码上快乐

相关内容   简体   繁体

WLAN-案例-1直连二层组网(直接转发发/隧道转发)

本文转载自  查看原文  2020-12-12 16:13  1077    HUAWEI-WLAN

1/直连二层组网直接转发

 

 

配置建议

建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

 

配置配置

1 GW配置

[r1]inter g0/0/0

[r1-GigabitEthernet0/0/0]ip add 192.168.101.100 24

 

2 SW配置(接入层)

[sw]vlan batch 100 101

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

 port-isolate enable group 1

 

3 AC配置

 

 

 接口状态

 

interface Vlanif100

 ip address 192.168.100.1 255.255.255.0

 dhcp select interface   //配置接口的DHCP

#

interface Vlanif101

 ip address 192.168.101.1 255.255.255.0

 dhcp select interface    //配置接口的DHCP

 dhcp server excluded-ip-address 192.168.101.100  //排除GW的IP地址

 

AC-WLAN配置

[AC6005]dis thiscapwap source interface vlanif100

 

[AC6005]wlan

[AC6005-wlan-view]ap-gr

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-view]quit

[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fcaa-7e80

[AC6005-wlan-ap-0]ap-name wfy

[AC6005-wlan-ap-0]ap-group wfy

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

 

[AC6005-wlan-view]security-profile name wfy

[AC6005-wlan-sec-prof-wfy]security wpa2 psk pass-phrase 12345678 aes

[AC6005-wlan-view]ssid-profile name wfy

[AC6005-wlan-ssid-prof-wfy]ssid wfy

 

[AC6005-wlan-view]vap-profile name wfy

[AC6005-wlan-vap-prof-wfy]ssid-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]security-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]service-vlan vlan-id 101

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]forward-mode  direct-forward

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all

Info: This operation may take a few seconds, please wait...done.

 

 

 

 

 

 

 

 

Ac上还需要有一条默认路由指向上层路由器

 

 

 

2/直连二层组网隧道转发

 

现在是隧道模式,其特点如下

 

并且在该模式下,在AC和AP之间的交换机,仅可以放行AP的管理VLAN通行即可

 

实际配置

Gw不变,

SW1

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

 

interface Ethernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10

AC配置

[AC6005]capwap source inter vlan 10

 

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 20

#

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 dhcp select interface

#

interface Vlanif20

 ip address 20.0.0.2 255.255.255.0

 dhcp select interface

 dhcp server excluded-ip-address 20.0.0.1

 

WLAN配置

只有一处改动,

那就是在VAP模板中的forward-mode 转发模式

 

vap-profile name wfy

  forward-mode tunnel

  service-vlan vlan-id 20

  ssid-profile wfy

  security-profile wfy

 

 

OK no problem

 

 

 

其实最主要的就是要搞明白,接入交换机上接口的VLAN配置,以及trunk的配置,

究竟哪里设置pvid,哪里放行具体的vlan,

 

------------------------------------------

CCIE成长之路 --- 梅利

 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 WLAN-案例-2-旁挂二层组网(直接转发/隧道转发) WLAN-案例-3-直连三层组网(直接转发/隧道转发) WLAN-案例-4-旁挂三层组网(直接转发/隧道转发) 实验3:二层直连式WLAN组网设计 二层转发原理 二层转发原理 华为无线WLAN二层 三层组网实例 AC(V2R6&R7版本)配置旁挂二层组网直接转发示例【AP+二层交换机+三层交换机+旁挂AC+出口网关】 二层转发原理详解(一) 二层转发原理详解(二)
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM