14-AP和無線用戶屬于不同VLAN的無線接入典型配置舉例

H3CAP和無線用戶屬于不同VLAN的無線接入典型配置舉例H3CCopyright?2014杭州華三通信技術(shù)有限公司版權(quán)所有，保留一切權(quán)利。非經(jīng)本公司書面許可，任何單位和個人不得擅自摘抄、復(fù)制本文檔內(nèi)容的部分或全部，并不得以任何形式傳播。本文檔中的信息可能變動，恕不另行通知。TOC\o"1-5"\h\z\o"CurrentDocument"1簡介 1\o"CurrentDocument"2配置前提 1\o"CurrentDocument"3配置舉例 1\o"CurrentDocument"3.1組網(wǎng)需求 1\o"CurrentDocument"3.2配置注意事項 1\o"CurrentDocument"3.3配置步驟 1\o"CurrentDocument"AC的配置 1\o"CurrentDocument"Switch的配置 3\o"CurrentDocument"3.4驗證配置 4\o"CurrentDocument"3.5配置文件 5\o"CurrentDocument"4相關(guān)資料 61簡介本文檔介紹了當(dāng)AP和無線用戶屬于不同VLAN時的無線接入配置舉例。2配置前提本文檔不嚴格與具體軟、硬件版本對應(yīng)，如果使用過程中與產(chǎn)品實際情況有差異，請參考相關(guān)產(chǎn)品手冊，或以設(shè)備實際情況為準。本文檔中的配置均是在實驗室環(huán)境下進行的配置和驗證，配置前設(shè)備的所有參數(shù)均采用出廠時的缺省配置。如果您已經(jīng)對設(shè)備進行了配置，為了保證配置效果，請確認現(xiàn)有配置和以下舉例中的配置不沖突。本文檔假設(shè)您已了解WLAN接入特性。3配置舉例3.1組網(wǎng)需求如圖二所示，通過將AP和無線用戶劃分在不同的VLAN中，以保證AC和AP之間的通信不受其他局域網(wǎng)中數(shù)據(jù)報文的干擾，進而增強AP和AC通信的安全性和穩(wěn)健性，更好的統(tǒng)一管理有線網(wǎng)絡(luò)和無線網(wǎng)絡(luò)。AC作為DHCP服務(wù)器為AP分配101.1.1.0/24網(wǎng)段的IP地址，為Client分配202.1.1.0/24網(wǎng)段的IP地址。圖1AP和無線用戶屬于不同VLAN配置組網(wǎng)圖202.1.1.1/24ACSwitchAPClient202.1.1.1/24ACSwitchAPClient3.2配置注意事項配置AP的序列號時請確保該序列號與AP唯一對應(yīng)，AP的序列號可以通過AP設(shè)備背面的標簽獲取。3.3配置步驟3.3.1AC的配置(1)配置AC的接口#創(chuàng)建VLAN100及其對應(yīng)的VLAN接口，并為該接口配置IP地址101.1.1.1/24。AC將使用該接口的IP地址與AP建立LWAPP隧道。<AC>system-view[AC]vlan100[AC-vlan100]quit[AC]interfacevlan-interface100[AC-Vlan-interface100]ipaddress101.1.1.124[AC-Vlan-interface100]quit#創(chuàng)建VLAN200,作為ESS接口的缺省VLAN,同時作為Client接入的業(yè)務(wù)VLAN,并配置VLAN接口200的IP地址為202.1.1.1/24。[AC]vlan200[AC-vlan200]quit[AC]interfacevlan-interface200[AC-Vlan-interface200]ipaddress202.1.1.124[AC-Vlan-interface200]quit#配置GigabitEthernet1/0/1接口的鏈路類型為Trunk，允許VLAN100和VLAN200的報文通過。[AC]interfacegigabitethernet1/0/1[AC-GigabitEthernet1/0/1]portlink-typetrunk[AC-GigabitEthernet1/0/1]porttrunkvlan100200[AC-GigabitEthernet1/0/1]quit⑵配置DHCP服務(wù)#使能DHCP服務(wù)。[AC]dhcpenable#創(chuàng)建名稱為for_aps的DHCP普通模式地址池，為AP分配101.1.1.0/24網(wǎng)段的IP地址，網(wǎng)關(guān)地址為101.1.1.1。[AC]dhcpserverip-poolfor_aps[AC-dhcp-pool-for_aps]network101.1.1.0mask255.255.255.0[AC-dhcp-pool-for_aps]gateway-list101.1.1.1[AC-dhcp-pool-for_aps]quit#創(chuàng)建名稱為for_clients的DHCP普通模式地址池，為Client分配202.1.1.0/24網(wǎng)段的IP地址，網(wǎng)關(guān)地址為202.1.1.1。[AC]dhcpserverip-poolfor_clients[AC-dhcp-pool-for_clients]network202.1.1.024[AC-dhcp-pool-for_clients]gateway-list202.1.1.1[AC-dhcp-pool-for_clients]quit⑶配置WLAN-ESS接口#創(chuàng)建編號為1的WLAN-ESS接口。[AC]interfacewlan-ess1#配置端口的鏈路類型為hybrido[AC-WLAN-ESS1]portlink-typehybrid#配置當(dāng)前Hybrid端口的PVID為200，禁止VLAN1通過并允許VLAN200不帶tag通過。[AC-WLAN-ESS1]porthybridpvidvlan200[AC-WLAN-ESS1]undoporthybridvlan1[AC-WLAN-ESS1]porthybridvlan200untagged#在Hybrid端口上使能MACVLAN功能。[AC-WLAN-ESS1]mac-vlanenable[AC-WLAN-ESS1]quit(4)配置服務(wù)模板#創(chuàng)建clear類型的服務(wù)模板1。[AC]wlanservice-template1clear#設(shè)置當(dāng)前服務(wù)模板的SSID（服務(wù)模板的標識）為market_department。[AC-wlan-st-1]ssidmarket_department#將WLAN-ESS1接口綁定到服務(wù)模板。[AC-wlan-st-1]bindwlan-ess1#設(shè)置無線客戶端接入該無線服務(wù)（SSID）的認證方式為開放式系統(tǒng)認證。[AC-wlan-st-1]authentication-methodopen-system#使能服務(wù)模板。[AC-wlan-st-1]service-templateenable[AC-wlan-st-1]quit（5）配置AP#創(chuàng)建AP管理模板，其名稱為officeap，型號名稱這里選擇WA2620E-AGN。[AC]wlanapofficeapmodelWA2620E-AGN設(shè)置AP的序列號為21023529G007C000020O[AC-wlan-ap-officeap]serial-id21023529G007C000020#設(shè)置radio2的射頻類型為802.11gn。[AC-wlan-ap-officeap]radio2typedot11gn#將服務(wù)模板1與射頻2進行關(guān)聯(lián)。[AC-wlan-ap-officeap-radio-2]service-template1使能AP的radio2。[AC-wlan-ap-officeap-radio-2]radioenable[AC-wlan-ap-officeap-radio-2]return3.3.2Switch的配置#創(chuàng)建VLAN100和VLAN200,其中VLAN100用于轉(zhuǎn)發(fā)AC和AP間LWAPP隧道內(nèi)的流量,VLAN200為無線用戶接入的VLANo[Switch]vlan100[Switch-vlan100]quit[Switch]vlan200[Switch-vlan200]quit#配置Switch與AC相連的GigabitEthernet1/0/1接口的鏈路類型為Trunk,當(dāng)前Trunk口的PVID為100,允許VLAN100通過。[Switch]interfacegigabitethernet1/0/1[Switch-GigabitEthernet1/0/1]portlink-typetrunk[Switch-GigabitEthernet1/0/1]porttrunkpermitvlan100[Switch-GigabitEthernet1/0/1]porttrunkpvidvlan100[Switch-GigabitEthernet1/0/1]quit#配置Switch與AP相連的GigabitEthernet1/0/2接口的鏈路類型為Access,當(dāng)前Access口允許VLAN100通過。[Switch]interfacegigabitethernet1/0/2[Switch-GigabitEthernet1/0/2]portlink-typeaccess

[Switch-GigabitEthernet1/0/2]portaccessvlan100#配置Switch與AP相連的GigabitEthernet1/0/2接口使能PoE功能。[Switch-GigabitEthernet1/0/2]poeenable[Switch-GigabitEthernet1/0/2]quit3.4驗證配置(1)在AC上通過displaywlanapal命令查看AP狀態(tài)，確認AP可以和AC處于連接狀態(tài)，且WLAN-ESS1接口處于UP狀態(tài)。<AC>displaywlanapallTotalNumberofAPsconfigured :1TotalNumberofconfiguredAPsconnected:1TotalNumberofautoAPsconnected :0APProfilesState:I=Idle,J=Join,JA=JoinAck,IL=ImageLoad<AC>displayinterfacebriefThebrief<AC>displayinterfacebriefThebrief APNameStateModel Serial-ID officeapR/MWA2620E-AGN 21023529G007C000020Link:ADM-administrativelydown;Stby-standbyProtocol:(s)-spoofingInterfaceLinkProtocolMainIPDescriptionM-GE1/0/0DOWNDOWN--NULL0UPUP(s)--Vlan1UPUP--Vlan100UPUP101.1.1.1Vlan200UPUP202.1.1.1Thebriefinformationofinterface(s)underbridgemode:Link:ADM-administrativelydown;Stby-standbySpeedorDuplex:(a)/A-auto;H-half;F-fullType:A-access;T-trunk;H-hybridInterfaceLinkSpeedDuplexTypePVIDDescriptionGE1/0/1UP1000M(a)F T 1GE1/0/2UP1000M(a)F T 1WLAN-ESS1UP—— H 200WLAN-DBSS1:1UP---- H 200informationofinterface(s)underroutemode:(2)在Client上驗證，可以連接SSID為“market_department”的無線網(wǎng)絡(luò)。#Client可以和Server通信。C:\>ping202.1.1.1Pinging202.1.1.1with32bytesofdata:Replyfrom202.1.1.1:bytes=32time=13msTTL=128Replyfrom202.1.1.1:bytes=32time=2msTTL=128Replyfrom202.1.1.1:bytes=32time=39msTTL=128Replyfrom202.1.1.1:bytes=32time=1msTTL=128Pingstatisticsfor202.1.1.1:Packets:Sent=4,Received=4,Lost=0(0%loss),Approximateroundtriptimesinmilli-seconds:Minimum=1ms,Maximum=39ms,Average=13ms3.5配置文件AC:#vlan100#vlan200#dhcpserverip-poolfor_apsnetwork101.1.1.0mask255.255.255.0gateway-list101.1.1.1#dhcpserverip-poolfor_clientsnetwork202.1.1.0mask255.255.255.0gateway-list202.1.1.1#wlanservice-template1clearssidmarket_departmentbindWLAN-ESS1authentication-methodopen-systemservice-templateenable#interfaceVlan-interface100ipaddress101.1.1.1255.255.255.0#interfaceVlan-interface200ipaddress202.1.1.1255.255.255.0#interfaceGigabitEthernet1/0/1port