06： IPv6协议解析、IPv6静态路由配置、IPv6动态路由之OSPFv3配置、无线局域网介绍、WLAN组网架构、配置AP获取IP地址 - CASE - 《网络运维与安全》

1 配置 AP 获取 IP 地址
2 实现 AP 自动注册
3 配置 WLAN 业务参数

配置 AP 获取 IP 地址
实现 AP 自动注册
配置 WLAN 业务参数

1 配置 AP 获取 IP 地址

1.1 需求

1）企业的 “无线网络” 改造，使用 “旁挂式” 组网，确保可扩展性
2）无线控制器（AC）连接在核心交换机上，属于 VLAN 200
3）AP 连接在汇聚层交换机上，AP 的管理 IP 地址属于 VLAN 100
4）企业内网中存在 4 个 VLAN，分别服务于内网员工和外部人员
5）AP 的网关以及所有无线用户的终端的网关，都配置在核心交换机
6）AP 和无线用户终端的 IP 地址都是通过 DHCP 的方式获得
7）最终确保连接到不同 AP 的无线终端之间可以互通

1.2 方案

搭建实验环境，如图 - 1 所示。

CASE - 图1

图 - 1

1.3 步骤

实现此案例需要按照如下步骤进行。

1）配置 SW1

1.  \[SW1\]vlan 100
2.  \[SW1-vlan100\]quit
4.  \[SW1\]port-group group-member gi0/0/1 to gi0/0/4
5.  \[SW1-port-group\]port link-type trunk
6.  \[SW1-port-group\]port trunk allow-pass vlan all
7.  \[SW1-port-group\]port trunk pvid vlan 100
8.  \[SW1-port-group\]quit
10.  \[SW1\]interface gi0/0/12
11.  \[SW1-GigabitEthernet0/0/12\]port link-type trunk
12.  \[SW1-GigabitEthernet0/0/12\]port trunk allow-pass vlan all 
13.  \[SW1-GigabitEthernet0/0/12\]quit

2）配置 DHCP 中继（SW2）


1.  \[SW2\]vlan batch  100 210
3.  \[SW2\]interface gi0/0/12
4.  \[SW2-GigabitEthernet0/0/12\]port link-type trunk
5.  \[SW2-GigabitEthernet0/0/12\]port trunk allow-pass vlan all 
6.  \[SW2-GigabitEthernet0/0/12\]quit
8.  \[SW2\]interface GigabitEthernet 0/0/11
9.  \[SW2-GigabitEthernet0/0/11\]port link-type access
10.  \[SW2-GigabitEthernet0/0/11\]port default vlan 210
11.  \[SW2-GigabitEthernet0/0/11\]quit
13.  \[SW2\]dhcp enable
15.  \[SW2\]interface Vlanif 100    
16.  \[SW2-Vlanif100\]ip address 192.168.100.254 24
17.  \[SW2-Vlanif100\]dhcp select relay 
18.  \[SW2-Vlanif100\]dhcp relay server-ip 192.168.210.1
19.  \[SW2-Vlanif100\]quit
21.  \[SW2\]interface Vlanif 210    
22.  \[SW2-Vlanif210\]ip address 192.168.210.254 24
23.  \[SW2-Vlanif210\]quit

3）配置 DHCP 服务器

1.  \[DHCP\]dhcp enable
3.  \[DHCP\]ip pool VLAN100
4.  \[DHCP-ip-pool-VLAN100\]network 192.168.100.0 mask 24
5.  \[DHCP-ip-pool-VLAN100\]gateway-list 192.168.100.254
6.  \[DHCP-ip-pool-VLAN100\]quit 
8.  \[DHCP\]interface GigabitEthernet 0/0/1
9.  \[DHCP-GigabitEthernet0/0/1\]ip address 192.168.210.1 24
10.  \[DHCP-GigabitEthernet0/0/1\]dhcp  select global
11.  \[DHCP-GigabitEthernet0/0/1\]quit
13.  \[DHCP\]ip route-static  192.168.0.0 16 192.168.210.254

2 实现 AP 自动注册

2.1 需求

1）企业内网的大量 AP 已经通过 DHCP 的方式获得 IP 地址

2）为了实现后期大量 AP 的统一管理，希望通过 AC 实现集中控制

3）在 AC 设备上，为了便于设备管理，按照统一的命名格式

2.2 方案

搭建实验环境，如图 - 2 所示。

CASE - 图2

图 - 2

2.3 步骤

实现此案例需要按照如下步骤进行。

1）配置 DHCP 服务器，为 AP 分配 AC 服务器的 IP 地址

1.  \[DHCP\]ip pool VLAN100    
2.  \[DHCP-ip-pool-VLAN100\]option 43 sub-option  3 ascii 192.168.200.1
3.  \[DHCP-ip-pool-VLAN100\]quit

2）配置网关，实现 AC 和 AP 互通

1.  \[SW2\]vlan 100
2.  \[SW2-vlan100\]quit
4.  \[SW2\]interface GigabitEthernet 0/0/10
5.  \[SW2-GigabitEthernet0/0/10\]port link-type access
6.  \[SW2-GigabitEthernet0/0/10\]port default vlan  200
7.  \[SW2-GigabitEthernet0/0/10\]quit
9.  \[SW2\]interface Vlanif 200
10.  \[SW2-Vlanif200\]ip address 192.168.200.254 24
11.  \[SW2-Vlanif200\]quit
13.  \[AC6605\]vlan 200
14.  \[AC6605-vlan200\]quit
16.  \[AC6605\]interface GigabitEthernet 0/0/10    
17.  \[AC6605-GigabitEthernet0/0/10\]port link-type access    
18.  \[AC6605-GigabitEthernet0/0/10\]port default vlan 200
19.  \[AC6605-GigabitEthernet0/0/10\]quit
21.  \[AC6605\]interface Vlanif 200
22.  \[AC6605-Vlanif200\]ip address 192.168.200.1 24
23.  \[AC6605-Vlanif200\]quit
25.  \[AC6605\]ip route-static 0.0.0.0 0 192.168.200.254

3）配置 AC，离线导入 AP，实现 AP 注册


1.  \[AC6605\]wlan
3.  \[AC6605-wlan-view\]ap-group name wailai
4.  \[AC6605-wlan-ap-group-wailai\]quit
6.  \[AC6605-wlan-view\]ap-group name neibu
7.  \[AC6605-wlan-ap-group-neibu\]quit
9.  \[AC6605-wlan-view\]regulatory-domain-profile name China
10.  \[AC6605-wlan-regulate-domain-China\]country-code CN 
11.  \[AC6605-wlan-regulate-domain-China\]quit
13.  \[AC6605-wlan-view\]ap-group name wailai
14.  \[AC6605-wlan-ap-group-wailai\]regulatory-domain-profile China
15.  Warning: Modifying the country code will clear channel, power and antenna gain c
16.  onfigurations of the radio and reset the AP. Continue?\[Y/N\]:y
17.  \[AC6605-wlan-ap-group-wailai\]quit
19.  \[AC6605-wlan-view\]ap-group name neibu
20.  \[AC6605-wlan-ap-group-neibu\]regulatory-domain-profile China
21.  Warning: Modifying the country code will clear channel, power and antenna gain c
22.  onfigurations of the radio and reset the AP. Continue?\[Y/N\]:y
23.  \[AC6605-wlan-ap-group-neibu\]quit
25.  \[AC6605-wlan-view\]ap auth-mode mac-auth 
26.  \[AC6605-wlan-view\]ap-id 1 ap-mac 00e0-fc9d-1580
27.  \[AC6605-wlan-ap-1\]ap-name wailai-1
28.  \[AC6605-wlan-ap-1\]ap-group wailai
29.  Warning: This operation may cause AP reset. If the country code changes, it will
30.   clear channel, power and antenna gain configurations of the radio, Whether to c
31.  ontinue? \[Y/N\]:y
32.  \[AC6605-wlan-ap-1\]quit
34.  \[AC6605-wlan-view\]ap-id 2 ap-mac 00e0-fc60-4c70
35.  \[AC6605-wlan-ap-2\]ap-name wailai-2
36.  \[AC6605-wlan-ap-2\]ap-group wailai
37.  Warning: This operation may cause AP reset. If the country code changes, it will
38.   clear channel, power and antenna gain configurations of the radio, Whether to c
39.  ontinue? \[Y/N\]:y
40.  \[AC6605-wlan-ap-2\]quit
42.  \[AC6605-wlan-view\]ap-id 3 ap-mac 00e0-fc56-6320
43.  \[AC6605-wlan-ap-3\]ap-name neibu-1
44.  \[AC6605-wlan-ap-3\]ap-group neibu
45.  Warning: This operation may cause AP reset. If the country code changes, it will
46.   clear channel, power and antenna gain configurations of the radio, Whether to c
47.  ontinue? \[Y/N\]:y
48.  \[AC6605-wlan-ap-3\]quit
50.  \[AC6605-wlan-view\]ap-id 4 ap-mac 00e0-fc4e-2fd0
51.  \[AC6605-wlan-ap-4\]ap-name neibu-2
52.  \[AC6605-wlan-ap-4\]ap-group neibu
53.  Warning: This operation may cause AP reset. If the country code changes, it will
54.   clear channel, power and antenna gain configurations of the radio, Whether to c
55.  ontinue? \[Y/N\]:y
56.  \[AC6605-wlan-ap-4\]quit
58.  \[AC6605\]capwap source interface Vlanif 200

3 配置 WLAN 业务参数

3.1 需求

1）基于分配好的 IP 方案，为不同的无线终端，动态分配 IP 地址

2）配置 AC，为不同的 AP 下发不同的配置，确保可以发射无线信号

3）实现不同的 “无线终端” 可以成功连接 AP ，并成功获得 IP 地址

4）实现不同的 “无线终端” 之间的互通

3.2 方案

搭建实验环境，如图 - 3 所示。

CASE - 图3

图 - 3

3.3 步骤

实现此案例需要按照如下步骤进行。

1）配置 AC 上的相关业务参数


1.  \[AC6605\]vlan pool wailai
2.  \[AC6605-vlan-pool-wailai\]vlan 101 102
3.  \[AC6605-vlan-pool-wailai\]quit
5.  \[AC6605\]vlan pool neibu
6.  \[AC6605-vlan-pool-neibu\]vlan 103 104
7.  \[AC6605-vlan-pool-neibu\]quit
9.  \[AC6605\]wlan
10.  \[AC6605-wlan-view\]security-profile name wailai
11.  \[AC6605-wlan-sec-prof-wailai\]security wpa2 psk pass-phrase a123456789 aes
12.  \[AC6605-wlan-sec-prof-wailai\]quit
14.  \[AC6605-wlan-view\]security-profile name neibu
15.  \[AC6605-wlan-sec-prof-neibu\]security wpa2 psk pass-phrase b123456789 aes
16.  \[AC6605-wlan-sec-prof-neibu\]quit
18.  \[AC6605-wlan-view\]ssid-profile name wailai
19.  \[AC6605-wlan-ssid-prof-wailai\]ssid wailai
20.  \[AC6605-wlan-ssid-prof-wailai\]quit
22.  \[AC6605-wlan-view\]ssid-profile name neibu
23.  \[AC6605-wlan-ssid-prof-neibu\]ssid neibu
24.  \[AC6605-wlan-ssid-prof-neibu\]quit
25.  \[AC6605-wlan-view\]quit
27.  \[AC6605-wlan-view\]vap-profile name wailai
28.  \[AC6605-wlan-vap-prof-wailai\]security-profile wailai
29.  \[AC6605-wlan-vap-prof-wailai\]ssid-profile wailai
30.  \[AC6605-wlan-vap-prof-wailai\]service-vlan vlan-pool wailai
31.  \[AC6605-wlan-vap-prof-wailai\]quit
33.  \[AC6605-wlan-view\]vap-profile name neibu
34.  \[AC6605-wlan-vap-prof-neibu\]security-profile neibu
35.  \[AC6605-wlan-vap-prof-neibu\]ssid-profile neibu
36.  \[AC6605-wlan-vap-prof-neibu\]service-vlan vlan-pool neibu
37.  \[AC6605-wlan-vap-prof-neibu\]quit
39.  \[AC6605-wlan-view\]ap-group name wailai
40.  \[AC6605-wlan-ap-group-wailai\]vap-profile wailai wlan 1 radio 0
41.  \[AC6605-wlan-ap-group-wailai\]vap-profile wailai wlan 1 radio 1
42.  \[AC6605-wlan-ap-group-wailai\]quit
44.  \[AC6605-wlan-view\]ap-group name neibu
45.  \[AC6605-wlan-ap-group-neibu\]vap-profile neibu wlan 1 radio 0
46.  \[AC6605-wlan-ap-group-neibu\]vap-profile neibu wlan 1 radio 1
47.  \[AC6605-wlan-ap-group-neibu\]quit
48.  \[AC6605-wlan-view\]quit

2）配置 DHCP 服务器，为无线终端用户分配 IP 地址


1.  \[DHCP\]ip pool VLAN101
2.  \[DHCP-ip-pool-VLAN101\]network  192.168.101.0 mask 24
3.  \[DHCP-ip-pool-VLAN101\]gateway-list  192.168.101.254
4.  \[DHCP-ip-pool-VLAN101\]dns-list 8.8.8.8
5.  \[DHCP-ip-pool-VLAN101\]quit
7.  \[DHCP\]ip pool VLAN102
8.  \[DHCP-ip-pool-VLAN102\]network  192.168.102.0 mask 24
9.  \[DHCP-ip-pool-VLAN102\]gateway-list  192.168.102.254
10.  \[DHCP-ip-pool-VLAN102\]dns-list 8.8.8.8
11.  \[DHCP-ip-pool-VLAN102\]quit
13.  \[DHCP\]ip pool VLAN103
14.  \[DHCP-ip-pool-VLAN103\]network  192.168.103.0 mask 24
15.  \[DHCP-ip-pool-VLAN103\]gateway-list  192.168.103.254
16.  \[DHCP-ip-pool-VLAN103\]dns-list 8.8.8.8
17.  \[DHCP-ip-pool-VLAN103\]quit
19.  \[DHCP\]ip pool VLAN104
20.  \[DHCP-ip-pool-VLAN104\]network  192.168.104.0 mask 24
21.  \[DHCP-ip-pool-VLAN104\]gateway-list  192.168.104.254
22.  \[DHCP-ip-pool-VLAN104\]dns-list 8.8.8.8
23.  \[DHCP-ip-pool-VLAN104\]quit

3）配置 DHCP 中继（SW2）


1.  \[SW2\]vlan batch  101 102 103 104
3.  \[SW2\]interface Vlanif  101
4.  \[SW2-Vlanif101\]ip address 192.168.101.254 24
5.  \[SW2-Vlanif101\]dhcp select relay 
6.  \[SW2-Vlanif101\]dhcp relay  server-ip 192.168.210.1
7.  \[SW2-Vlanif101\]quit
9.  \[SW2\]interface Vlanif  102
10.  \[SW2-Vlanif102\]ip address 192.168.102.254 24
11.  \[SW2-Vlanif102\]dhcp select relay 
12.  \[SW2-Vlanif102\]dhcp relay  server-ip 192.168.210.1
13.  \[SW2-Vlanif102\]quit
15.  \[SW2\]interface Vlanif  103
16.  \[SW2-Vlanif103\]ip address 192.168.103.254 24
17.  \[SW2-Vlanif103\]dhcp select relay 
18.  \[SW2-Vlanif103\]dhcp relay  server-ip 192.168.210.1
19.  \[SW2-Vlanif103\]quit
21.  \[SW2\]interface Vlanif  104
22.  \[SW2-Vlanif104\]ip address 192.168.104.254 24
23.  \[SW2-Vlanif104\]dhcp select relay 
24.  \[SW2-Vlanif104\]dhcp relay  server-ip 192.168.210.1
25.  \[SW2-Vlanif104\]quit

4）配置 SW1，确保无线终端可以通过 SW1 与网关（SW2）互通


1.  \[SW1\]vlan batch  101 102 103 104

https://tts.tmooc.cn/ttsPage/NTD/NTDTN202109/TCNE/DAY06/CASE/01/index.html