AC(V2R6&R7版本)配置旁挂二层组网直接转发示例【AP+二层交换机+三层交换机+旁挂AC+出口网关】

业务需求

企业有出口网关、接入交换机、汇聚交换机(三层交换机)、AC和AP设备,希望能够部署无线网络,为员工提供无线上网服务。

 

组网规划

AC组网方式:旁挂二层组网。

业务数据转发方式:直接转发(缺省方式)。

DHCP部署方式:汇聚交换机作为DHCP服务器为AP和STA分配IP地址。

AP管理:VLAN 2,网段为192.168.2.0/24。网关为汇聚交换机上的VLANIF2接口IP。

员工业务:VLAN 3,SSID为employee,密码为huawei@123,网段为192.168.3.0/24。网关为汇聚交换机上的VLANIF3接口IP。

AC与AP建立管理隧道的源接口:AC上的VLANIF2

AC与汇聚交换机三层互联的接口:VLANIF2

汇聚交换机与出口网关三层互联的接口:VLANIF100


操作步骤

一、配置接入交换机

配置连接上下行设备接口的VLAN

<JR> system-view                                                                           //先从用户视图切换到系统视图再进行配置

[JR] vlan batch 2 3                                                                           //创建规划好的管理VLAN和业务VLAN

[JR] interface gigabitethernet 0/0/1

[JR-GigabitEthernet0/0/1] port link-type trunk                                  //将连接AP的接口类型设置为trunk

[JR-GigabitEthernet0/0/1] port trunk allow-pass vlan  2 3                 //透传管理VLAN和业务VLAN

[JR-GigabitEthernet0/0/1] port trunk pvid vlan 2                               //指定接口的缺省VLAN为管理VLAN

[JR-GigabitEthernet0/0/1] quit

[JR] interface gigabitethernet 0/0/24

[JR-GigabitEthernet0/0/24] port link-type trunk                                //将连接汇聚交换机的接口类型设置为trunk

[JR-GigabitEthernet0/0/24] port trunk allow-pass vlan 2 3                 //透传管理VLAN和业务VLAN

[JR-GigabitEthernet0/0/24] return

 

 

二、配置汇聚交换机

1. 将互联接口加入相应VLAN

<HJ> system-view                                                                          //先从用户视图切换到系统视图再进行配置

[HJ] vlan batch 2 3                                                                          //创建规划好的管理VLAN和业务VLAN

[HJ] interface gigabitethernet 0/0/2

[HJ-GigabitEthernet0/0/2] port link-type trunk                                  //将连接接入交换机的接口类型设置为trunk

[HJ-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 3                  //透传管理VLAN和业务VLAN

[HJ-GigabitEthernet0/0/2] quit

[HJ] interface gigabitethernet 0/0/24

[HJ-GigabitEthernet0/0/24] port link-type trunk                                //将连接AC的接口类型设置为trunk

[HJ-GigabitEthernet0/0/24] port trunk allow-pass vlan 2                   //透传管理VLAN

[HJ-GigabitEthernet0/0/24] quit

 

2. 配置接口IP和DHCP服务器(为AP和STA分配IP)

[HJ] dhcp enable                                                                             //打开DHCP总开关

[HJ] interface vlanif 2                                                                       //创建VLANIF2接口

[HJ-Vlanif2] ip address 192.168.2.1 255.255.255.0                              //配置IP地址,此IP地址用于与AC三层互联并作为AP的网关

[HJ-Vlanif2] dhcp select interface                                                     //启用接口地址池方式的DHCP服务器功能

[HJ-Vlanif2] dhcp server excluded-ip-address 192.168.2.2                  //将互联的AC地址在DHCP地址池中排除

[HJ-Vlanif2] quit

[HJ] interface vlanif 3                                                                       //创建VLANIF3接口

[HJ-Vlanif3] ip address 192.168.3.1 255.255.255.0                              //配置IP地址,此IP地址是VLAN3用户的网关地址

[HJ-Vlanif3] dhcp select interface

[HJ-Vlanif3] dhcp server dns-list 114.114.114.114                               //配置用户上网时用到的DNS服务器地址

[HJ-Vlanif3] quit

 

3. 配置与出口网关对接

[HJ] vlan batch 100                                                                          //创建VLAN 100

[HJ] interface gigabitethernet 0/0/1

[HJ-GigabitEthernet0/0/1] port link-type access                                //将与出口网关相连接口的类型设置为access

[HJ-GigabitEthernet0/0/1] port default vlan 100                                //指定接口的缺省VLAN且将接口加入此VLAN

[HJ-GigabitEthernet0/0/1] quit

[HJ] interface vlanif 100                                                                   //创建VLANIF100接口,实现和出口网关的三层互联

[HJ-Vlanif100] ip address 192.168.1.2 255.255.255.0                           //接口配置的IP要与连接的出口网关的接口IP相同网段

[HJ-Vlanif100] quit

[HJ] ip route-static 0.0.0.0 0.0.0.0 192.168.1.1                           //配置默认路由,下一跳IP(192.168.1.1)是互联的出口网关接口的IP

[HJ] return

 

 

三、配置AC

1. 配置AP上线及业务VLAN

(1)配置AP和AC二层互通

<AC> system-view                                                                          //先从用户视图切换到系统视图再进行配置

[AC] vlan batch 2 3                                                                          //创建规划好的管理VLAN和业务VLAN

[AC] interface gigabitethernet 0/0/1

[AC-GigabitEthernet0/0/1] port link-type trunk                                 //将连接汇聚交换机的接口类型设置为trunk

[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 2                     //透传管理VLAN

[AC-GigabitEthernet0/0/1] quit

 

(2)配置与AP建立管理隧道的源接口

[AC] interface vlanif 2                                                                      //创建VLANIF2接口

[AC-Vlanif2] ip address 192.168.2.2 255.255.255.0                              //配置源接口的IP地址

[AC-Vlanif2] quit

[AC] capwap source interface vlanif 2                                               //指定与AP建立管理隧道的源接口

 

(3)配置AP的上线方式

[AC] wlan                                                                                        //进入WLAN视图

[AC-wlan-view] ap auth-mode no-auth                                             //指定AP认证模式为不认证

 

说明: 将AP上电后,当执行命令display ap all查看到AP的State字段为nor时,表示AP正常上线。示例如下

[AC-wlan-view] display ap all

20170823173051741002.png

 

2. 配置WLAN业务

(1)配置员工网络的VAP模板(employee)

[AC] wlan                                                                                        //进入WLAN视图

[AC-wlan-view] security-profile name employee                                //创建名为employee的安全模板

[AC-wlan-sec-prof-employee] security wpa2 psk pass-phrase huawei@123 aes  //设置密码。如果出现提示信息,则输入y确认

[AC-wlan-sec-prof-employee] quit

[AC-wlan-view] ssid-profile name employee                                      //创建名为employee的SSID模板

[AC-wlan-ssid-prof-employee] ssid employee                                   //指定SSIDemployee,提示信息输入y确认

[AC-wlan-ssid-prof-employee] quit

[AC-wlan-view] vap-profile name employee                          //创建名为employee的VAP模板,引用安全模板和SSID模板

[AC-wlan-vap-prof-employee] security-profile employee

[AC-wlan-vap-prof-employee] ssid-profile employee

[AC-wlan-vap-prof-employee] service-vlan vlan-id 3                          //指定VAP对应的业务VLAN

[AC-wlan-vap-prof-employee] quit

 

(2)配置VAP

说明:前面没有配置AP加入单独的AP组,AP会自动加入到名为default的AP组中,因此配置默认的AP组default引用VAP模板即可。

[AC-wlan-view] ap-group name default

[AC-wlan-ap-group-ap-default] vap-profile employee wlan 1 radio all

[AC-wlan-ap-group-ap-default] quit

[AC-wlan-view] quit

 

3. 配置与汇聚交换机三层互联

[AC] ip route-static 0.0.0.0 0.0.0.0 192.168.2.1                              //配置默认路由,下一跳IP(192.168.2.1)是互联的汇聚交换机接口的IP

[AC] return