华为旁挂二层组网-直接转发
来源:原创
时间:2024-04-13
作者:脚本小站
分类:网络
R1:
<Huawei>system-view [Huawei]sysname R1 [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.111.1 24 [R1-GigabitEthernet0/0/0]quit [R1]ip route-static 192.168.0.0 16 192.168.111.2
S1:
[Huawei]sysname S1 [S1]vlan batch 100 111 101 102 [S1]interface Vlanif 111 [S1-Vlanif111]ip address 192.168.111.2 24 [S1-Vlanif111]interface Vlanif 100 [S1-Vlanif100]ip address 192.168.100.1 24 [S1-Vlanif100]interface Vlanif 101 [S1-Vlanif101]ip address 192.168.101.1 24 [S1-Vlanif101]interface Vlanif 102 [S1-Vlanif102]ip address 192.168.102.1 24 [S1]ip route-static 0.0.0.0 0 192.168.111.1
地址池:
[S1]ip pool vlan100 [S1-ip-pool-vlan100]network 192.168.100.0 mask 24 [S1-ip-pool-vlan100]gateway-list 192.168.100.1 [S1]ip pool vlan101 [S1-ip-pool-vlan101]network 192.168.101.0 mask 24 [S1-ip-pool-vlan101]gateway-list 192.168.101.1 [S1-ip-pool-vlan101]dns-list 114.114.114.114 [S1]ip pool vlan102 [S1-ip-pool-vlan102]network 192.168.102.0 mask 24 [S1-ip-pool-vlan102]gateway-list 192.168.102.1 [S1-ip-pool-vlan102]dns-list 114.114.114.114
配置接口:
[S1]interface GigabitEthernet 0/0/1 [S1-GigabitEthernet0/0/1]port link-type access [S1-GigabitEthernet0/0/1]port default vlan 111 [S1]interface GigabitEthernet 0/0/2 [S1-GigabitEthernet0/0/2]port link-type trunk [S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101 102 [S1-GigabitEthernet0/0/2]port trunk pvid vlan 100 [S1]interface GigabitEthernet 0/0/3 [S1-GigabitEthernet0/0/3]port link-type access [S1-GigabitEthernet0/0/3]port default vlan 100
S2:
[S2]vlan batch 100 101 102 [S2]port-group allport [S2-port-group-allport]group-member Ethernet 0/0/1 to Ethernet 0/0/4 [S2-port-group-allport]port link-type trunk [S2-Ethernet0/0/1]port link-type trunk [S2-Ethernet0/0/2]port link-type trunk [S2-Ethernet0/0/3]port link-type trunk [S2-Ethernet0/0/4]port link-type trunk [S2-port-group-allport]port trunk pvid vlan 100 [S2-Ethernet0/0/1]port trunk pvid vlan 100 [S2-Ethernet0/0/2]port trunk pvid vlan 100 [S2-Ethernet0/0/3]port trunk pvid vlan 100 [S2-Ethernet0/0/4]port trunk pvid vlan 100 [S2-port-group-allport]port trunk allow-pass vlan 100 101 102 [S2-Ethernet0/0/1]port trunk allow-pass vlan 100 101 102 [S2-Ethernet0/0/2]port trunk allow-pass vlan 100 101 102 [S2-Ethernet0/0/3]port trunk allow-pass vlan 100 101 102 [S2-Ethernet0/0/4]port trunk allow-pass vlan 100 101 102 [S2-port-group-allport] [S2]interface GigabitEthernet 0/0/1 [S2-GigabitEthernet0/0/1]port link-type trunk [S2-GigabitEthernet0/0/1]port trunk pvid vlan 100 [S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101 102
在AP上查看是否获得了地址:
[Huawei]display ip interface brief Interface IP Address/Mask Physical Protocol NULL0 unassigned up up(s) Vlanif1 192.168.100.251/24 up up
AC1:
[AC1]vlan batch 100 [AC1]interface Vlanif 100 [AC1-Vlanif100]ip address 192.168.100.10 24 [AC1]ip route-static 0.0.0.0 0 192.168.100.1 [AC1]interface GigabitEthernet 0/0/1 [AC1-GigabitEthernet0/0/1]port link-type access [AC1-GigabitEthernet0/0/1]port default vlan 100
建立capwap隧道:
capwap source ip-address 192.168.100.10 wlan regulatory-domain-profile name tanzhi country-code cn
创建AP组:
ap-group name ap-office1 regulatory-domain-profile tanzhi ap-group name ap-office2 regulatory-domain-profile tanzhi
选着认证AP的方式:认证方式有如下三种。
mac-auth MAC authenticated mode, default authenticated mode
no-auth No authenticated mode
sn-auth SN authenticated mode
ap auth-mode mac-auth
添加AP到AP组:
ap-id 1 ap-mac 00ec-fc12-3fc0 ap-name ap1 ap-group ap-office1 ap-id 2 ap-mac 00ec-fc4a-3d30 ap-name ap2 ap-group ap-office1 ap-id 3 ap-mac 00e0-fc30-2c00 ap-name ap3 ap-group ap-office2 ap-id 4 ap-mac 00e0-fc4b-3090 ap-name ap4 ap-group ap-office2
配置SSID模版:SSID就是wifi名称。
ssid-profile name ssid-office1 ssid ap-office1 ssid-profile name ssid-office2 ssid ap-office2
配置安全模版:
security-profile name sec-office1 security wpa-wpa2 psk pass-phrase tanzhi1234 aes security-profile name sec-office2 security wpa-wpa2 psk pass-phrase tanzhi1234 aes
配置VAP模版:一个AP虚拟出多个SSID即多个wifi。
vap-profile name vap-office1 forward-mode direct-forward service-vlan vlan-id 101 ssid-profile ssid-office1 security-profile sec-office1 vap-profile name vap-office2 forward-mode direct-forward service-vlan vlan-id 102 ssid-profile ssid-office2 security-profile sec-office2
在AP组中应用VAP模版:
ap-group name ap-office1 vap-profile vap-office1 wlan 1 radio 0 vap-profile vap-office1 wlan 1 radio 1 ap-group name ap-office2 vap-profile vap-office2 wlan 2 radio 0 vap-profile vap-office2 wlan 2 radio 1
