1.交换机的配置
[SW]vlan batch 10 to 14 801
[SW-GigabitEthernet0/0/10]port link-type trunk
[SW-GigabitEthernet0/0/10]port trunk pvid vlan 10
[SW-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 14
[SW-GigabitEthernet0/0/11]port link-type trunk
[SW-GigabitEthernet0/0/11]port trunk pvid vlan 10
[SW-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 14
[SW-GigabitEthernet0/0/1]port link-type trunk
[SW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 14 801
[SW-GigabitEthernet0/0/2]port link-type trunk
[SW-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 14 801
[SW-Vlanif801]ip address 10.1.201.1 24 //用于交换机和AC通信
配置各业务的网关
[SW-Vlanif10]ip address 10.1.10.1 24
[SW-Vlanif11]ip address 10.1.11.1 24
[SW-Vlanif12]ip address 10.1.12.1 24
[SW-Vlanif13]ip address 10.1.13.1 24
[SW-Vlanif14]ip address 10.1.14.1 24
[SW]int LoopBack 0
[SW-LoopBack0]ip add 101.101.101.101 32 //模拟公网
2.AC1的基础配置
[AC1]vlan batch 10 to 14 801
[AC1-GigabitEthernet0/0/8]port link-type trunk
[AC1-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801
配置vlan相应的三层接口IP地址
[AC1-Vlanif10]ip add 10.1.10.100 24
[AC1-Vlanif11]ip add 10.1.11.100 24
[AC1-Vlanif12]ip add 10.1.12.100 24
[AC1-Vlanif13]ip add 10.1.13.100 24
[AC1-Vlanif14]ip add 10.1.14.100 24
[AC1-Vlanif801]ip add 10.1.201.100 24
检查配置结果
[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 //配置静态路由指向交换机
3.创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name ap-g1
[AC2]wlan
[AC2-wlan-view]ap-group name ap-g1
4.配置AP上线
开启DHCP服务
[AC1]dhcp enable
[AC1]ip pool ap
[AC1-ip-pool-ap]network 10.1.10.0 mask 24
[AC1-ip-pool-ap]gateway-list 10.1.10.1
[AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100
[AC1-Vlanif10]dhcp select global
[AC1]ip pool sta1
[AC1-ip-pool-sta1]network 10.1.11.0 mask 24
[AC1-ip-pool-sta1]gateway-list 10.1.11.1
[AC1]ip pool sta2
[AC1-ip-pool-sta2]gateway-list 10.1.12.1
[AC1-ip-pool-sta2]network 10.1.12.0 mask 24
[AC1]ip pool sta3
[AC1-ip-pool-sta3]network 10.1.13.0 mask 24
[AC1-ip-pool-sta3]gateway-list 10.1.13.1
[AC1]ip pool sta4
[AC1-ip-pool-sta4]network 10.1.14.0 mask 24
[AC1-ip-pool-sta4]gateway-list 10.1.14.1
[AC1-Vlanif11]dhcp select global
[AC1-Vlanif12]dhcp select global
[AC1-Vlanif13]dhcp select global
[AC1-Vlanif14]dhcp select global
配置业务vlan pool:vlan分配算法为hash
[AC1]vlan pool sta-p1
[AC1-vlan-pool-sta-p1]vlan 11 12
[AC1-vlan-pool-sta-p1]assignment hash
[AC1]vlan pool sta-p2
[AC1-vlan-pool-sta-p2]vlan 13 14
[AC1-vlan-pool-sta-p2]assignment hash
配置域管理模板
[AC1-wlan-view]regulatory-domain-profile name dom
[AC1-wlan-regulate-domain-dom]country-code cn
[AC1]capwap source interface Vlanif 801 //AC1的源接口
配置AP认证:MAC认证
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fc57-7ff0 ap-id 0
[AC1-wlan-ap-0]ap-group ap-g1
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-view]ap-mac 00e0-fcab-3850 ap-id 1
[AC1-wlan-ap-1]ap-group ap-g1
[AC1-wlan-ap-1]ap-name ap2
5.AC1上配置WLAN业务
创建安全模板,配置安全策略
[AC1]wlan
[AC1-wlan-view]security-profile name yw1
[AC1-wlan-sec-prof-yw1]security open
[AC1-wlan-view]security-profile name yw2
[AC1-wlan-sec-prof-yw2]security wpa2 psk pass-phrase a1234567 aes
创建SSID模板
[AC1-wlan-view]ssid-profile name yw1
[AC1-wlan-ssid-prof-yw1]ssid yw1
[AC1-wlan-view]ssid-profile name yw2
[AC1-wlan-ssid-prof-yw2]ssid yw2
创建vap模板,并引用安全和SSID模板
[AC1-wlan-view]vap-profile name yw1
[AC1-wlan-vap-prof-yw1]forward-mode tunnel
[AC1-wlan-vap-prof-yw1]service-vlan vlan-pool sta-p1
[AC1-wlan-vap-prof-yw1]security-profile yw1
[AC1-wlan-vap-prof-yw1]ssid-profile yw1
[AC1-wlan-view]vap-profile name yw2
[AC1-wlan-vap-prof-yw2]forward-mode direct-forward
[AC1-wlan-vap-prof-yw2]service-vlan vlan-pool sta-p2
[AC1-wlan-vap-prof-yw2]security-profile yw2
[AC1-wlan-vap-prof-yw2]ssid-profile yw2
AP组引用域管理模板和vap模板
[AC1-wlan-view]ap-group name ap-g1
[AC1-wlan-ap-group-ap-g1]regulatory-domain-profile dom
[AC1-wlan-ap-group-ap-g1]vap-profile yw1 wlan 1 radio all
[AC1-wlan-ap-group-ap-g1]vap-profile yw2 wlan 2 radio all
查看vap状态
6.配置备用AC2的基础
[AC2]vlan batch 10 to 14 801
[AC2-GigabitEthernet0/0/8]port link-type trunk
[AC2-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801
[AC2-Vlanif10]ip add 10.1.10.200 24
[AC2-Vlanif11]ip add 10.1.11.200 24
[AC2-Vlanif12]ip add 10.1.12.200 24
[AC2-Vlanif13]ip add 10.1.13.200 24
[AC2-Vlanif14]ip add 10.1.14.200 24
[AC2-Vlanif801]ip add 10.1.201.200 24
[AC2]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
创建AP组
[AC2-wlan-view]ap-group name ap-g1
开启DHCP服务
[AC2]dhcp enable
[AC2]ip pool ap
[AC2-ip-pool-ap]network 10.1.10.0 mask 24
[AC2-ip-pool-ap]gateway-list 10.1.10.1
[AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100
[AC2-Vlanif10]dhcp select global
[AC2]ip pool sta1
[AC2-ip-pool-sta1]network 10.1.11.0 mask 24
[AC2-ip-pool-sta1]gateway-list 10.1.11.1
[AC2]ip pool sta2
[AC2-ip-pool-sta2]network 10.1.12.0 mask 24
[AC2-ip-pool-sta2]gateway-list 10.1.12.1
[AC2-ip-pool-sta2]ip pool sta3
[AC2-ip-pool-sta3]network 10.1.13.0 mask 24
[AC2-ip-pool-sta3]gateway-list 10.1.13.1
[AC2-ip-pool-sta3]ip pool sta4
[AC2-ip-pool-sta4]network 10.1.14.0 mask 24
[AC2-ip-pool-sta4]gateway-list 10.1.14.1
使vlanif接口能DHCP功能
[AC2-Vlanif11]dhcp select global
[AC2-Vlanif12]dhcp select global
[AC2-Vlanif13]dhcp select global
[AC2-Vlanif14]dhcp select global
配置vlan pool,用于业务vlan
[AC2]vlan pool sta-p1
[AC2-vlan-pool-sta-p1]vlan 11 12
[AC2-vlan-pool-sta-p1]assignment hash
[AC2]vlan pool sta-p2
[AC2-vlan-pool-sta-p2]vlan 13 14
[AC2-vlan-pool-sta-p2]assignment hash
7. 配置AC2域管理模板
[AC2-wlan-view]regulatory-domain-profile name dom
[AC2-wlan-regulate-domain-dom]country-code cn
8.配置AC2的源接口
[AC2]capwap source interface Vlanif 801
9.配置AC2的AP认证
[AC2]wlan
[AC2-wlan-view]ap auth-mode mac-auth
[AC2-wlan-view]ap-mac 00e0-fc57-7ff0 ap-id 0
[AC2-wlan-ap-0]ap-group ap-g1
[AC2-wlan-ap-0]ap-name ap1
[AC2-wlan-view]ap-mac 00e0-fcab-3850 ap-id 1
[AC2-wlan-ap-1]ap-name ap2
[AC2-wlan-ap-1]ap-group ap-g1
10.AC2上配置WLAN业务参数
创建安全模板,配置安全策略
[AC2]wlan
[AC2-wlan-view]security-profile name yw1
[AC2-wlan-sec-prof-yw1]security open
[AC2-wlan-view]security-profile name yw2
[AC2-wlan-sec-prof-yw2]security wpa2 psk pass-phrase a1234567 aes
创建ssid模板
[AC2-wlan-view]ssid-profile name yw1
[AC2-wlan-ssid-prof-yw1]ssid yw1
[AC2-wlan-view]ssid-profile name yw2
[AC2-wlan-ssid-prof-yw2]ssid yw2
创建VAP模板,转发模式为直接转发,引用安全和ssid模板
[AC2-wlan-view]vap-profile name yw1
[AC2-wlan-vap-prof-yw1]forward-mode tunnel
[AC2-wlan-vap-prof-yw1]service-vlan vlan-pool sta-p1
[AC2-wlan-vap-prof-yw1]security-profile yw1
[AC2-wlan-vap-prof-yw1]ssid-profile yw1
[AC2-wlan-view]vap-profile name yw2
[AC2-wlan-vap-prof-yw2]forward-mode direct-forward
[AC2-wlan-vap-prof-yw2]service-vlan vlan-pool sta-p2
[AC2-wlan-vap-prof-yw2]security-profile yw2
[AC2-wlan-vap-prof-yw2]ssid-profile yw2
AP组引用管理模板和VAP模板
[AC2-wlan-view]ap-group name ap-g1
[AC2-wlan-ap-group-ap-g1]regulatory-domain-profile dom
[AC2-wlan-ap-group-ap-g1]vap-profile yw1 wlan 1 radio all
[AC2-wlan-ap-group-ap-g1]vap-profile yw2 wlan 2 radio all
11.在主AC1上配置VRRP实现双机热备份
创建管理vrrp备份组,优先级为120,抢占时间为120秒
[AC1]int Vlanif 801
[AC1-Vlanif801]vrrp vrid 1 virtual-ip 10.1.201.3
[AC1-Vlanif801]vrrp vrid 1 priority 120
[AC1-Vlanif801]vrrp vrid 1 preempt-mode timer delay 120
[AC1-Vlanif801]admin-vrrp vrid 1
创建业务vrrp备份组
[AC1]int Vlanif 10
[AC1-Vlanif10]vrrp vrid 2 virtual-ip 10.1.10.3
[AC1-Vlanif10]vrrp vrid 2 preempt-mode timer delay 120
[AC1-Vlanif10]vrrp vrid 2 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC1-Vlanif10]int Vlanif 11
[AC1-Vlanif11]vrrp vrid 3 virtual-ip 10.1.11.3
[AC1-Vlanif11]vrrp vrid 3 preempt-mode timer delay 120
[AC1-Vlanif11]vrrp vrid 3 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC1-Vlanif11]int Vlanif 12
[AC1-Vlanif12]vrrp vrid 4 virtual-ip 10.1.12.3
[AC1-Vlanif12]vrrp vrid 4 preempt-mode timer delay 120
[AC1-Vlanif12]vrrp vrid 4 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC1-Vlanif12]int Vlanif 13
[AC1-Vlanif13]vrrp vrid 5 virtual-ip 10.1.13.3
[AC1-Vlanif13]vrrp vrid 5 preempt-mode timer delay 120
[AC1-Vlanif13]vrrp vrid 5 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC1-Vlanif13]int Vlanif 14
[AC1-Vlanif14]vrrp vrid 6 virtual-ip 10.1.14.3
[AC1-Vlanif14]vrrp vrid 6 preempt-mode timer delay 120
[AC1-Vlanif14]vrrp vrid 6 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
配置VRRP备份组的状态恢复延迟时间为30秒
[AC1]vrrp recover-delay 30
创建HSB主备服务0:配置主备通道IP地址和端口号,报文重传次数和发送间隔
[AC1]hsb-service 0
[AC1-hsb-service-0]service-ip-port local-ip 10.1.201.100 peer-ip 10.1.201.200 local-data-port 10241 peer-data-port 10241
[AC1-hsb-service-0]service-keep-alive detect retransmit 2 interval 1
创建HSB备份组0,邦迪HSB主备服务0和管理vrrp备份组
[AC1]hsb-group 0
[AC1-hsb-group-0]bind-service 0
[AC1-hsb-group-0]track vrrp vrid 1 interface Vlanif 801
配置NAC业务绑定HSB备份组
[AC1]hsb-service-type access-user hsb-group 0
配置wlan业务绑定HSB备份组
[AC1]hsb-service-type ap hsb-group 0
配置dhcp业务绑定HSB备份组
[AC1]hsb-service-type dhcp hsb-group 0
使能双机热备功能
[AC1]hsb-group 0
[AC1-hsb-group-0]hsb enable
更改AC1源接口
[AC1]undo capwap source interface Vlanif 801
[AC1]capwap source ip-address 10.1.201.3
配置dhcp服务器的option 43字段
[AC1]dhcp server database enable
[AC1]dhcp server database recover
[AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.3
12.备用AC2的配置
创建管理vrrp备份组
[AC2]int Vlanif 801
[AC2-Vlanif801]vrrp vrid 1 virtual-ip 10.1.201.3
[AC2-Vlanif801]admin-vrrp vrid 1
创建业务vlan备份组
[AC2]int Vlanif 10
[AC2-Vlanif10]vrrp vrid 2 virtual-ip 10.1.10.3
[AC2-Vlanif10]vrrp vrid 2 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC2]int Vlanif 11
[AC2-Vlanif11]vrrp vrid 3 virtual-ip 10.1.11.3
[AC2-Vlanif11]vrrp vrid 3 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC2-Vlanif11]int Vlanif 12
[AC2-Vlanif12]vrrp vrid 4 virtual-ip 10.1.12.3
[AC2-Vlanif12]vrrp vrid 4 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC2-Vlanif12]int Vlanif 13
[AC2-Vlanif13]vrrp vrid 5 virtual-ip 10.1.13.3
[AC2-Vlanif13]vrrp vrid 5 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
[AC2-Vlanif13]int Vlanif 14
[AC2-Vlanif14]vrrp vrid 6 virtual-ip 10.1.14.3
[AC2-Vlanif14]vrrp vrid 6 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown
配置备份组状态恢复延迟为30秒
[AC2]vrrp recover-delay 30
创建HSB主备服务0
[AC2]hsb-service 0
[AC2-hsb-service-0]service-ip-port local-ip 10.1.201.200 peer-ip 10.1.201.100 local-data-port 10241 peer-data-port 10241
[AC2-hsb-service-0]service-keep-alive detect retransmit 2 interval 1
创建HSB备份服务组0,绑定HSB主备服务0和管理vrrp备份组
[AC2]hsb-group 0
[AC2-hsb-group-0]bind-service 0
[AC2-hsb-group-0]track vrrp vrid 1 interface Vlanif 801
配置NAC业务绑定HSB备份组
[AC2]hsb-service-type access-user hsb-group 0
配置WLAN业务绑定HSB备份组
[AC2]hsb-service-type ap hsb-group 0
配置dhcp业务绑定备份组
[AC2]hsb-service-type dhcp hsb-group 0
使能双机热备功能
[AC2]hsb-group 0
[AC2-hsb-group-0]hsb enable
更改AC2的源接口
[AC2]undo capwap source interface Vlanif 801
[AC2]capwap source ip-address 10.1.201.3
修改DHCP服务器的option 43字段
[AC2]dhcp server database enable
[AC2]dhcp server database recover
[AC2]ip pool ap
[AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.3
12.结果验证
