• H3C AC WLAN配置本地转发(V7)


    Switch作为DHCP服务器为APClient分配IP地址。现要求:在AC上配置本地转发功能,使Client的数据流量不经过AC,直接由AP转发

     1、配置思路:

    为了将APGigabitEthernet1/0/1接口加入本地转发的VLAN 200,需要AC下发map-configuration文件。

    2、配置步骤:

    2.1、apcfg.txt的配置:

    apcfg.txt的内容,要求为文本文件,按照命令行配置的顺序编写文本文件上传至AC即可,ACAP关联后,通过map-configuration命令下发至AP生效。从而完成对AP的配置。

    # apcfg.txt配置文件为:
    system-view
    vlan 200
    quit
    interface GigabitEthernet 1/0/1
    port link-type trunk
    port trunk permit vlan 200
    

     2.2、配置AC

    ①配置AC的接口:

    创建VLAN 100及其对应的VLAN接口,并为该接口配置IP地址。AP将获取该IP地址与AC建立CAPWAP隧道。

    system-view
    [AC] vlan 100
    [AC-vlan100] quit
    [AC] interface vlan-interface 100
    [AC-Vlan-interface100] ip address 192.1.1.1 16
    [AC-Vlan-interface100] quit
    

     ②配置无线服务:

    创建无线服务模板1,并进入无线服务模板视图。

    [AC] wlan service-template 1
    

     配置SSIDservice

    [AC-wlan-st-1] ssid service
    

     配置本地转发模式,开启VLAN 200的本地转发功能。

    [AC-wlan-st-1] client forwarding-location ap vlan 200
    

     开启无线服务模板。

    [AC-wlan-st-1] service-template enable
    [AC-wlan-st-1] quit
    

     ③配置AP

    创建手工AP,名称为officeap,型号名称为WA4320i-ACN

    [AC] wlan ap officeap model WA4320i-ACN
    

     设置AP序列号为219801A0T78159E09083

    [AC-wlan-ap-officeap] serial-id 219801A0T78159E09083
    

     进入APRadio 2视图,并将无线服务模板1绑定到Radio 2上。

    [AC-wlan-ap-officeap] radio 2
    [AC-wlan-ap-officeap-radio-2] service-template 1 vlan 200
    

     开启Radio 2的射频功能。

    [AC-wlan-ap-officeap-radio-2] radio enable
    [AC-wlan-ap-officeap-radio-2] quit
    

     ④配置AP的配置文件

    AC上将配置文件apcfg.txt下发到AP

    [AC-wlan-ap-officeap] map-configuration apcfg.txt
    [AC-wlan-ap-officeap] quit
    

     2.3、交换机配置

    ①配置交换机接口

    创建VLAN 100VLAN 200及其对应接口,并为该接口配置IP地址,其中VLAN 100用于转发ACAPCAPWAP隧道内的流量VLAN 200用于转发Client无线报文

    system-view
    [Switch] vlan 100
    [Switch-vlan100] quit
    [Switch] interface vlan-interface 100
    [Switch-Vlan-interface100] ip address 192.1.1.2 16
    [Switch-Vlan-interface100] quit
    [Switch] vlan 200
    [Switch-vlan200] quit
    [Switch] interface vlan-interface 200
    [Switch-Vlan-interface200] ip address 192.2.1.2 24
    [Switch-Vlan-interface200] quit
    

     配置SwitchAC相连的接口GigabitEthernet1/0/1Trunk类型,禁止VLAN 1报文通过,当前Trunk口的PVID100

    [Switch] interface GigabitEthernet 1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type trunk
    [Switch-GigabitEthernet1/0/1] undo port trunk permit vlan 1
    [Switch-GigabitEthernet1/0/1] port trunk pvid vlan 100
    [Switch-GigabitEthernet1/0/1] quit
    

     配置SwitchAP相连的接口GigabitEthernet1/0/2Trunk类型,禁止VLAN 1报文通过,允许VLAN 100VLAN 200通过,当前Trunk口的PVID100

    [Switch] interface GigabitEthernet 1/0/2
    [Switch-GigabitEthernet1/0/2] port link-type trunk
    [Switch-GigabitEthernet1/0/2] undo port trunk permit vlan 1
    [Switch-GigabitEthernet1/0/2] port trunk permit vlan 100 200
    [Switch-GigabitEthernet1/0/2] port trunk pvid vlan 100
    

     开启SwitchAP相连的接口GigabitEthernet1/0/2PoE供电功能。

    [Switch-GigabitEthernet1/0/2] poe enable
    [Switch-GigabitEthernet1/0/2] quit
    

     ②配置DHCP服务

    开启DHCP功能。

    [Switch] dhcp enable
    

     创建名为vlan100DHCP地址池,配置地址池动态分配的网段为192.1.0.0/16,网关地址为192.1.1.2,为AP分配IP地址。

    [Switch] dhcp server ip-pool vlan100
    [Switch-dhcp-pool-vlan100] network 192.1.0.0 mask 255.255.0.0
    [Switch-dhcp-pool-vlan100] forbidden-ip 192.1.1.1
    [Switch-dhcp-pool-vlan100] gateway-list 192.1.1.2
    [Switch-dhcp-pool-vlan100] quit
    

     创建名为vlan200DHCP地址池,配置地址池动态分配的网段为192.2.1.0/24,网关地址为192.2.1.2,为Client分配IP地址。

    [Switch] dhcp server ip-pool vlan200
    [Switch-dhcp-pool-vlan200] network 192.2.1.0 mask 255.255.255.0
    [Switch-dhcp-pool-vlan200] forbidden-ip 192.2.1.1
    [Switch-dhcp-pool-vlan200] gateway-list 192.2.1.2
    [Switch-dhcp-pool-vlan200] quit
    

     2.4、验证配置

    # Client1Client2上线获取到地址分别是192.2.1.3192.2.1.4,通过抓包可以发现ICMP报文不需要经过ACAP间的隧道封装,直接转发。

     附:AC的配置:

    #
    Vlan 100
    #
    vlan 200
    #
    wlan service-template 1
     ssid service
     client forwarding-location ap vlan 200
     service-template enable
    #
    interface Vlan-interface100
     ip address 192.1.1.1 255.255.0.0
    #
    wlan ap officeap model WA4320i-ACN
     map-configuration flash:/apcfg.txt
     serial-id 219801A0T78159E09083
     radio 1
     radio 2
      radio enable
      service-template 1 vlan 200
    #
    

     附:交换机配置文件:

    #
     dhcp enable
    #
    vlan 100
    #
    vlan 200
    #
    dhcp server ip-pool vlan100
     gateway-list 192.1.1.2
     network 192.1.0.0 mask 255.255.0.0
     forbidden-ip 192.1.1.1
    #
    dhcp server ip-pool vlan200
    gateway-list 192.2.1.2
     network 192.2.1.0 mask 255.255.255.0
     forbidden-ip 192.2.1.1
    #
    interface Vlan-interface100
     ip address 192.1.1.2 255.255.0.0
    #
    interface Vlan-interface200
     ip address 192.2.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/1
     port link-mode bridge
     port link-type trunk
     undo port trunk permit vlan 1
     port trunk pvid vlan 100
    #
    interface GigabitEthernet1/0/2
     port link-mode bridge
     port link-type trunk
     undo port trunk permit vlan 1
     port trunk permit vlan 100 200
     port trunk pvid vlan 100
    #
    

    注意:

    1. map-configuration文件的命令行后面不要出现Tab或者空格,否则会出现该行配置不成功的情况。
    2. AP的配置需要根据具体AP的型号和序列号进行配置。

    本文源自:https://zhiliao.h3c.com/Theme/details/7284

  • 相关阅读:
    PHP学习—Cookie&Session
    IP组播综合实验
    k8s kubeadm部署高可用集群
    python调用zbbix的api实现批量添加域名监控脚本
    Python调用Harbor api删除私有仓库harbor镜像
    Kubernetes故障排查指南-分析容器退出状态码
    blackbox_exporter+grafana+prometheus监控主机存活,端口存活及网站状态
    k8s中使用ceph-csi在ceph中进行数据持久化
    Jenkins+K8S流水线自动化部署Java程序
    生产环境k8s中使用helm部署prometheus+grafana监控k8s集群中相关node和pod
  • 原文地址:https://www.cnblogs.com/MomentsLee/p/13936720.html
一二三 - 开发者的网上家园