eNSP AC+AP简单配置

拓扑图:

 

 

 

配置:

1.路由器配置
dhcp enable
vlan batch 100 101

interface Vlanif101
ip address 10.23.101.2 255.255.255.0

interface Ethernet0/0/1
port link-type access
port default vlan 101

 

2.核心交换机配置
vlan batch 100 101
dhcp enable

interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select global

ip pool 101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.99
dns-list 114.114.114.114

interface GigabitEthernet0/0/1
port link-type access
port default vlan 101

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100


interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100 to 101

 


3.AP_Switch_A交换机配置
vlan batch 100 101

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101


interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

4.AP_Switch_B交换机配置
vlan batch 100 101

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101


interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 01

5.AC配置

sysname AC-Control
dhcp enable
vlan batch 100 101

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100

interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select global

ip pool 100
gateway-list 10.23.100.1
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.2 10.23.100.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

capwap source interface Vlanif 100


[AC] wlan
[AC-wlan-view] ap-group name AP-Group01
[AC-wlan-ap-group-ap-group1] quit

# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。[AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
[AC-wlan-regulate-domain-default] quit
[AC-wlan-view] ap-group name AP-Group01
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit


[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name 60de-4476-e360
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0] ap-group AP-Group01
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit

 

创建名为“entia-safe”的安全模板,并配置安全策略。
wlan
security-profile name entia-safe
security wpa-wpa2 psk pass-phrase 87654321 aes

# 创建名为“entai-ssid”的SSID模板,并配置SSID名称为“entai”
wlan
ssid-profile name entai-ssid
ssid entai

# 创建名为“entia-vap”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
wlan
vap-profile name entai-vap
forward-mode direct-forward
service-vlan vlan-id 101
security-profile entia-safe
ssid-profile entai-ssid

# 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“entia-vap”的配置。
wlan
ap-group name AP-Group01
vap-profile entai-vap wlan 1 radio 0
vap-profile entai-vap wlan 1 radio 1

 

注意:现价段直连AP的交换机-同交换机的终端不能互访

-------------------------------------------------------------------------基于上面配置业务VLAN用pool ,因二层交换机不能做vlan pool 所以把dhcp服务全部放到AC上

1.AC配置增加及修改

vlan batch 100 to 101 120

interface Vlanif120
ip address 10.23.120.1 255.255.255.0
dhcp select global
ip pool 120
gateway-list 10.23.120.1
network 10.23.120.0 mask 255.255.255.0
excluded-ip-address 10.23.120.2 10.23.120.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select global
ip pool 101
gateway-list 10.23.101.1
network 10.23.101.0 mask 255.255.255.0
excluded-ip-address 10.23.101.2 10.23.101.99
lease day 0 hour 8 minute 0
dns-list 202.96.128.86

新建pool把要所在业务vlan加入

 

vlan pool  Business-Pool  

vlan  101 120

修改端口vlan 通过

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

无线配置  

修改为地址池下发地址:default:hash算法

wlan

vap-profile name niuentia-vap
service-vlan vlan-pool Business-Pool

 

2.修改二层汇聚交的机(Switch)

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

3.修改ap接入层交换机(AP_Switch_A   or  AP_Switch_B)

interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101 120

interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
port-isolate enable group 1
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101 120
port-isolate enable group 1

 

posted @ 2022-11-06 18:29  冬日的温暖  阅读(3888)  评论(0编辑  收藏  举报