IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)
由于这个是之前做的实验配置,那我就不过多备注了,直接就发各个交换机的配置了
LSW1:
sysname SW1
undo info-center enable
vlan batch 2 4 6
interface Ethernet0/0/2
port link-type access
port default vlan 6
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 4
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 4 6
LSW2:
sysname SW2
undo info-center enable
vlan batch 2 4 6
interface Ethernet0/0/1
port link-type access
port default vlan 6
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 4 6
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 4 6
LSW3:
sysname SW3
undo info-center enable
vlan batch 2 4 6
interface Ethernet0/0/1
port link-type access
port default vlan 6
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 4
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 4 6
LSW4:
sysname SW4
undo info-center enable
vlan batch 3 5 7
interface Ethernet0/0/1
port link-type access
port default vlan 7
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 3 5
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 3 5 7
LSW5:
sysname SW5
undo info-center enable
vlan batch 3 5 7
interface Ethernet0/0/1
port link-type access
port default vlan 7
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 3 5
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 3 5 7
LSW6:
sysname SW6
undo info-center enable
vlan batch 8 to 10
interface Eth-Trunk3
port link-type trunk
port trunk allow-pass vlan 8 to 10
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface GigabitEthernet0/0/1
port link-type access
port default vlan 8
interface GigabitEthernet0/0/2
port link-type access
port default vlan 9
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
LSW7:
sysname SW7
undo info-center enable
vlan batch 2 4 6 11
dhcp enable
interface Vlanif2
ip address 192.1.2.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif4
ip address 192.1.4.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif6
ip address 192.1.6.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif11
ip address 192.1.11.254 255.255.255.0
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 4 11
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 4 6
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 4 6
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 4 6
interface GigabitEthernet0/0/4
eth-trunk 1
interface GigabitEthernet0/0/5
eth-trunk 1
ospf 1
area 0.0.0.1
network 192.1.2.0 0.0.0.255
network 192.1.4.0 0.0.0.255
network 192.1.6.0 0.0.0.255
network 192.1.11.0 0.0.0.255
LSW8:
sysname SW8
undo info-center enable
vlan batch 3 5 7 12
dhcp enable
interface Vlanif3
ip address 192.1.3.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif5
ip address 192.1.5.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif7
ip address 192.1.7.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface Vlanif12
ip address 192.1.12.254 255.255.255.0
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 3 5 7 12
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 3 5 7
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 3 5 7
interface GigabitEthernet0/0/3
eth-trunk 2
interface GigabitEthernet0/0/4
eth-trunk 2
ospf 1
area 0.0.0.1
network 192.1.3.0 0.0.0.255
network 192.1.5.0 0.0.0.255
network 192.1.7.0 0.0.0.255
network 192.1.12.0 0.0.0.255
LSW9:
sysname SW9
undo info-center enable
vlan batch 2 to 5 8 to 12
dhcp enable
interface Vlanif1
ip address 192.1.1.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.1.1.253
interface Vlanif8
ip address 192.1.8.254 255.255.255.0
interface Vlanif9
ip address 192.1.9.254 255.255.255.0
interface Vlanif10
ip address 192.1.10.254 255.255.255.0
interface Vlanif11
ip address 192.1.11.254 255.255.255.0
interface Vlanif12
ip address 192.1.12.254 255.255.255.0
inteface MEth0/0/1
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 4 11
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 3 5 12
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface Eth-Trunk3
port link-type trunk
port trunk allow-pass vlan 8 to 10
mode lacp-static
load-balance src-dst-mac
max active-linknumber 2
interface GigabitEthernet0/0/1
eth-trunk 1
interface GigabitEthernet0/0/2
eth-trunk 1
interface GigabitEthernet0/0/3
eth-trunk 2
interface GigabitEthernet0/0/4
eth-trunk 2
interface GigabitEthernet0/0/5
eth-trunk 3
interface GigabitEthernet0/0/6
eth-trunk 3
interface GigabitEthernet0/0/7
port link-type trunk
port trunk allow-pass vlan 2 to 5
ospf 1
area 0.0.0.1
network 192.1.1.0 0.0.0.255
network 192.1.8.0 0.0.0.255
network 192.1.9.0 0.0.0.255
network 192.1.10.0 0.0.0.255
network 192.1.11.0 0.0.0.255
network 192.1.12.0 0.0.0.255
AC:
sysname AC
vlan batch 2 to 5
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
dhcp enable
pki realm default
rsa local-key-pair default
enrollment self-signed
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
free-rule-template name default_free_rule
portal-access-profile name portal_access_profile
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher 123456
local-user admin privilege level 15
local-user admin service-type http
interface Vlanif1
ip address 192.1.1.253 255.255.255.0
dhcp select interface
dhcp server dns-list 192.1.10.1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 5
interface GigabitEthernet0/0/21
undo negotiation auto
duplex half
interface GigabitEthernet0/0/22
undo negotiation auto
duplex half
interface GigabitEthernet0/0/23
undo negotiation auto
duplex half
interface GigabitEthernet0/0/24
undo negotiation auto
duplex half
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
capwap source interface vlanif1
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
wlan
traffic-profile name default
security-profile name xiaoze1
security wpa2 psk pass-phrase 123456 aes
security-profile name xiaoze2
security wpa2 psk pass-phrase 123456 aes
ssid-profile name ssid1
ssid xiaoze1
ssid-profile name ssid2
ssid xiaoze2
ssid-profile name ssid3
ssid xiaoze3
ssid-profile name ssid4
ssid xiaoze4
ssid-profile name default
vap-profile name vap1
forward-mode tunnel
service-vlan vlan-id 2
ssid-profile ssid1
security-profile xiaoze1
vap-profile name vap2
forward-mode tunnel
service-vlan vlan-id 4
ssid-profile ssid2
security-profile xiaoze2
vap-profile name vap3
forward-mode tunnel
service-vlan vlan-id 3
ssid-profile ssid3
security-profile xiaoze1
vap-profile name vap4
forward-mode tunnel
service-vlan vlan-id 5
ssid-profile ssid4
security-profile xiaoze2
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap-group name apzu1
radio 0
vap-profile vap1 wlan 1
vap-profile vap2 wlan 2
radio 1
vap-profile vap1 wlan 1
vap-profile vap2 wlan 2
ap-group name apzu2
radio 0
vap-profile vap3 wlan 3
vap-profile vap4 wlan 4
radio 1
vap-profile vap3 wlan 3
vap-profile vap4 wlan 4
ap-group name default
ap-id 1 type-id 61 ap-mac 00e0-fc22-6350 ap-sn 210235448310D73D370B
ap-name AP1
ap-group apzu1
ap-id 2 type-id 61 ap-mac 00e0-fca3-28d0 ap-sn 210235448310BE27A030
ap-name AP2
ap-group apzu1
ap-id 3 type-id 61 ap-mac 00e0-fc2e-48f0 ap-sn 210235448310B7605154
ap-name AP3
ap-group apzu1
ap-id 4 type-id 61 ap-mac 00e0-fc79-03f0 ap-sn 2102354483103E328202
ap-name AP4
ap-group apzu2
ap-id 5 type-id 61 ap-mac 00e0-fccc-3100 ap-sn 2102354483103B09A541
ap-name AP5
ap-group apzu2
provision-ap
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
以下为无线的联通测试还有无线网络的IP获取
登录ftp
访问web
无线设备ping web
可以适当添加策略
acl 3010
rule 10 deny tcp source 192.1.2.0 0.0.0.255 destination 192.1.9.1 0
rule 20 deny tcp source 192.1.3.0 0.0.0.255 destination 192.1.9.1 0
rule 30 permit tcp source 192.1.4.0 0.0.0.255 destination 192.1.9.1 0
rule 40 permit tcp source 192.1.5.0 0.0.0.255 destination 192.1.9.1 0
rule 50 permit tcp source 192.1.6.0 0.0.0.255 destination 192.1.9.1 0
rule 60 permit tcp source 192.1.7.0 0.0.0.255 destination 192.1.9.1 0
acl 3020
rule 10 permit tcp source any destination 192.1.8.1 0
traffic-filter vlan 9 inbound acl 3010
traffic-filter vlan 8 inbound acl 3020