HQY 一个和谐有爱的空间

拓扑图：

 

 

 

配置:

1.路由器配置
dhcp enable
vlan batch 100 101

interface Vlanif101
ip address 10.23.101.2 255.255.255.0

interface Ethernet0/0/1
port link-type access
port default vlan 101

 

2.核心交换机配置
vlan batch 100 101
dhcp enable

interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select global

ip pool 101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.99
dns-list 114.114.114.114

interface GigabitEthernet0/0/1
port link-type access
port default vlan 101

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100


interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100 to 101

 

3.AP_Switch_A交换机配置
vlan batch 100 101

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101


interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

4.AP_Switch_B交换机配置
vlan batch 100 101

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101


interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

5.AC配置

sysname AC-Control
dhcp enable
vlan batch 100 101

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100

interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select global

ip pool 100
gateway-list 10.23.100.1
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.2 10.23.100.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

capwap source interface Vlanif 100

[AC] wlan
[AC-wlan-view] ap-group name AP-Group01
[AC-wlan-ap-group-ap-group1] quit

# 创建域管理模板，在域管理模板下配置AC的国家码并在AP组下引用域管理模板。[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name AP-Group01
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name 60de-4476-e360
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0] ap-group AP-Group01
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit

 

创建名为“entia-safe”的安全模板，并配置安全策略。
wlan
security-profile name entia-safe
security wpa-wpa2 psk pass-phrase 87654321 aes

# 创建名为“entai-ssid”的SSID模板，并配置SSID名称为“entai”
wlan
ssid-profile name entai-ssid
ssid entai

# 创建名为“entia-vap”的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板。
wlan
vap-profile name entai-vap
forward-mode direct-forward
service-vlan vlan-id 101
security-profile entia-safe
ssid-profile entai-ssid

# 配置AP组引用VAP模板，AP上射频0和射频1都使用VAP模板“entia-vap”的配置。
wlan
ap-group name AP-Group01
vap-profile entai-vap wlan 1 radio 0
vap-profile entai-vap wlan 1 radio 1

 

注意：现价段直连AP的交换机-同交换机的终端不能互访

-------------------------------------------------------------------------基于上面配置业务VLAN用pool ，因二层交换机不能做vlan pool 所以把dhcp服务全部放到AC上

1.AC配置增加及修改

vlan batch 100 to 101 120

interface Vlanif120
ip address 10.23.120.1 255.255.255.0
dhcp select global
ip pool 120
gateway-list 10.23.120.1
network 10.23.120.0 mask 255.255.255.0
excluded-ip-address 10.23.120.2 10.23.120.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select global
ip pool 101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

新建pool把要所在业务vlan加入

 

vlan pool  Business-Pool  

vlan  101 120

修改端口vlan 通过

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

无线配置  

修改为地址池下发地址：default:hash算法

wlan

vap-profile name niuentia-vap
service-vlan vlan-pool Business-Pool

 

2.修改二层汇聚交的机（Switch）

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

3.修改ap接入层交换机（AP_Switch_A   or  AP_Switch_B）

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 1
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101 120
port-isolate enable group 1

推荐本站淘宝优惠价购买喜欢的宝贝:

本文链接：https://hqyman.cn/post/6062.html 非本站原创文章欢迎转载，原创文章需保留本站地址！

休息一下~~