配置WLAN跨VLAN的三层漫游

业务需求

企业用户通过WLAN接入网络,以满足移动办公的基本需求。在覆盖区域内移动发生跨VLAN漫游时,不影响用户的业务使用。

   

组网需求

  • AC组网方式:旁挂三层组网。
  • DHCP部署方式:
    • AC作为DHCP服务器为AP分配IP地址。
    • 汇聚交换机Core作为DHCP服务器为STA分配地址。
  • 业务数据转发方式:直连转发

拓扑图:

数据规划:

配置项

数据

AP管理VLAN

VLAN10、VLAN100

STA业务VLAN

  • area_1:VLAN101
  • area_2:VLAN102

DHCP服务器

AC作为DHCP服务器为AP分配IP地址

汇聚交换机作为STA的DHCP服务器,STA的默认网关为10.23.101.1/24和10.23.102.1/24

AP的IP地址池

10.23.10.2~10.23.10.254/24

STA的IP地址池

  • area_1:10.23.101.2~10.23.101.254/24
  • area_2:10.23.102.2~10.23.102.254/24

AC的源接口IP地址

VLANIF100:10.23.100.1/24

AP组

名称:ap-group1

引用模板:VAP模板wlan-net1、域管理模板default

名称:ap-group2

引用模板:VAP模板wlan-net2、域管理模板default

域管理模板

  • 名称:default
  • 国家码:中国

SSID模板

  • 名称:wlan-net
  • SSID名称:wlan-net

安全模板

  • 名称:wlan-net
  • 安全策略:WPA2+PSK+AES
  • 密码:a1234567

VAP模板

名称:wlan-net1

转发模式:直接转发

业务VLAN:VLAN101

引用模板:SSID模板wlan-net、安全模板wlan-net

名称:wlan-net2

转发模式:直接转发

业务VLAN:VLAN102

引用模板:SSID模板wlan-net、安全模板wlan-net

配置思路:

  1. 配置AP、AC和周边设备之间实现网络互通
  2. 配置AP上线
    1. 创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置
    2. 配置AC的系统参数,包括国家码、AC与AP之间通信的源接口
    3. 配置AP上线的认证方式并离线导入AP,实现AP正常上线
  3. 配置WLAN业务参数,实现STA访问WLAN网络功能

   

操作步骤

  1. 配置周边设备

# 配置接入交换机SWA的G0/0/1接口加入VLAN10和VLAN101、G0/0/2接口加入VLAN10和VLAN102、G0/0/3接口加入VLAN10、VLAN101和VLAN102,G0/0/1和G0/0/2接口缺省VLAN为VLAN10

<Huawei>system-view         

[Huawei]sysname SWA

[SWA]vlan batch 10 101 102        

[SWA]interface GigabitEthernet 0/0/1

[SWA-GigabitEthernet0/0/1]port link-type trunk        

[SWA-GigabitEthernet0/0/1]port trunk pvid vlan 10

[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 101

[SWA-GigabitEthernet0/0/1]port-isolate enable         

[SWA-GigabitEthernet0/0/1]quit        

[SWA]interface GigabitEthernet 0/0/2        

[SWA-GigabitEthernet0/0/2]port link-type trunk         

[SWA-GigabitEthernet0/0/2]port trunk pvid vlan 10

[SWA-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 102

[SWA-GigabitEthernet0/0/2]port-isolate enable

[SWA-GigabitEthernet0/0/2]quit        

[SWA]interface GigabitEthernet 0/0/3        

[SWA-GigabitEthernet0/0/3]port link-type trunk         

[SWA-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 101 102

[SWA-GigabitEthernet0/0/3]quit

# 配置汇聚交换机Core的接口GE0/0/1加入VLAN10、VLAN101和VLAN102,接口GE0/0/2加入VLAN100,接口GE0/0/3设置为access,并加入VLAN200,创建接口VLANIF100,地址为10.23.100.2/24,创建接口VLANIF200,地址为10.23.200.2/24。

<Huawei>system-view        

[Huawei]sysname Core        

[Core]vlan batch 10 100 101 102 200        

[Core]interface GigabitEthernet 0/0/1        

[Core-GigabitEthernet0/0/1]port link-type trunk

[Core-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 101 102

[Core-GigabitEthernet0/0/1]quit        

[Core]interface GigabitEthernet 0/0/2        

[Core-GigabitEthernet0/0/2]port link-type trunk

[Core-GigabitEthernet0/0/2]port trunk allow-pass vlan 100

[Core-GigabitEthernet0/0/2]quit        

[Core]interface GigabitEthernet 0/0/3        

[Core-GigabitEthernet0/0/3]port link-type access         

[Core-GigabitEthernet0/0/3]port default vlan 200

[Core-GigabitEthernet0/0/3]quit        

[Core]interface Vlanif 100

[Core-Vlanif100]ip address 10.23.100.2 24

[Core-Vlanif100]quit        

[Core]interface Vlanif 200        

[Core-Vlanif200]ip address 10.23.200.2 24

[Core-Vlanif200]quit

# 配置Router的接口GE0/0/0IP地址为10.23.200.1/24,并配置10.23.101.010.23.102.0两个网段的路由,下一跳地址为交换机Core的VLANIF200

<Huawei>system-view

[Huawei]sysname Router        

[Router]interface GigabitEthernet 0/0/0        

[Router-GigabitEthernet0/0/0]ip address 10.23.200.1 24

[Router-GigabitEthernet0/0/0]quit.

[Router]ip route-static 10.23.101.0 24 10.23.200.2

[Router]ip route-static 10.23.102.0 24 10.23.200.2

  1. 配置AC与其他网络设备互通

# 配置AC的接口GE0/0/1加入VLAN100,并创建接口VLANIF100。

<AC6005>system-view         

[AC6005]sysname AC1

[AC1]vlan batch 100 101 102        

[AC1]int Vlanif 100        

[AC1-Vlanif100]ip address 10.23.100.1 24

[AC1-Vlanif100]quit

[AC1]interface GigabitEthernet 0/0/1        

[AC1-GigabitEthernet0/0/1]port link-type trunk

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

[AC1-GigabitEthernet0/0/1]quit

# 配置AC到AP的路由,下一跳为SwitchB的VLANIF100。

[AC1]ip route-static 10.23.10.0 24 10.23.100.2

  1. 配置DHCP服务为AP和STA分配IP地址

# 在Core上配置DHCP中继,代理AC分配IP地址。

[Core]dhcp enable

[Core]interface Vlanif 10

[Core-Vlanif10]ip address 10.23.10.1 24        

[Core-Vlanif10]dhcp select relay

[Core-Vlanif10]dhcp relay server-ip 10.23.100.1        

[Core-Vlanif10]quit

# 在SwitchB上创建VLANIF101和VLANIF102接口为STA提供地址,并指定默认网关。

[Core]interface Vlanif 101        

[Core-Vlanif101]ip address 10.23.101.1 24

[Core-Vlanif101]dhcp select interface

[Core-Vlanif101]quit

[Core]interface Vlanif 102        

[Core-Vlanif102]ip address 10.23.102.1 24

[Core-Vlanif102]dhcp select interface

[Core-Vlanif102]quit

# AC上创建全局地址池为AP提供地址。

[AC1]dhcp enable

[AC1]ip pool ap-address

[AC1-ip-pool-ap-address]network 10.23.10.0 mask 24

[AC1-ip-pool-ap-address]gateway-list 10.23.10.1

[AC1-ip-pool-ap-address]option 43 sub-option 3 ascii 10.23.100.1

[AC1-ip-pool-ap-address]quit

[AC1]interface Vlanif 100        

[AC1-Vlanif100]dhcp select global

[AC1-Vlanif100]quit

  1. 配置AP上线

# 创建AP组,用于将相同配置的AP都加入同一AP组中。

[AC1]wlan        

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]quit

[AC1-wlan-view]ap-group name ap-group2

[AC1-wlan-ap-group-ap-group2]quit

# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。

[AC1-wlan-view]regulatory-domain-profile name default

[AC1-wlan-regulate-domain-default]country-code cn

[AC1-wlan-regulate-domain-default]quit        

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile default

Warning: Modifying the country code will clear channel, power and antenna gain c

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC1-wlan-ap-group-ap-group1]quit        

[AC1-wlan-view]ap-group name ap-group2

[AC1-wlan-ap-group-ap-group2]regulatory-domain-profile default

Warning: Modifying the country code will clear channel, power and antenna gain c

onfigurations of the radio and reset the AP. Continue?[Y/N]:y

[AC1-wlan-ap-group-ap-group2]quit

[AC1-wlan-view]quit

# 配置AC的源接口。

[AC1]capwap source interface Vlanif 100

# AC上离线导入AP,并将area_1area_2分别加入AP"ap-group1""ap-group2"中。假设APMAC地址为00E0-FCF1-6080,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为00E0-FCF1-6080AP部署在1号区域,命名此AParea_1

[AC1]wlan        

[AC1-wlan-view]ap auth-mode mac-auth        

[AC1-wlan-view]ap-id 0 ap-mac 00E0-FCF1-6080        

[AC1-wlan-ap-0]ap-name area_1

[AC1-wlan-ap-0]ap-group ap-group1

Warning: This operation may cause AP reset. If the country code changes, it will

clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC1-wlan-ap-0]quit        

[AC1-wlan-view]ap-id 1 ap-mac 00E0-FCD2-4210

[AC1-wlan-ap-1]ap-name area_2        

[AC1-wlan-ap-1]ap-group ap-group2

Warning: This operation may cause AP reset. If the country code changes, it will

clear channel, power and antenna gain configurations of the radio, Whether to c

ontinue? [Y/N]:y

Info: This operation may take a few seconds. Please wait for a moment.. done.

[AC1-wlan-ap-1]quit

# 将AP上电后,当执行命令display ap all查看到AP的"State"字段为"nor"时,表示AP正常上线。

  1. 配置WLAN业务参数

# 创建名为"wlan-net"的安全模板,并配置安全策略。

[AC1-wlan-view]security-profile name wlan-net

[AC1-wlan-sec-prof-wlan-net]security wpa2 psk pass-phrase a1234567 aes

[AC1-wlan-sec-prof-wlan-net]quit

# 创建名为"wlan-net"的SSID模板,并配置SSID名称为"wlan-net"。

[AC1-wlan-view]ssid-profile name wlan-net

[AC1-wlan-ssid-prof-wlan-net]ssid wlan-net

[AC1-wlan-ssid-prof-wlan-net]quit

# 创建名为"wlan-net1"和"wlan-net2"的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。

[AC1-wlan-view]vap-profile name wlan-net1        

[AC1-wlan-vap-prof-wlan-net1]security-profile wlan-net        

[AC1-wlan-vap-prof-wlan-net1]ssid-profile wlan-net        

[AC1-wlan-vap-prof-wlan-net1]service-vlan vlan-id 101

[AC1-wlan-vap-prof-wlan-net1]forward-mode direct-forward

[AC1-wlan-vap-prof-wlan-net1]quit

[AC1-wlan-view]vap-profile name wlan-net2        

[AC1-wlan-vap-prof-wlan-net2]security-profile wlan-net

[AC1-wlan-vap-prof-wlan-net2]ssid-profile wlan-net        

[AC1-wlan-vap-prof-wlan-net2]service-vlan vlan-id 102        

[AC1-wlan-vap-prof-wlan-net2]forward-mode direct-forward

[AC1-wlan-vap-prof-wlan-net2]quit

# 配置AP组引用VAP模板,area_1上射频0和射频1都使用VAP模板"wlan-net1"的配置,area_2上射频0和射频1都使用VAP模板"wlan-net2"的配置。

[AC1-wlan-view]ap-group name ap-group1        

[AC1-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 0        

[AC1-wlan-ap-group-ap-group1]vap-profile wlan-net1 wlan 1 radio 1

[AC1-wlan-ap-group-ap-group1]quit        

[AC1-wlan-view]ap-group name ap-group2        

[AC1-wlan-ap-group-ap-group2]vap-profile wlan-net2 wlan 1 radio 0        

[AC1-wlan-ap-group-ap-group2]vap-profile wlan-net2 wlan 1 radio 1

   

验证配置

STA1在AP1下连接无线网络后获取到IP地址10.23.101.254,将SAT1移动到AP2下,查看IP地址,依然是10.23.101.254,没有变化,说明漫游是成功的

   

posted @   hongliang888  阅读(1567)  评论(0编辑  收藏  举报
相关博文:
·  WLAN下配置VRRP热备份
·  大型WLAN组网部署
·  ICT应用解决方案12-WLAN工作原理
·  WLAN组网(1):二层AC+AP
·  深通协华为网络技术公益培训-2022.12.06-2022.12.24
阅读排行:
· 周边上新:园子的第一款马克杯温暖上架
· 分享 3 个 .NET 开源的文件压缩处理库,助力快速实现文件压缩解压功能!
· Ollama——大语言模型本地部署的极速利器
· DeepSeek如何颠覆传统软件测试?测试工程师会被淘汰吗?
· 使用C#创建一个MCP客户端
点击右上角即可分享
微信分享提示
SQL AI 助手