逻辑拓扑如下:
管理vlan: 200 业务vlan:100
DHCP服务器: AC为AP分配地址:192.168.200.0/24 , 汇聚层SW172客户端分配地址.16.0.1/22
AC其他详情请参考官方手册:
POE交换机设置:
[POE]vlan batch 100 200
interface Ethernet0/0/1
description POE to SW
port link-type trunk
port trunk allow-pass vlan 100 200
interface Ethernet0/0/2
description POE to AP
port link-type trunk
port trunk pvid vlan 200
port trunk allow-pass vlan 100 200
port-isolate enable group 1
SW核心交换机配置:
vlan batch 100 200 300
interface GigabitEthernet0/0/1
description SW to POE
port link-type trunk
port trunk allow-pass vlan 100 200 300
interface GigabitEthernet0/0/23
description SW to AC
port link-type trunk
port trunk allow-pass vlan 100 200
[SW]dhcp enable
interface GigabitEthernet0/0/24
description SW to FW
port link-type access
port default vlan 300
interface Vlanif100
ip address 172.16.0.1 255.255.252.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
interface Vlanif 300
ip address 192.168.100.253 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 #设置默认路由指向防火墙
AC配置:
vlan batch 100 200
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
[AC]dhcp enable
interface Vlanif200
ip address 192.168.200.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
[AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view]quit
[AC]capwap source interface Vlanif 200 (这里的vlan 是管理ap的vlan)
ap auth-mode在缺乏命令的情况下MAC认证,如果之前没有修改其缺失配置,可以不执行ap auth-mode mac-auth。
[AC]wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 00e0-fc51-6e60
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0] quit
[AC-wlan-ap-0]display ap all 查看上线的ap
[AC-wlan-view]security-profile name laotang
[AC-wlan-sec-prof-laotang]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-laotang]quit
[AC-wlan-view]ssid-profile name laotang
[AC-wlan-ssid-prof-laotang]ssid laotang
[AC-wlan-ssid-prof-laotang]quit
[AC-wlan-view]vap-profile name laotang
[AC-wlan-vap-prof-laotang]forward-mode direct-forward
[AC-wlan-vap-prof-laotang]service-vlan vlan-id 100
[AC-wlan-vap-prof-laotang]security-profile laotang
[AC-wlan-vap-prof-laotang]ssid-profile laotang
[AC-wlan-vap-prof-laotang]quit
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 0
[AC-wlan-ap-group-ap-group1]vap-profile laotang wlan 1 radio 1
[AC-wlan-ap-group-ap-group1]quit
[AC-wlan-view] display vap ssid wlan-net 查询
此时的ap信号已经打开
笔记本已经可以连上了
接着配置防火墙,路由器,因为华为模拟器防火墙支持web我们在这里使用所有的端配置web端配置。
配置游览器输入管理地址(建议使用火狐)
1.根据快速导向配置
2.选择手动时间
3.根据实际情况选择互联网模式
4.根据实际情况选择局域网接口
5.因为我的核心交换机已经配置好了dhcp,不需要在这里打开dhcp了
6.向导已经完成
7.接下来,打开防火墙的策略
8.然后设置nat进行转换
ip route-static 172.16.0.0 255.255.252.0 192.168.100.253 设置静态路由指向核心交换机
接口模式下允许ping: service-manage ping permit
由于我的破笔记本太渣了, 中途死机了, 导致实验中断, 后面不能测试!!!!