一、 二层AP组网 1.拓扑
2.实验配置
AC基础配置,主要配置管理vlan的IP地址,及DHCP服务,因为这里是二层组网,所以不需要配置Option43,(关于option解释《H3CWLAN》p85) Dhcp enable Interface vlanif 1
Ip address 192.168.0.1 24
Dhcp select interface 使能采用基于接口的DHCP server功能 Wlan
Wlan ac source interface vlanif 1 配置AC与AP建立CAPWAP隧道的源接口
3.各种查看
dis ip pool interface Vlanif1 查看接口DHCP,已经分配出三个地址
Dis ap all 默认华为使用MAC地址对AP的上线做认证,如果这里看不到,那么dis arp all可以看到AP的MAC地址
dis unauthorized-ap record 查看未通过认证的AP
通过命令确认AP上线,见证奇迹的时候 WLAN
Ap-confirm all 用来确认认证未通过的AP
4.补充
如果已经知道AP的MAC地址和型号(SN号是可选的),也可以通过以下命令AP上线 wlan
wlan ac source interface vlanif1
ap id 0 type-id 19 mac 00e0-fc49-2850 sn 210235448310BB367513 ap id 1 type-id 19 mac 00e0-fc8a-3ce0 sn 2102354483106515A47C ap id 2 type-id 19 mac 00e0-fc09-1660 sn 210235448310E1467E2F
重启一下AP,抓取CAPWAP交互报文 [AC6605-wlan-view]ap-reset id 1
Warning: Reset AP! Continue? [Y/N]y Info: Reset AP completely.
二、 三层组播AP上线 1.拓扑
2.相关配置 AC
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10 20 30 ip route-static 0.0.0.0 0.0.0.0 192.168.30.1
==================================== SW1
interface Vlanif10
ip address 192.168.10.1 255.255.255.0 interface Vlanif20
ip address 192.168.20.1 255.255.255.0 interface Vlanif30
ip address 192.168.30.1 255.255.255.0 interface GigabitEthernet0/0/1
port link-type access port default vlan 10 stp edged-port enable
interface GigabitEthernet0/0/2 port link-type access port default vlan 10 stp edged-port enable
interface GigabitEthernet0/0/3 port link-type access port default vlan 20 stp edged-port enable
interface GigabitEthernet0/0/4 port link-type access port default vlan 20 stp edged-port enable
interface GigabitEthernet0/0/5 port link-type trunk
port trunk allow-pass vlan 10 20 30
配置AP上线 wlan
wlan ac source interface vlanif30 ap-auth-mode no-auth
配置交换机的DHCP选项 interface Vlanif10
ip address 192.168.10.1 255.255.255.0 dhcp select interface
dhcp server option 43 sub-option 3 ascii 192.168.30.2 #
interface Vlanif20
ip address 192.168.20.1 255.255.255.0 dhcp select interface
dhcp server option 43 sub-option 3 ascii 192.168.30.2配置设备为AP指定AC的IP地址
如果AP无法正常上线需手工配置
ap id 0 type-id 19 mac 00e0-fc49-2850 sn 210235448310BB367513 ap id 1 type-id 19 mac 00e0-fc8a-3ce0 sn 2102354483106515A47C ap id 2 type-id 19 mac 00e0-fc09-1660 sn 210235448310E1467E2F ap id 3 type-id 19 mac 00e0-fcd1-4090 sn 210235448310C80E810B
三、AC+AP步骤详解
1.基本配置AP上线
vlan batch 100 to 103 200 分别创建管理vlan,业务vlan #
dhcp enable 开启全局DHCP
# interface Vlanif100
ip address 10.1.100.1 255.255.255.0 AC连接AP的管理vlan,AP通过其获取IP dhcp select interface #
interface Vlanif101
ip address 10.1.101.1 255.255.255.0 业务vlan101 dhcp select interface
dhcp server dns-list 8.8.8.8 #
interface Vlanif102
ip address 10.1.102.1 255.255.255.0 业务vlan102 dhcp select interface
dhcp server dns-list 8.8.8.8 #
interface Vlanif103
ip address 10.1.103.1 255.255.255.0 Guestvlan103 dhcp select interface
dhcp server dns-list 8.8.8.8 #
interface GigabitEthernet0/0/1 上行接口 port link-type access port default vlan 200 #
interface GigabitEthernet0/0/2 业务接口连接AP,Pvid必须为管理vlan,否则AP获取不到地址 port link-type trunk port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 103 # wlan
wlan ac source interface vlanif100 ap-auth-mode sn-auth
ap id 0 type-id 19 sn 2102354483101D0E1137
说明:定义了 AC 的源地址为 VLAN 100,该地址是与 AP 进行建立 CAPWAP 隧道的,启用了 AP认证功能,使用序列号, 然后在 AP 定义了一个 ID 为 0,然后 AP 类型为 19,序列号为那个。其中 type-id 是可以查看的, SN 则在 AP 上面查看。