1.交换机的配置 接口g0/0/10和g0/0/11加入vlan10,接口g0/0/1加入vlan10-vlan14、vlan801、vlan1102 [SW]vlan batch 10 to 14 801 1102 [SW-GigabitEthernet0/0/10]port link-type trunk [SW-GigabitEthernet0/0/10]port trunk pvid vlan 10 [SW-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 14 [SW-GigabitEthernet0/0/11]port link-type trunk
[SW-GigabitEthernet0/0/11]port trunk pvid vlan 10
[SW-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 14 [SW-GigabitEthernet0/0/1]port link-type trunk
[SW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 14 801 1102 [SW-GigabitEthernet0/0/23]port link-type trunk [SW-GigabitEthernet0/0/23]port trunk pvid vlan 1102 创建vlanif801接口,用于与AC通信 [SW]int Vlanif 801 [SW-Vlanif801]ip add 10.1.201.1 24 创建loopback0口模拟公网 [SW]int lo0 [SW-LoopBack0]ip add 101.101.101.101 32 创建各vlanif接口,作为各vlan的网关 [SW-Vlanif10]ip add 10.1.10.1 24 [SW-Vlanif11]ip add 10.1.11.1 24 [SW-Vlanif12]ip add 10.1.12.1 24 [SW-Vlanif13]ip add 10.1.13.1 24 [SW-Vlanif14]ip add 10.1.14.1 24 2.配置AC基本信息 [AC]vlan batch 10 to 14 801 [AC-GigabitEthernet0/0/8]port link-type trunk [AC-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801 检查vlan配置是否正确 配置vlan相应的三层IP地址 [AC]int Vlanif 10 [AC-Vlanif10]ip add 10.1.10.100 24 [AC-Vlanif10]int Vlanif 11
[AC-Vlanif11]ip add 10.1.11.100 24 [AC-Vlanif11]int Vlanif 12
[AC-Vlanif12]ip add 10.1.12.100 24 [AC-Vlanif12]int Vlanif 13
[AC-Vlanif13]ip add 10.1.13.100 24 [AC-Vlanif13]int Vlanif 14
[AC-Vlanif14]ip add 10.1.14.100 24 [AC-Vlanif14]int Vlanif 801
[AC-Vlanif801]ip add 10.1.201.100 24 检查配置的接口状态 配置静态默认路由指向交换机 [AC]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 ping公网地址 3.创建ap组 [AC]wlan [AC-wlan-view]ap-group name ap-g 4.配置AP上线 在AC上开启DHCP服务,为STA和AP分配IP地址 [AC]dhcp enable [AC]ip pool ap [AC-ip-pool-ap]network 10.1.10.0 mask 24 [AC-ip-pool-ap]gateway-list 10.1.10.1 [AC-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100 [AC-Vlanif10]dhcp select global [AC-Vlanif10]ip pool sta1
[AC-ip-pool-sta1]network 10.1.11.0 mask 24
[AC-ip-pool-sta1]gateway-list 10.1.11.1
[AC]ip pool sta2 [AC-ip-pool-sta2]network 10.1.12.0 mask 24 [AC-ip-pool-sta2]gateway-list 10.1.12.1
[AC]ip pool sta3
[AC-ip-pool-sta3]network 10.1.13.0 mask 24 [AC-ip-pool-sta3]gateway-list 10.1.13.1
[AC]ip pool sta4
[AC-ip-pool-sta4]network 10.1.14.0 mask 24 [AC-ip-pool-sta4]gateway-list 10.1.14.1 在AC各vlanif接口下使能DHCP功能 [AC-Vlanif10]dhcp select global [AC-Vlanif11]dhcp select global [AC-Vlanif12]dhcp select global [AC-Vlanif13]dhcp select global [AC-Vlanif14]dhcp select global 配置vlan pool作为业务vlan,vlan分配算法为hash [AC]vlan pool sta-p1
[AC-vlan-pool-sta-p1]vlan 11 12 [AC-vlan-pool-sta-p1]assignment hash [AC]vlan pool sta-p2 [AC-vlan-pool-sta-p2]vlan 13 14
[AC-vlan-pool-sta-p2]assignment hash 配置域管理模板 [AC-wlan-view]regulatory-domain-profile name dom1 [AC-wlan-regulate-domain-dom1]country-code CN 配置AC源接口 [AC]capwap source interface Vlanif 801 配置AP认证:MAC认证 [AC-wlan-view]ap auth-mode mac-auth [AC-wlan-view]ap-mac 00e0-fcdb-19a0 ap-id 0 [AC-wlan-ap-0]ap-group ap-g [AC-wlan-ap-0]ap-name ap1 [AC-wlan-view]ap-mac 00e0-fc5d-6870 ap-id 1 [AC-wlan-ap-1]ap-name ap2 [AC-wlan-ap-1]ap-group ap-g 查看AP状态 5.配置wlan业务参数 创建安全模板及其安全策略 [AC-wlan-view]security-profile name yw1 [AC-wlan-sec-prof-yw1]security open [AC-wlan-view]security-profile name yw2 [AC-wlan-sec-prof-yw2]security wpa2 psk pass-phrase a1234567 aes 创建SSID模板 [AC-wlan-view]ssid-profile name yw1 [AC-wlan-ssid-prof-yw1]ssid yw1 [AC-wlan-view]ssid-profile name yw2 [AC-wlan-ssid-prof-yw2]ssid yw2 创建vap模板及其数据转发模式,引用安全模板和ssid模板 [AC-wlan-view]vap-profile name yw1 [AC-wlan-vap-prof-yw1]forward-mode tunnel [AC-wlan-vap-prof-yw1]service-vlan vlan-pool sta-p1 [AC-wlan-vap-prof-yw1]security-profile yw1 [AC-wlan-vap-prof-yw1]ssid-profile yw1 [AC-wlan-view]vap-profile name yw2 [AC-wlan-vap-prof-yw2]forward-mode direct-forward [AC-wlan-vap-prof-yw2]service-vlan vlan-pool sta-p2 [AC-wlan-vap-prof-yw2]security-profile yw2 [AC-wlan-vap-prof-yw2]ssid-profile yw2 配置AP组引用域管理模板和vap模板 [AC-wlan-view]ap-group name ap-g [AC-wlan-ap-group-ap-g]vap-profile yw1 wlan 1 radio all [AC-wlan-ap-group-ap-g]vap-profile yw2 wlan 2 radio all [AC-wlan-ap-group-ap-g]regulatory-domain-profile dom1 6.结果验证 查看vap状态 连接无线终端,ping通公网地址(101.101.101.101)