本文主要是针对于瘦AP网络规模进行基本的配置。至于瘦AP与胖AP的区别这里不做介绍。
实验中所用设备型号如下:
路由器:AR2220
交换机:S5700
AC:AC6005
AP:AP6050
本拓扑中,DHCP_Server、AC都是属于旁挂的方式接入。
基本配置操作不做说明,相信大家已经很熟练了。
display ip interface brief //显示接口简要信息,检查配置是否正确。
display ip interface brief | include up //显示开启的接口
VLAN规划相信大家也很熟练了,这里也只给出结果图。
[SW1]dis port vlan | exclude hybrid //显示接口类型是除了hybrid的接口信息。
这里由于拓扑简单,就使用静态。
[DHCP_Server]ip route-static 0.0.0.0 0 192.168.11.254 //DHCP服务器上配置默认指向SW1
[AC]ip route-static 0.0.0.0 0 192.168.22.254 //AC上配置默认指向SW1
[SW1]ip route-static 0.0.0.0 0 192.168.33.254 //SW1上配置默认指向AR1
//R1上配置去往10.1.101.0/24、10.1.102.0/24、192.168.100.0/24的静态路由,下一跳为SW1
[R1]ip route-static 10.1.101.0 24 192.168.33.1
[R1]ip route-static 10.1.102.0 24 192.168.33.1
[R1]ip route-static 192.168.100.0 24 192.168.33.1
[R1]dhcp enable
[R1]ip pool vlan100 //该地址池用于AP自动获取地址
[R1-ip-pool-vlan100]net 192.168.100.0 mask 24
[R1-ip-pool-vlan100]gateway-list 192.168.100.254
[R1-ip-pool-vlan100]excluded-ip-address 192.168.100.246 192.168.100.253
[R1-ip-pool-vlan100]option 43 sub-option 3 ascii 192.168.22.22 //该命令用于AP找到AC。
[R1-ip-pool-vlan100]quit
[R1]ip pool vlan101
[R1-ip-pool-vlan101]net 10.1.101.0 mask 24
[R1-ip-pool-vlan101]gateway-list 10.1.101.254
[R1-ip-pool-vlan101]excluded-ip-address 10.1.101.246 10.1.101.253
[R1-ip-pool-vlan101]dns-list 114.114.114.114
[R1-ip-pool-vlan101]lease day 0 hour 3 minute 0
[R1-ip-pool-vlan101]quit
[R1]ip pool vlan102
[R1-ip-pool-vlan102]net 10.1.102.0 mask 24
[R1-ip-pool-vlan102]gateway-list 10.1.102.254
[R1-ip-pool-vlan102]excluded-ip-address 10.1.102.246 10.1.102.253
[R1-ip-pool-vlan102]dns-list 114.114.114.114
[R1-ip-pool-vlan102]lease day 0 hour 3 minute 0
[R1-ip-pool-vlan102]quit
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global
[SW1]dhcp enable
[SW1]int Vlanif 100
[SW1-Vlanif100]dhcp select relay
[SW1-Vlanif100]dhcp relay server-ip 192.168.11.11
[SW1]dhcp enable
[SW1]int Vlanif 101
[SW1-Vlanif101]dhcp select relay
[SW1-Vlanif101]dhcp relay server-ip 192.168.11.11
[SW1]dhcp enable
[SW1]int Vlanif 102
[SW1-Vlanif102]dhcp select relay
[SW1-Vlanif102]dhcp relay server-ip 192.168.11.11
[AC]capwap source interface Vlanif 22 //配置信令源是虚接口22
[AC]vlan pool vlan101 //创建名为“VLAN101”的VLAN池
[AC-vlan-pool-vlan101]vlan 101 //包括VLAN101,可以包括多个。
[AC-vlan-pool-vlan101]quit
[AC]
[AC]vlan pool vlan102 //创建名为“VLAN102”的VLAN池
[AC-vlan-pool-vlan102]vlan 102
[AC-vlan-pool-vlan102]quit
[AC]
[AC]wlan //进入WLAN视图
[AC-wlan-view]regulatory-domain-profile name domain //创建名为domain的域模板
[AC-wlan-regulate-domain-domain]country-code CN //设置国家代码,CN 代表中国
[AC-wlan-regulate-domain-domain]quit
[AC-wlan-view]ap-group name jsb //创建名为jsb(技术部)的AP组
[AC-wlan-ap-group-jsb]regulatory-domain-profile domain //应用上面创建的域模板
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y //输入‘y’
[AC-wlan-ap-group-jsb]quit
[AC-wlan-view]ap-group name xsb //创建名为jsb(技术部)的AP组
[AC-wlan-ap-group-xsb]regulatory-domain-profile domain //应用上面创建的域模板
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y //输入‘y’
[AC-wlan-ap-group-xsb]quit
配置AP使用MAC地址认证,在此之前需要先去查看AP的MAC地址。
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth //设置AP认证模式为MAC地址认证
[AC-wlan-view]ap-mac 00e0-fcc7-1690 ap-id 1 //绑定AP1的MAC地址,ID为1
[AC-wlan-ap-1]ap-name jsb //AP名称为jsb
[AC-wlan-ap-1]ap-group jsb //隶属于jsb这个组
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y //选择'y'
[AC-wlan-ap-1]quit
[AC-wlan-view]ap-mac 00e0-fcb6-2ff0 ap-id 2 //绑定AP2的MAC地址,ID为2
[AC-wlan-ap-2]ap-name xsb //AP名称为xsb
[AC-wlan-ap-2]ap-group xsb //隶属于xsb这个组
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-2]quit
[AC]wlan
[AC-wlan-view]security-profile name jsb //创建名为'jsb'的密码文件
[AC-wlan-sec-prof-jsb]security wpa2 psk pass-phrase abcd1234 aes //设置密码
[AC-wlan-sec-prof-jsb]quit
[AC-wlan-view]security-profile name xsb //创建名为'xsb'的密码文件
[AC-wlan-sec-prof-xsb]security wpa2 psk pass-phrase 1234abcd aes //设置密码
[AC-wlan-sec-prof-xsb]quit
[AC-wlan-view]ssid-profile name jsb //创建名为jsb的SSID文件
[AC-wlan-ssid-prof-jsb]ssid jsb //设置SSID名称(WIFI名称)为'jsb'
[AC-wlan-ssid-prof-jsb]quit
[AC-wlan-view]ssid-profile name xsb //创建名为xsb的SSID文件
[AC-wlan-ssid-prof-xsb]ssid xsb //设置SSID名称(WIFI名称)为'xsb'
[AC-wlan-ssid-prof-xsb]quit
[AC-wlan-view]vap-profile name jsb //创建名为jsb的VAP模板
[AC-wlan-vap-prof-jsb]service-vlan vlan-pool vlan101 //服务VLAN为vlan101
[AC-wlan-vap-prof-jsb]security-profile jsb //引用前面创建的安全文件
[AC-wlan-vap-prof-jsb]ssid-profile jsb //引用前面创建的SSID文件
[AC-wlan-vap-prof-jsb]quit
[AC-wlan-view]vap-profile name xsb //创建名为xsb的VAP模板
[AC-wlan-vap-prof-xsb]service-vlan vlan-pool vlan102 //服务VLAN为vlan102
[AC-wlan-vap-prof-xsb]security-profile xsb //引用前面创建的安全文件
[AC-wlan-vap-prof-xsb]ssid-profile xsb //引用前面创建的SSID文件
[AC-wlan-vap-prof-xsb]quit
[AC-wlan-view]ap-group name jsb //在名为jsb的组中引用名为jsb的VAP模板,并开启两个信道。
[AC-wlan-ap-group-jsb]vap-profile jsb wlan 1 radio 0
[AC-wlan-ap-group-jsb]vap-profile jsb wlan 1 radio 1
[AC-wlan-ap-group-jsb]quit
[AC-wlan-view]ap-group name xsb
[AC-wlan-ap-group-xsb]vap-profile xsb wlan 1 radio 0
[AC-wlan-ap-group-xsb]vap-profile xsb wlan 1 radio 1
[AC-wlan-ap-group-xsb]quit
在AC上配置完上述操作后,AP便会自动从AC上下载相应文件,并发射无线信号。
添加一个无线接入用户。
选择一个SSID进行连接。
模拟访问外网。
[AC-wlan-ap-group-jsb]vap-profile xsb wlan 2 radio 0
[AC-wlan-ap-group-jsb]vap-profile xsb wlan 2 radio 1
可以看到,此时无线接入用户VAP列表中多了两个xsb的SSID。