链接01|链接02
链接03

中型wlan部署有线和无线实验

  • admin 发布于 2025-08-02
  • 分类:ccna
  • 阅读(14)
  • 评论(0)
优质老薛主机推荐:15%终身付款折扣:xwseo15 25%首次付款折扣 : xwseo115 点击下图进入购买

中型wlan部署有线和无线实验:

实验需求:

pc1:vlan 8  有线网络,电脑pc1可以上外网8.8.8.8

pc2:vlan 9  有线网络,电脑pc2可以上外网8.8.8.8

ap1放两个信号,vlanid分别为vlan8和vlan9,对应的ssid分别为hcip和hcie,其中hcip为直接转发模式,hcie为隧道转发。并且抓包分析直接转发和隧道转发的区别。

实验说明:实验ap自动获取的ip可能会变,所以只需要理解原理即可。

笔记梳理:

capwap source ip-address 192.168.100.1
//配置capwap源地址用于建立capwap隧道

[AC6605]wlan
[AC6605-wlan-view]ap auth-mode no-auth ap上线不认证
[AC6605-wlan-view]ap auth-mode mac-auth 先上线再更改为mac认证即可

1.网页修改密码
2.配置了vlanif
3.配置了dhcp
4.capwap源
5.修改认证
6.ap上线

7.wlan业务配置
1)ap组
wlan
ap-group name 1f
ap-group name 2f
2)将ap移动到ap组
[AC6605]wlan
[AC6605-wlan-view]ap-id 0
[AC6605-wlan-ap-0]ap-group 1f
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC6605-wlan-ap-0]dis th
#
ap-group 1f
#
return
[AC6605]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
cfg : config [1]
nor : normal [1]
——————————————————————————–
———————-
ID MAC Name Group IP Type State
STA Uptime
——————————————————————————–
———————-
0 00e0-fc78-7f80 00e0-fc78-7f80 1f 192.168.100.46 AP6050DN cfg
0 –
1 00e0-fc1b-1b30 00e0-fc1b-1b30 default 192.168.100.198 AP6050DN nor
0 3M:40S
———————————–
给ap命名
[AC6605]wlan
[AC6605-wlan-view]ap-id 1
[AC6605-wlan-ap-1]ap-name 2f
[AC6605-wlan-ap-1]dis th
#
ap-name 2f
ap-group 2f
[Huawei]
===== CAPWAP LINK IS UP!!! =====
[2f]
[2f]
[2f]
ssid模板:
[AC6605]wlan
[AC6605-wlan-view]ssid-profile name hcip
[AC6605-wlan-ssid-prof-hcip]ssid hcip

[AC6605]wlan
[AC6605-wlan-view]ssid-profile name hcie
[AC6605-wlan-ssid-prof-hcie]ssid hcie
安全模板:
[AC6605-wlan-view]security-profile name 123123
[AC6605-wlan-sec-prof-123123]security wpa-wpa2 psk pass-phrase 123123123 aes 预共享密钥
security-profile name 456456
security wpa-wpa2 psk pass-phrase 456456456 aes
创建vap模板再调用ssid模板和安全模板,决定这个vap发送的无线信号名称和密码,同时配置业务vlan
vap模板
[AC6605-wlan-view]vap-profile name vap1
[AC6605-wlan-vap-prof-vap1]ssid-profile hcip
[AC6605-wlan-vap-prof-vap1]security-profile 123123
[AC6605-wlan-vap-prof-vap1]service-vlan vlan-id 8
vap2
[AC6605-wlan-view]vap-profile name vap2
[AC6605-wlan-vap-prof-vap1]ssid-profile hcie
[AC6605-wlan-vap-prof-vap1]security-profile 456456
[AC6605-wlan-vap-prof-vap1]service-vlan vlan-id 9

vap-profile name vap2
ssid-profile hcie
security-profile 456456
service-vlan vlan-id 9
ap或者ap组再调用vap模板,即可发送无线信号
[AC6605-wlan-view]ap-group name 1f
[AC6605-wlan-ap-group-1f]vap-profile vap1 wlan 1 ra //代表第一个wlan 1
[AC6605-wlan-ap-group-1f]vap-profile vap1 wlan 1 radio 0
核心交换机配置dhcp
[AC6605-wlan-ap-group-1f]vap-profile vap1 wlan 1 radio 1 放两种信号5g和2.4g

隧道转发:流量需要经过ac
直接转发:不需要经过ac

直接转发数据包封装:
eth II AA-BB
VLAN 9
192.168.9.100-8.8.8.8
ICMP PING

隧道转发数据包封装:
eth cc-dd
ip:192.168.100.46-192.168.100.1
udp5647
capwap
eth II AA-BB
VLAN 9
192.168.9.100-8.8.8.8
ICMP PING

隧道转发:
[AC6605]wlan
[AC6605-wlan-view]vap-profile name vap2
[AC6605-wlan-vap-prof-vap2]forward-mode ?
direct-forward Direct forward
softgre Softgre profile
tunnel Tunnel
[AC6605-wlan-vap-prof-vap2]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
Info: This operation may take a few seconds, please wait…done.

[AC6605]vlan 8
Info: This operation may take a few seconds. Please wait for a moment…done.
[AC6605-vlan8]vlan 9

配置如下:

[isp]dis cu
[V200R003C00]
#
sysname isp
#
interface GigabitEthernet0/0/0
ip address 202.100.1.1 255.255.255.0
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255

AR1的配置如下:

[AR1]dis cu
[V200R003C00]
#
sysname AR1
#
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
ip address 202.100.1.2 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 1.1.1.1
default-route-advertise
area 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 202.100.1.1

核心交换机lsw1配置如下:

[lsw1]dis cu
#
sysname lsw1
#
vlan batch 8 to 9 12 100
#
dhcp enable
#
interface Vlanif1
#
interface Vlanif8
ip address 192.168.8.1 255.255.255.0
ospf enable 1 area 0.0.0.0
dhcp select interface
#
interface Vlanif9
ip address 192.168.9.1 255.255.255.0
ospf enable 1 area 0.0.0.0
dhcp select interface
#
interface Vlanif12
ip address 12.1.1.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 12
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 8 to 9 100
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 8 to 9 100
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0

ac的配置如下:

[AC6605]dis cu
#
vlan batch 8 to 9 100
#
dhcp enable
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 9 100
#
capwap source ip-address 192.168.100.1
#
wlan
security-profile name 123123
security wpa-wpa2 psk pass-phrase %^%#Uai{5,#U4V,@tUDK]WR9RcSV”>/YjR4}gf9Z/C&8
%^%# aes
security-profile name 456456
security wpa-wpa2 psk pass-phrase %^%#D/RGZE7BXG1;\h*,X0&RX4MAIUz,|0PEGB):gCTT
%^%# aes
ssid-profile name hcie
ssid hcie
ssid-profile name hcip
ssid hcip
ssid-profile name default
vap-profile name vap1
service-vlan vlan-id 8
ssid-profile hcip
security-profile 123123
vap-profile name vap2
forward-mode tunnel
service-vlan vlan-id 9
ssid-profile hcie
security-profile 456456
ap-group name 1f
radio 0
vap-profile vap1 wlan 1
radio 1
vap-profile vap1 wlan 1
vap-profile vap2 wlan 2
ap-group name 2f
ap-group name default
ap-id 0 type-id 56 ap-mac 00e0-fc78-7f80 ap-sn 210235448310D2769857
ap-group 1f
ap-id 1 type-id 56 ap-mac 00e0-fc1b-1b30 ap-sn 210235448310055D9C40
ap-name 2f
ap-group 2f
#

接入交换机lsw2配置如下:

[lsw2]dis cu
#
sysname lsw2
#
vlan batch 8 to 9 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 8 to 9 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 8
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 9
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 8 to 9 100

接入交换机lsw3配置如下:

[lsw3]dis cu
#
sysname lsw3
#
vlan batch 8 to 9 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 8 to 9 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100

验证现象:

赞 (0)
分享到:更多 ()
标签:

相关推荐