WLAN-案例-1直連二層組網（直接轉發發/隧道轉發）

1/直連二層組網直接轉發

 

 

配置建議

建議在與AP直連的設備接口上配置端口隔離，如果不配置端口隔離，尤其是業務數據轉發方式采用直接轉發時，可能會在VLAN內形成大量不必要的廣播報文，導致網絡阻塞，影響用戶體驗。

隧道轉發模式下，管理VLAN和業務VLAN不能配置為同一VLAN，且AP和AC之間只能放通管理VLAN，不能放通業務VLAN。

 

配置配置

1 GW配置

[r1]inter g0/0/0

[r1-GigabitEthernet0/0/0]ip add 192.168.101.100 24

 

2 SW配置（接入層）

[sw]vlan batch 100 101

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

 port-isolate enable group 1

 

3 AC配置

 

 

 接口狀態

 

interface Vlanif100

 ip address 192.168.100.1 255.255.255.0

 dhcp select interface   //配置接口的DHCP

#

interface Vlanif101

 ip address 192.168.101.1 255.255.255.0

 dhcp select interface    //配置接口的DHCP

 dhcp server excluded-ip-address 192.168.101.100  //排除GW的IP地址

 

AC-WLAN配置

[AC6005]dis thiscapwap source interface vlanif100

 

[AC6005]wlan

[AC6005-wlan-view]ap-gr

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-view]quit

[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fcaa-7e80

[AC6005-wlan-ap-0]ap-name wfy

[AC6005-wlan-ap-0]ap-group wfy

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

 

[AC6005-wlan-view]security-profile name wfy

[AC6005-wlan-sec-prof-wfy]security wpa2 psk pass-phrase 12345678 aes

[AC6005-wlan-view]ssid-profile name wfy

[AC6005-wlan-ssid-prof-wfy]ssid wfy

 

[AC6005-wlan-view]vap-profile name wfy

[AC6005-wlan-vap-prof-wfy]ssid-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]security-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]service-vlan vlan-id 101

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]forward-mode  direct-forward

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all

Info: This operation may take a few seconds, please wait...done.

 

 

 

 

 

 

 

 

Ac上還需要有一條默認路由指向上層路由器

 

 

 

2/直連二層組網隧道轉發

 

現在是隧道模式，其特點如下

 

並且在該模式下，在AC和AP之間的交換機，僅可以放行AP的管理VLAN通行即可

 

實際配置

Gw不變，

SW1

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

 

interface Ethernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10

AC配置

[AC6005]capwap source inter vlan 10

 

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

 

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 20

#

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 dhcp select interface

#

interface Vlanif20

 ip address 20.0.0.2 255.255.255.0

 dhcp select interface

 dhcp server excluded-ip-address 20.0.0.1

 

WLAN配置

只有一處改動，

那就是在VAP模板中的forward-mode 轉發模式

 

vap-profile name wfy

  forward-mode tunnel

  service-vlan vlan-id 20

  ssid-profile wfy

  security-profile wfy

 

 

OK no problem

 

 

 

其實最主要的就是要搞明白，接入交換機上接口的VLAN配置，以及trunk的配置，

究竟哪里設置pvid，哪里放行具體的vlan,

 

------------------------------------------

CCIE成長之路 --- 梅利