DATACOM

AC旁挂三层组网-直接转发

作者ericwong,发布于 留下评论

旁挂三层组网-直接转发

1.拓扑图

image-20250618161849640

image-20250618134325013

2.配置AR1

<Huawei>sys
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.111.1 24
[Huawei]ip route-static 192.168.0.0 16 192.168.111.2

3.配置LSW1

<Huawei>sys
[Huawei]undo info-center enable
[Huawei]vlan batch 100 101 102 111 200

[Huawei]interface vlanif100
[Huawei-Vlanif100]ip address 192.168.100.1 24
[Huawei-Vlanif100]interface vlanif101
[Huawei-Vlanif101]ip address 192.168.101.1 24
[Huawei-Vlanif101]interface vlanif102
[Huawei-Vlanif102]ip address 192.168.102.1 24
[Huawei-Vlanif102]interface vlanif200
[Huawei-Vlanif200]ip address 192.168.200.1 24
[Huawei-Vlanif200]interface vlanif111
[Huawei-Vlanif111]ip address 192.168.111.2 24

[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 111
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]interface GigabitEthernet 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 200
[Huawei-GigabitEthernet0/0/3]quit

[Huawei]interface GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk pvid vlan 100
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102

[Huawei]ip route-static 0.0.0.0 0 192.168.111.1

[Huawei]ip pool 100    
[Huawei-ip-pool-100]network 192.168.100.0 mask 24
[Huawei-ip-pool-100]gateway-list 192.168.100.1
[Huawei-ip-pool-100]option 43 sub-option 3 ascii 192.168.200.10
[Huawei-ip-pool-100]quit

[Huawei]ip pool 101
[Huawei-ip-pool-101]network 192.168.101.0 mask 24
[Huawei-ip-pool-101]gateway-list 192.168.101.1
[Huawei-ip-pool-101]dns-list 8.8.8.8
[Huawei-ip-pool-101]quit

[Huawei]ip pool 102
[Huawei-ip-pool-102]network 192.168.102.0 mask 24
[Huawei-ip-pool-102]gateway-list 192.168.102.1
[Huawei-ip-pool-102]dns-list 8.8.8.8
[Huawei-ip-pool-102]quit

[Huawei]dhcp enable
[Huawei]interface vlanif100
[Huawei-Vlanif100]dhcp select global

[Huawei-Vlanif100]interface vlanif 101
[Huawei-Vlanif101]dhcp select global

[Huawei-Vlanif101]interface vlanif102
[Huawei-Vlanif102]dhcp select global

4.配置LSW2

[Huawei]undo info-center enable
[Huawei]vlan batch 100 101 102

[Huawei]port-group 1to4
[Huawei-port-group-1to4]group-member Ethernet 0/0/1 to Ethernet 0/0/4
[Huawei-port-group-1to4]port link-type trunk
[Huawei-port-group-1to4]port trunk pvid vlan 100
[Huawei-port-group-1to4]port trunk allow-pass vlan 100 101 102
[Huawei-port-group-1to4]quit

[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk pvid vlan 100
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101 102

5.配置AC

<AC6005>sys
[AC6005]vlan 200
[AC6005-vlan200]quit

[AC6005]interface vlanif 200
[AC6005-Vlanif200]ip address 192.168.200.10 24
[AC6005-Vlanif200]quit

[AC6005]interface GigabitEthernet 0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type access
[AC6005-GigabitEthernet0/0/1]port default vlan 200

[AC6005]ip route-static 0.0.0.0 0 192.168.200.1

6.配置AP上线

6.1.指定和AP建立CAPWAP的地址或接口

[AC6005]capwap source interface vlanif 200

6.2.配置域管理模块

[AC6005]wlan
[AC6005-wlan-view]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]country-code cn
[AC6005-wlan-regulate-domain-default]quit

6.2.配置域管理模块

[AC6005-wlan-view]regulatory-domain-profile name default
[AC6005-wlan-regulate-domain-default]country-code cn
[AC6005-wlan-regulate-domain-default]quit

6.3.创建AP组

<AC6005>sys
[AC6005]wlan
[AC6005-wlan-view]ap-group name ap-office1
[AC6005-wlan-ap-group-ap-office1]regulatory-domain-profile default
[AC6005-wlan-ap-group-ap-office1]quit

[AC6005-wlan-view]ap-group name ap-office2
[AC6005-wlan-ap-group-ap-office2]regulatory-domain-profile default
[AC6005-wlan-ap-group-ap-office2]quit

6.4.连接AP并加入AP组

[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-id 1 ap-mac 00e0-fc58-6a60
[AC6005-wlan-ap-1]ap-name ap1
[AC6005-wlan-ap-1]ap-group ap-office1
[AC6005-wlan-ap-1]quit

[AC6005-wlan-view]ap auth-mode mac-auth 
[AC6005-wlan-view]ap-id 2 ap-mac 00e0-fc42-3880
[AC6005-wlan-ap-2]ap-name ap2
[AC6005-wlan-ap-2]ap-group ap-office1
[AC6005-wlan-ap-2]quit

[AC6005-wlan-view]ap auth-mod mac-auth
[AC6005-wlan-view]ap-id 3 ap-mac 00e0-fc27-7250
[AC6005-wlan-ap-3]ap-name ap3
[AC6005-wlan-ap-3]ap-group ap-office2
[AC6005-wlan-ap-3]quit

[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-id 4 ap-mac 00e0-fcdc-2ca0
[AC6005-wlan-ap-4]ap-name ap4
[AC6005-wlan-ap-4]ap-group ap-office2
[AC6005-wlan-ap-4]quit

6.5.创建SSID模板

[AC6005-wlan-view]ssid-profile name ssid-office1
[AC6005-wlan-ssid-prof-ssid-office1]ssid AP-office1
[AC6005-wlan-ssid-prof-ssid-office1]quit

[AC6005-wlan-view]ssid-profile name ssid-office2
[AC6005-wlan-ssid-prof-ssid-office2]ssid AP-office2
[AC6005-wlan-ssid-prof-ssid-office2]quit

6.6.配置安全模块

[AC6005-wlan-view]security-profile name Sec-office1
[AC6005-wlan-sec-prof-Sec-office1]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6005-wlan-sec-prof-Sec-office1]quit

[AC6005-wlan-view]security-profile name Sec-office2
[AC6005-wlan-sec-prof-Sec-office2]security wpa-wpa2 psk pass-phrase b1234567 aes
[AC6005-wlan-sec-prof-Sec-office2]quit

6.7.创建vap模块

[AC6005-wlan-view]vap-profile name vap-office1
[AC6005-wlan-vap-prof-vap-office1]forward-mode direct-forward 
[AC6005-wlan-vap-prof-vap-office1]service-vlan vlan-id 101
[AC6005-wlan-vap-prof-vap-office1]ssid-profile ssid-office1
[AC6005-wlan-vap-prof-vap-office1]security-profile Sec-office1
[AC6005-wlan-vap-prof-vap-office1]quit

[AC6005-wlan-view]vap-profile name vap-office2
[AC6005-wlan-vap-prof-vap-office2]forward-mode direct-forward 
[AC6005-wlan-vap-prof-vap-office2]service-vlan vlan-id 102
[AC6005-wlan-vap-prof-vap-office2]ssid-profile ssid-office2
[AC6005-wlan-vap-prof-vap-office2]security-profile Sec-office2
[AC6005-wlan-vap-prof-vap-office2]quit

6.8.在AP中应用模块

[AC6005-wlan-view]ap-group name ap-office1
[AC6005-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 0
[AC6005-wlan-ap-group-ap-office1]vap-profile vap-office1 wlan 1 radio 1
[AC6005-wlan-ap-group-ap-office1]quit

[AC6005-wlan-view]ap-group name ap-office2
[AC6005-wlan-ap-group-ap-office2]vap-profile vap-office2 wlan 2 radio 0
[AC6005-wlan-ap-group-ap-office2]vap-profile vap-office2 wlan 2 radio 1

#检查配置都没有错的情况下,可以尝试重启

7.测试

image-20250618170521337

image-20250618170622269

image-20250618170638870

没经过隧道

image-20250618170834567

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注