实验说明
本次实验采购三层旁挂组网方式,同时采购隧道转发和本地转发两种模式进行组网。
实验拓扑图
实验要求:
1、完成基础网络的互联互通配置;
2、WLAN采购三层旁挂组网+隧道转发+直接转发;
3、提供2个无线SSID,分别为给企业员工和外部访客上网
实验规划:
管理VLAN:10
业务VLAN:20/30
SSID:Niu-Office 密码:12345678
VLAN:20
安全策略:WPA-WPA2+AES
转发模式:直接转发
SSID:Niu-Office 密码:无
VLAN:30
安全策略:开放系统
转发模式:隧道转发
步骤一:基础配置网络互通
SW2配置如下: [SW2]vlan batch 10 20 [SW2]interface GigabitEthernet0/0/1 [SW2-GigabitEthernet0/0/1] port link-type trunk [SW2-GigabitEthernet0/0/1] port trunk pvid vlan 10 ..............VID设置为管理vlan10 [SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 ........允许管理vlan10和直接转发的业务vlan20 [SW2-GigabitEthernet0/0/1] quit [SW2]interface GigabitEthernet0/0/2 [SW2-GigabitEthernet0/0/2] port link-type trunk [SW2-GigabitEthernet0/0/2] port trunk pvid vlan 10 [SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20 [SW2-GigabitEthernet0/0/2] quit [SW2]interface GigabitEthernet0/0/3 [SW2-GigabitEthernet0/0/3] port link-type trunk [SW2-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 ........允许管理vlan10和直接转发的业务vlan20 [SW2-GigabitEthernet0/0/3] quit
SW1配置如下:
[SW1]vlan batch 10 20 30 50 60 .............................批量创建VLAN10/20/30/50/60 [SW1]interface GigabitEthernet0/0/1 .......................端口划分 [SW1-GigabitEthernet0/0/1] port link-type access [SW1-GigabitEthernet0/0/1] port default vlan 50 [SW1-GigabitEthernet0/0/1] quit [SW1]interface GigabitEthernet0/0/2 [SW1-GigabitEthernet0/0/2] port link-type trunk [SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 30 60 ........允许互通的VLAN60和隧道转发的业务VLAN30 [SW1-GigabitEthernet0/0/2] quit [SW1]interface GigabitEthernet0/0/3 [SW1-GigabitEthernet0/0/3] port link-type trunk [SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20 ........允许管理VLAN10和直接转发的业务VLAN20 [SW1-GigabitEthernet0/0/3] quit
[SW1]interface Vlanif10 [SW1-Vlanif10] ip address 10.0.10.1 255.255.255.0 .........................配置虚拟端口,实现三层互通 [SW1-Vlanif10] quit [SW1]interface Vlanif20 [SW1-Vlanif20] ip address 10.0.20.1 255.255.255.0 [SW1-Vlanif20] quit [SW1]interface Vlanif30 [SW1-Vlanif30] ip address 10.0.30.1 255.255.255.0 [SW1-Vlanif30] quit [SW1]interface Vlanif50 [SW1-Vlanif50] ip address 10.0.50.2 255.255.255.0 [SW1-Vlanif50] quit [SW1]interface Vlanif60 [SW1-Vlanif60] ip address 10.0.60.2 255.255.255.0 [SW1-Vlanif60] quit [SW1]ip route-static 0.0.0.0 0.0.0.0 10.0.50.1 [SW1]ip route-static 10.10.10.10 255.255.255.255 10.0.60.1
AR1配置如下:
[AR1]interface GigabitEthernet0/0/1 [AR1-GigabitEthernet0/0/1] ip address 10.0.50.1 255.255.255.0 [AR1-GigabitEthernet0/0/1] quit [AR1]interface LoopBack0 [AR1-LoopBack0] ip address 1.1.1.1 255.255.255.255 [AR1-LoopBack0] quit [AR1]ip route-static 10.0.20.0 255.255.255.0 10.0.50.2 [AR1]ip route-static 10.0.30.0 255.255.255.0 10.0.50.2
AC1配置如下:
[AC1]vlan batch 30 60 [AC1]interface Vlanif60 [AC1-Vlanif60] ip address 10.0.60.1 255.255.255.0 [AC1-Vlanif60]quit [AC1]interface GigabitEthernet0/0/1 [AC1-GigabitEthernet0/0/1] port link-type trunk [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 30 60 [AC1-GigabitEthernet0/0/1] quit [AC1]interface LoopBack0 [AC1-LoopBack0] ip address 10.10.10.10 255.255.255.255
步骤二:配置AP上线
【SW1】配置DHCP服务
在【SW1】的DHCP服务中为AP指定AC的地址
[SW1]dhcp enable ..........................启用全局DHCP功能
#为管理VLAN和业务VLAN创建地址池 [SW1]ip pool vlan10 ..........................创建地址池vlan10 [SW1-ip-pool-vlan10] gateway-list 10.0.10.1 ..........................配置网关IP地址 [SW1-ip-pool-vlan10] network 10.0.10.0 mask 255.255.255.0 ................配置网关及掩码 [SW1-ip-pool-vlan10] option 43 sub-option 2 ip-address 10.10.10.10 ....在dhcp服务中为AP指定AC的IP地址 [SW1-ip-pool-vlan10] quit [SW1]ip pool vlan20 ............................为企业员工创建地址池vlan20 [SW1-ip-pool-vlan20] gateway-list 10.0.20.1 [SW1-ip-pool-vlan20] network 10.0.20.0 mask 255.255.255.0 [SW1-ip-pool-vlan20] quit [SW1]ip pool vlan30 .............................为外部访客创建地址池vlan30 [SW1-ip-pool-vlan30] gateway-list 10.0.30.1 [SW1-ip-pool-vlan30] network 10.0.30.0 mask 255.255.255.0 [SW1-ip-pool-vlan30] quit
#接口下启用全局地址池 [SW1]interface Vlanif10 [SW1-Vlanif10] dhcp select global [SW1-Vlanif10] quit [SW1]interface Vlanif20 [SW1-Vlanif20] dhcp select global [SW1-Vlanif20] quit [SW1]interface Vlanif30 [SW1-Vlanif30] dhcp select global [SW1-Vlanif30] quit
【AC1】配置如下:
#配置AC源接口地址为loopback0
[AC1] capwap source interface loopback0
#创建AP组xiaoniu
[AC1-wlan-view] ap-group name xiaoniu
[AC1-wlan-ap-group-xiaoniu]
[AC1-wlan-ap-group-xiaoniu] quit
#配置AP认证方式为MAC认证,并添加AP,进行命名后加入AP组xiaoniu
[AC1-wlan-ap-0]ap-id 0 ap-mac 00e0-fcad-4a30
[AC1-wlan-view] ap-name AP1
[AC1-wlan-ap-0] ap-group xiaoniu
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:Y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC1-wlan-view] ap-id 1 ap-mac 00e0-fc69-02d0
[AC1-wlan-view] ap-name AP2
[AC1-wlan-ap-1] ap-group xiaoniu
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:Y
Info: This operation may take a few seconds. Please wait for a moment.. done.
步骤三:配置WLAN业务
【AC1】配置如下
[AC1]wlan [AC1-wlan-view] ssid-profile name Niu-Office [AC1-wlan-ssid-prof-Niu-Office] ssid Niu-Office [AC1-wlan-ssid-prof-Niu-Office] quit [AC1-wlan-view] ssid-profile name Niu-Guest [AC1-wlan-ssid-prof-Niu-Guest] ssid Niu-Guest [AC1-wlan-ssid-prof-Niu-Guest] quit [AC1-wlan-view] security-profile name Niu-Office [AC1-wlan-sec-prof-Niu-Office] security wpa-wpa2 psk pass-phrase 12345678 aes [AC1-wlan-view]security-profile name Niu-Guest [AC1-wlan-sec-prof-Niu-Guest] security open [AC1-wlan-sec-prof-Niu-Guest] quit [AC1-wlan-view] vap-profile name Niu-Office [AC1-wlan-vap-prof-Niu-Office] ssid-profile Niu-Office [AC1-wlan-vap-prof-Niu-Office] security-profile Niu-Office [AC1-wlan-vap-prof-Niu-Office] forward-mode direct-forward [AC1-wlan-vap-prof-Niu-Office] service-vlan vlan-id 20 [AC1-wlan-vap-prof-Niu-Office] quit [AC1-wlan-view] vap-profile name Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] forward-mode tunnel [AC1-wlan-vap-prof-Niu-Guest] service-vlan vlan-id 30 [AC1-wlan-vap-prof-Niu-Guest] ssid-profile Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] security-profile Niu-Guest [AC1-wlan-vap-prof-Niu-Guest] quit [AC1-wlan-view] regulatory-domain-profile name xiaoniu [AC1-wlan-regulate-domain-xiaoniu] country-code CN [AC1-wlan-regulate-domain-xiaoniu] quit
验证命令:
暂未写完,后续会慢慢补充每一步骤详细说明