AC旁挂组网

一、设备清单：

1、AR2240C--用作出局

2、S5720-28TP-PWR-LI-AC--接入交换机

3、AC6507S——无线控制器

4、AP4050DE-B-S——无线AP×8

二、根据现有设备组网

1、思路：

1）、创建管理vlan100，IP：192.168.100.0/24

         无线业务vlan101，IP：192.168.101.0/24

         有线终端vlan102，IP：192.168.102.0/24

         交换机启用三层路由，vlan103，IP：192.168.103.1/30 

2）、AC1与SW1使用Eth-trunk技术，增加带宽，灾备；

3）、旁挂组网，无线终端上网流量直接转发，不经过AC；

缺点：用户上网流量不能通过AC监测；

优点：a、旁挂组网方便日后变更

           b、流量直接转发减小AP负载

4）、终端网关配置在接入交换机上，全局开启DHCP，地址从接口拿取。

2、模拟器下搭建测试环境——拓扑图

三、配置

SW_1:

system-view

sysname SW_1

lldp enable

dhcp enable

vlan batch 100 101 102 103

port-group group-member Gi 0/0/1 to Gi 0/0/8 

port link-type trunk 

port trunk pvid vlan 100 

port trunk allow-pass vlan 100 101

undo port trunk allow-pass vlan 1

quit

interface     Eth-trunk 1

trunkport Gi 0/0/9 to 0/0/10

port link-type access 

port default vlan 100

interface vlanif 100

description Wireless_management

ip address 192.168.100.254 24

dhcp select interface 

dhcp server option 43 ip-address  192.168.100.253 

dhcp server excluded-ip-address 192.168.100.253

dhcp server lease  day 0 hour 8

interface vlanif 101

description Wireless_host

ip address 192.168.101.254 24

dhcp select interface 

dhcp server  dns-list 114.114.114.114 8.8.8.8

dhcp server lease day 0 hour 8

interface vlanif 102

description Wired_host

ip address 192.168.102.254 24

dhcp select interface

dhcp server lease day 0 hour 8

interface XGi 0/0/1 (模拟器 Gi 0/0/24)

port link-type access

port default vlan 103

interface vlanif 103

ip address 192.168.103.1 30

quit

ip route-static 0.0.0.0 0 192.168.103.2 

^Z

sava 

AC_1:

system-view

sysname AC_1

lldp enable

vlan 100

quit

interface Eth-trunk 1

trunkport Gi 0/0/1 to 0/0/2

port link-type access 

port default vlan 100

interface vlanif  100

ip address 192.168.100.253 24

quit

capwap source interface vlanif 100

wlan

regulatory-domain-profile name China

country-code cn

quit

ssid-profile name Test 

ssid Huawei 

quit

security-profile name Test

security wpa-wpa2  psk  pass-phrase  [email protected] aes

quit 

vap-profile name Test

service-vlan vlan-id 101

ssid-profile Test

security-profile Test

forward-mode direct-forward

quit 

ap-group name Huawei

vap-profile Test wlan 1 radio all

regulatory-domain-profile China 

Y

quit

ap auth-mode mac-auth

ap-id 0 ap-mac 00e0-fc1d-3b20

ap-name AP_0

ap-group Huawei

Y

ap-id 1 ap-mac 00e0-fcaf-7290

ap-name AP_1

ap-group Huawei

Y

ap-id 2 ap-mac 00e0-fc3f-7e40

ap-name AP_2

ap-group Huawei

Y

ap-id 3 ap-mac 00e0-fc39-35f0

ap-name AP_3

ap-group Huawei

Y

ap-id 4 ap-mac xxxx_xxxx_xxxx

ap-name AP_4

ap-group Huawei

ap-id 5 ap-mac xxxx_xxxx_xxxx

ap-name AP_5

ap-group Huawei

ap-id 6 ap-mac xxxx_xxxx_xxxx

ap-name AP_6

ap-group Huawei

ap-id 7 ap-mac xxxx_xxxx_xxxx

ap-name AP_7

ap-group Huawei

^Z

sava

R_1:

system-view

sysname  R_1

acl 2000

rule 10 permit source 192.168.101.0 0.0.0.255

rule 20 permit source 192.168.102.0 0.0.0.255

quit

ip route-static 192.168.101.0 24 192.168.103.1 

ip route-static 192.168.102.0 24 192.168.103.1

ip route-static 0.0.0.0  0 100.1.1.2 

interface Gi 0/0/0

ip address 192.168.103.2 30

interface Gi 0/0/1

ip address 100.1.1.1 29

nat outbound 2000

^Z

sava

四、网络连通性验证