEthernet0/0/0.101]ip address 10.23.101.2 255.255.255.0
[R1-GigabitEthernet0/0/0.101]arp broadcast enable
[R1]interface LoopBack 10
[R1-LoopBack10]ip address 10.10.10.10 24
VLAN间路由部署VLAN间路由是由AC实现,AC、R1上配置合适的路由表,使得全网互通。
[AC]ip route-static 0.0.0.0 0.0.0.0 10.23.101.2
[R1]ip route-static 10.23.100.0 255.255.255.0 10.23.101.1
DHCP服务部署在AC上部署DHCP,为AP和无线终端提供IP地址。在AC上配置VLANIF 100接口为AP提供IP地址,配置VLANIF 101接口为无线终端(STA)提供IP地址。
[AC]dhcp enable
[AC]interface vlanif 100
[AC-Vlanif100]dhcp select interface
[AC-Vlanif100]quit
[AC]interface vlanif 101
[AC-Vlanif101]dhcp select interface
[AC-Vlanif101]dhcp server excluded-ip-address 10.23.101.2
[AC-Vlanif101]dhcp server dns-list 10.10.10.10[AC-Vlanif101]quit
创建AP组创建AP组,用于将相同配置的AP都加入同一AP组中。
[AC]wlan[AC-wlan-view]ap-group name ap-group1
创建域管理模板,在域管理模板下配置AC的国家码,并在AP组下引用域管理模板。
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn (国家代码中国cn)
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile defaultWarning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
AP上线配置AC的源接口。
[AC]capwap source interface vlanif 100
在AC上离线导入AP1、AP2,AP的ID分别为0和1,并将AP加入AP组“ap-group1”中。假设AP1的MAC地址为ac85-3d92-3340、AP2的MAC地址为ac85-3d92-1b60,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如,命名AP1为area_1、AP2为area_2。ap auth-mode用于配置AC对AP的认证模式,命令默认情况下为MAC认证,即通过MAC检查AP是否合法。
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac ac85-3d92-3340
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0]quit
将AP上电后,当执行命令查看到AP的“State”字段为“nor”时,表示AP正常上线。AP正常能上线是整个WLAN组网的关键一步,如果AP没有正常上线,请先仔细考虑有线网络的VLAN、Trunk、VLAN路由、DHCP代理、DHCP服务器是否正确?
[AC-wlan-view]display ap allInfo: This operation may take a few seconds. Please wait for a moment.done.Total AP information:nor : normal [2]------------------------------------------------------------------------ID MAC Name Group IP Type State STA Uptime---------------------------------------------------------------------------------------------0 00e0-fc4f-3de0 area_1 ap-group1 10.23.100.239 AP5030DN nor 1 1H:10M:48S1 00e0-fc3e-2040 area_2 ap-group1 10.23.100.6 AP5030DN nor 1 1H:10M:39S-------------------------Total: 2
配置WLAN业务参数
创建名为“wlan-net”的安全模板,并配置安全策略,这个安全策略就是STA连接WLAN时要使用的认证方式。例中配置的安全策略为WPA-WPA2 PSK AES,密码为“a1234567”。
[AC-wlan-view]security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-wlan-net]quit
创建名为“wlan-net”的ssid模板,并配置SSID的名称为“wlan-net”,SSID就是STA扫描到的无线网络的名称。
[AC-wlan-view]ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net]ssid wlan-net
[AC-wlan-ssid-prof-wlan-net]quit
创建名为“wlan-net”的VAP模板,配置业务数据转发模式为直接转发、业务VLAN为VLAN 101,并且引用安全模板和SSID模板。
[AC-wlan-view]vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net]forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net]service-vlan vlan-id 101
[AC-wlan-vap-prof-wlan-net]security-pr
,
