一、前言

        本实验是WLAN二层旁挂模式进行组网的实验;在本实验中,网络流量的传递直接经过交换机发往上层网络,不再经过AC。

        通过该实验,可以学习WLAN二层组网的配置方式、理解旁挂式组网的优点,并掌握基本的WLAN业务配置方法。

二、实验拓扑

        本次实验的实验拓扑如下:

二层vlanif_华为

三、配置思路

        基本的二层旁挂式组网包括三步:

               ① 配置网络互通

               ② 配置AP上线

               ③ 配置WLAN业务

 四、实验过程

(一)配置网络互通

Step1:二层网络互通配置

        ① LSW1的VLAN划分

[S1]vlan batch 10 20 30 
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type access 
[S1-GigabitEthernet0/0/1]port default vlan 30
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk 
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk 
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20

         ② LSW2的VLAN划分

[S2]vlan batch 10 20 
[S2]interface g0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk 
[S2-GigabitEthernet0/0/1]port trunk pvid vlan 10
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[S2-GigabitEthernet0/0/1]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk 
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 
[S2-GigabitEthernet0/0/2]port trunk pvid vlan 10
[S2-GigabitEthernet0/0/2]int g 0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk 
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20

        ③ AC的VLAN划分 

[AC1]interface g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk 
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10

Step2:三层网络互通

        ① LSW1的IP地址配置 

[S1]interface Vlanif 20
[S1-Vlanif20]ip address 10.1.20.1 24
[S1-Vlanif20]int vlanif 30
[S1-Vlanif30]ip ad 10.1.30.2 24

        ② AC的IP地址配置

[AC1]vlan 10
[AC1]interface Vlanif 10
[AC1-Vlanif10]ip ad 10.1.10.1 24

        ③ R1的接口IP及路由配置

[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip ad 10.1.30.1 24
[R1-GigabitEthernet0/0/1]q
[R1]ip route-static 10.1.20.0 24 10.1.30.2

(二)配置AP上线

Step1:IP 地址池配置

        ① LSW1上使能DHCP并配置接口地址池

[S1]dhcp enable 
[S1]interface Vlanif 20
[S1-Vlanif20]dhcp select interface

        ② AC上使能DHCP并配置接口地址池

[AC1]dhcp enable 
[AC1]interface Vlanif 10
[AC1-Vlanif10]dhcp select interface

Step2:配置AC源接口地址并选择合适的AP认证方式使AP正常上线

        ① 配置AC源接口

[AC1]capwap source ip-address 10.1.10.1

        ② 在AC上创建AP组

[AC1]wlan 
[AC1-wlan-view]ap-group name HUAWEI

        ③ 配置AP方式为不认证,并等待AP上线

[AC1]wlan 
[AC1-wlan-view]ap auth-mode no-auth

        ④ 查询AP上线状态

[AC1]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
--------------------------------------------------------------------------------
------------------
ID   MAC            Name           Group   IP          Type            State STA
 Uptime
--------------------------------------------------------------------------------
------------------
0    00e0-fc79-72f0 00e0-fc79-72f0 default 10.1.10.244 AP6050DN        nor   0  
 20S
1    00e0-fc4a-2780 00e0-fc4a-2780 default 10.1.10.46  AP6050DN        nor   0  
 13S
--------------------------------------------------------------------------------
------------------
Total: 2

        注:该状态显示两台AP均已上线

        ⑤ 将两台AP分别命名为AP1和AP2,并加入AP组

[AC1]wlan 
[AC1-wlan-view]ap-group
[AC1-wlan-view]ap-id 0 
[AC1-wlan-ap-0]ap-name AP1
[AC1-wlan-ap-0]ap-group HUAWEI
[AC1-wlan-ap-0]ap-id 1
[AC1-wlan-ap-1]ap-name AP2
[AC1-wlan-ap-1]ap-group HUAWEI

        ⑥ 查看配置是否生效

[AC1-wlan-view]display ap all 
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
fault: fault           [2]
------------------------------------------------------------------------------
ID   MAC            Name Group  IP Type            State STA Uptime
------------------------------------------------------------------------------
0    00e0-fc79-72f0 AP1  HUAWEI -  AP6050DN        fault 0   -
1    00e0-fc4a-2780 AP2  HUAWEI -  AP6050DN        fault 0   -
------------------------------------------------------------------------------
Total: 2

        ⑦ 将AP认证方式切换为mac认证

[AC1]wlan 
[AC1-wlan-view]ap auth-mode mac-auth

注:这是为了前面配置了无需认证,但为了防止非法AP接入,所以需要将认证方式切换为MAC。 

(三)配置WLAN业务

Step1:创建SSID模板SFN,并设置SSID为SFN

[AC1]wlan 
[AC1-wlan-view]ssid-profile name SFN
[AC1-wlan-ssid-prof-SFN]ssid SFN

Step2:创建安全模板SFN,并设置密码

[AC1-wlan-view]security-profile name SFN
[AC1-wlan-sec-prof-SFN]security wpa-wpa2 psk pass-phrase a1234567 aes

Step3:创建VAP模板SFN,并绑定SSID和安全模板,设置业务VLAN和转发方式

[AC1-wlan-view]vap-profile name SFN
[AC1-wlan-vap-prof-SFN]security-profile SFN
[AC1-wlan-vap-prof-SFN]service-vlan vlan-id 20
[AC1-wlan-vap-prof-SFN]forward-mode direct-forward

Step4:创建域管理模板SFN,并设置国家码为CN

[AC1-wlan-view]regulatory-domain-profile name SFN
[AC1-wlan-regulate-domain-SFN]country-code CN

Step5:进入AP组,并绑定域管理模板和VAP模板

[AC1-wlan-view]ap-group name HUAWEI
[AC1-wlan-ap-group-HUAWEI]regulatory-domain-profile SFN
[AC1-wlan-ap-group-HUAWEI]vap-profile SFN wlan 1 radio all

五、结果验证

① ENSP界面

        在AC配置完成后,ensp中AP显示变为了如下的图形界面,表示已经成功释放双频信号、

二层vlanif_IP_02

②  终端连接到AP后,检测其和R1的连通性

        显示如下: 

二层vlanif_IP_03

该效果表示,STA能够实现与R1的正常通信,连通性正常。