【华为】AC直连二层组网隧道转发实验配置

news/2024/5/20 19:22:33

【华为】AC直连二层组网隧道转发实验配置

实验需求
拓扑
- 配置
- - AC数据规划表
- AC的配置顺序
- - AC1
  - - 基本配置(二层通信)
    - AP上线
    - VAP组关联--WLAN业务流量
  - LSW1
  - AR1
  - STA获取AP的业务流量
配置文档

在这里插入图片描述

实验需求

AC组网方式：直连二层组网。
业务数据转发方式：隧道转发。
DHCP部署方式：AC作为DHCP服务器为AP和STA分配IP地址。

AP管理：VLAN 100，网段为192.168.100.0/24。
网关为AC上的VLANIF100接口IP。

无线业务：VLAN 110，SSID为baixi，密码为baixi123，网段为192.168.110.0/24。
网关为AC上的VLANIF110接口IP。

AC与AP建立管理隧道的源接口：AC上的VLANIF100。

AC与出口网关三层互联的接口：VLANIF10，网段为192.168.10.0/24。

拓扑

在这里插入图片描述

配置

AC数据规划表

在这里插入图片描述

AC的配置顺序

① AP上线

实现二层通信
为业务VLAN 110 配置DHCP
创建管理域“domain”
创建AP组“ap1”，并引用管理域“domain”
配置与AP建立CAPWAP隧道的源接口
配置AP认证模式

② 业务流量上线

创建安全模板“test”
创建SSID模板“test_ssid”
创建VAP模板“test_vap”，关联安全模板“test”和SSID模板“test_ssid”
进入AP组，引用VAP模板“test_vap”

AC1

基本配置(二层通信)

<AC6005>system-view 
Enter system view, return user view with Ctrl+Z.	
[AC6005]sysname AC1[AC1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.[AC1]vlan batch 10 100 110
Info: This operation may take a few seconds. Please wait for a moment...done.## 在接口vlanif100，配置接口DHCP，为AP分配IP
[AC1]int vlan 100 
[AC1-Vlanif100]ip address 192.168.100.254 24
[AC1-Vlanif100]dhcp select interface            ## 启用接口地址池方式的DHCP，网关为vlanif100的接口地址
[AC1-Vlanif100]dhcp server dns-list 8.8.8.8     ## 下发的dns
[AC1-Vlanif100]qu## 在接口vlanif110，配置接口DHCP，为STA分配IP
[AC1]int vlan 110 	
[AC1-Vlanif110]ip address 192.168.110.254 24
[AC1-Vlanif110]dhcp select interface
[AC1-Vlanif110]dhcp server dns-list 8.8.8.8
[AC1-Vlanif110]qu[AC1]int g0/0/2
[AC1-GigabitEthernet0/0/2]port link-type trunk 
[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[AC1-GigabitEthernet0/0/2]quit## 配置接口为access，与路由器进行三层通信
[AC1]interface GigabitEthernet0/0/1
[AC1-GigabitEthernet0/0/1]port link-type access
[AC1-GigabitEthernet0/0/1]port default vlan 10
[AC1-GigabitEthernet0/0/1]qu## 配置SVI接口
[AC1]int vlan10
[AC1-Vlanif10]ip address 192.168.10.1 255.255.255.0
[AC1-Vlanif10]quit

AP上线

## 创建域管理模版
[AC1]wlan
[AC1-wlan-view]regulatory-domain-profile name domain       ## 创建管理域名为domain
[AC1-wlan-regulate-domain-domain]country-code CN           ## 设置国家码为中国（CN）
Info: The current country code is same with the input country code.   ## 华为AC默认国家码为中国CN
[AC1-wlan-regulate-domain-domain]quit## 创建AP组关联模板
[AC1-wlan-view]ap-group name ap1                                ## 创建AP组名为AP1
Info: This operation may take a few seconds. Please wait for a moment.done.    ##创建成功
[AC1-wlan-ap-group-ap1]regulatory-domain-profile domain         ## 绑定管理域 domain
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y   ## 是否重启AP yes
[AC1-wlan-ap-group-ap1]quit## 指定与AP建立CAPWAP隧道的源接口
[AC1]capwap source interface vlan 100## AP上线
[AC1]wlan 
[AC1-wlan-view]ap auth-mode mac-auth           ## 设置AP认证模式为mac认证
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc9e-6090   ## 设置AP编号为1，mac地址为00e0-fc9e-6090
[AC1-wlan-ap-1]ap-name ap1                     ## 设置ap名字为ap1
[AC1-wlan-ap-1]ap-group ap1                    ## 关联ap组 ap1查看AP的MAC地址
<Huawei>display int g0/0/0GigabitEthernet0/0/0 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, AP Series, GigabitEthernet0/0/0 Interface
Switch Port, PVID :    1, TPID : 8100(Hex), The Maximum Frame Length is 1800
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcd6-1c90

在这里插入图片描述

VAP组关联–WLAN业务流量

## 安全模板
[AC1]wlan 
[AC1-wlan-view]security-profile name test	          ## 创建名为“test”的安全模板
[AC1-wlan-sec-prof-test]security wpa-wpa2 psk pass-phrase baixi123 aes   ## 设置无线密码，方式为psk认证，密码baixi123，用aes加密
[AC1-wlan-sec-prof-test]quit## SSID模板
[AC1-wlan-view]ssid name test_ssid                   ## 创建创SSID模板，名为“test_ssid”
[AC1-wlan-ssid-prof-test_ssid]ssid baixi             ## 设置SSID名为“baixi”
Info: This operation may take a few seconds, please wait.done.    ## 提示而已，正常 
[AC1-wlan-ssid-prof-test_ssid]quit## 创建VAP模板“test_vap”
[AC1-wlan-view]vap name test_vap                    ## 创建VAP模板，名为“test_vap”
[AC1-wlan-vap-prof-test_vap]security-profile test   ## 关联安全模版“test”
Info: This operation may take a few seconds, please wait.done.  ## 提示[AC1-wlan-vap-prof-test_vap]ssid-profile test_ssid  ## 关联SSID模板“test_ssid”
Info: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-test_vap]forward-mode tunnel     ## 指定数据转发方式为隧道转发
Info: This operation may take a few seconds, please wait.done.[AC1-wlan-vap-prof-test_vap]service-vlan vlan-id 110 ## 指定VAP的业务流量
Info: This operation may take a few seconds, please wait.done.
[AC1-wlan-vap-prof-test_vap]quit##配置VAP（引用VAP模板）
[AC1-wlan-view]ap-group name ap1                                   ##进入 ap组“ap1” 
[AC1-wlan-ap-group-ap1]vap-profile test_vap wlan 1 radio all       ## 关联vap模板“test_vap”，wlan编号为1，射频为all（0，1,2）
Info: This operation may take a few seconds, please wait...done.

LSW1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn LSW1[LSW1]vlan batch 100 110
Info: This operation may take a few seconds. Please wait for a moment...done.[LSW1]undo info-center enable 
Info: Information center is disabled.[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk 	
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 110
[LSW1-GigabitEthernet0/0/1]quit[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 110     ## 放行管理vlan和业务vlan流量
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100               ## 指定接口的缺省VLAN为AP的管理VLAN
[LSW1-GigabitEthernet0/0/2]quit

AR1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1[AR1]int g0/0/0	
[AR1-GigabitEthernet0/0/0]ip address 192.168.10.2 24
[AR1-GigabitEthernet0/0/0]quit[AR1]ip route-static 192.168.110.0 255.255.255.0 192.168.10.1 ## 指向AC

STA获取AP的业务流量

在这里插入图片描述

输入密码
在这里插入图片描述

STA>ipconfig --查看STA获取到的IP

流量能够成功达到AC

配置文档

AP1

#sysname AC1
#
dhcp enable
#
vlan batch 10 100 110
#
interface Vlanif10ip address 192.168.10.1 255.255.255.0
#
interface Vlanif100ip address 192.168.100.254 255.255.255.0dhcp select interfacedhcp server dns-list 8.8.8.8 
#
interface Vlanif110ip address 192.168.110.254 255.255.255.0dhcp select interfacedhcp server dns-list 8.8.8.8 
#
interface GigabitEthernet0/0/1port link-type accessport default vlan 10
#
interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan all
#wlanregulatory-domain-profile name domaincountry-code CN quitap-group name ap1regulatory-domain-profile domain
yesquit
quitcapwap source interface vlanif100wlanap auth-mode mac-auth ap-id 1  ap-mac 00e0-fc9e-6090 ap-name ap1ap-group ap1
yesquitsecurity-profile name testsecurity wpa-wpa2 psk pass-phrase baixi123 aesquitssid-profile name test_ssidssid baixiquitvap-profile name test_vapforward-mode tunnelservice-vlan vlan-id 110ssid-profile test_ssidsecurity-profile testquitap-group name ap1vap-profile test_vap wlan 1 radio all

LSW1

sysn LSW1
#
undo info-center enable
#
vlan batch 100 110
#
interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan all