AC配置
vlan batch 100 to 101
dhcp enable
ip pool ap
gateway-list 192.168.100.254
network 192.168.100.0 mask 255.255.255.0
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select global
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
#配置CAPWAP隧道
capwap source interface vlanif100
wlan
security-profile name HCIA-WLAN
security wpa-wpa2 psk pass-phrase HCIA-Datacom aes
ssid-profile name HCIA-WLAN
ssid HCIA-WLAN
vap-profile name HCIA-WLAN
service-vlan vlan-id 101
ssid-profile HCIA-WLAN
security-profile HCIA-WLAN
ap-group name ap-group1
#vap-profile HCIA-WLAN wlan 1 radio all
#配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“HCIA-WLAN”的配置
radio 0
vap-profile HCIA-WLAN wlan 1
radio 1
vap-profile HCIA-WLAN wlan 1
radio 2
vap-profile HCIA-WLAN wlan 1
ap-id 0 ap-mac 00e0-fcae-5dc0
ap-name ap1
ap-group ap-group1
ap-id 1 ap-mac 00e0-fcaa-7c20
ap-name ap2
ap-group ap-group1
SW1配置
vlan batch 100 to 101
dhcp enable
ip pool sta
gateway-list 192.168.101.254
network 192.168.101.0 mask 255.255.255.0
dns-list 8.8.8.8 114.114.114.114
interface Vlanif101
ip address 192.168.101.254 255.255.255.0
dhcp select global
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101
#配置环回口IP进行测试网络连通性
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
SW2配置
vlan batch 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
SW3配置
vlan batch 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
AP1 MAC?AP2 MAC
STA1
整体架构图
实验结果图
1. 当前组网下,若AC的GigabitEthernet0/0/1不允许VLAN101通过,对STA访问S1会有什么影响?为什么?若采用隧道转 发又是怎样的情况?
答 : 无 影 响 , 采 用 直 接 转 发 , 数 据 不 经 过 AC1 的 GigabitEthernet0/0/1 接 口 。 若 采 用 隧 道 转 发 , 则 需 要 GigabitEthernet0/0/1允许VLAN101通过,否则STA无法访问S1。
2. 如果想让AP1和AP2下接入的STA属于不同的VLAN,在AC上需要做什么样的操作呢?
答:AP1和AP2使用不同的VAP模板,在对应的VAP模板下配置不同的service-VLAN参数