拓扑图
| 实验设备 | 型号 |
|---|---|
| AC | AC6005 |
| S1 | S5700 |
| S2 | S3700 |
| AP | AP2050DN |
| AP4 | AP2050DN |
| AR1 | AR200 |
没有配置好之前,是没有这个AP范围圈的
配置流程
接入交换机创建VLAN,配置对应端口的链路类型,放行vlan,开启端口隔离
# 与AP连接的接口(0/0/2)
[S2]vlan batch 100 101
[S2]int e0/0/2
[S2-Ethernet0/0/2]port link-type trunk
[S2-Ethernet0/0/2]port trunk pvid vlan 100
[S2-Ethernet0/0/2]port trunk allow-pass vlan 100 101
[S2-Ethernet0/0/2]port-isolate enable
# 与上行汇聚层交换机连接的接口(0/0/1)
[S2]int e0/0/1
[S2-Ethernet0/0/1]port link-type trunk
[S2-Ethernet0/0/1]port trunk allow-pass vlan 100 101
命令:
- port-isolate enable(开启端口隔离功能):主要是实现二层隔离,可以实现同一个vlan内端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
- port trunk pvid vlan 100 默认是vlan 1,就是相当于给AP打个vlan 100的标签,表示AP划在了vlan 100
汇聚交换机配置链路类型,与AC相连的放行vlan 100,与路由器相连的放行vlan 101
# 与AC相连的接口
[S1]vlan batch 100 101
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
#与下行接入交换机相连的接口
[S1-GigabitEthernet0/0/1]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
#与路由器相连接口
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan 101
路由器配置,配置链路类型,放行vlan,设置vlan 101ip地址
#路由器接口
[AR1]int e0/0/0
[AR1-Ethernet0/0/0]port link-type trunk
[AR1-Ethernet0/0/0]port trunk allow-pass vlan 101
[AR1-Ethernet0/0/0]q
[AR1]int Vlanif 101
[AR1-Vlanif101]ip address 10.10.10.1 24
配置AC,配置管理VLAN为AP下发IP
[AC]vlan batch 100 101
[AC]int g0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1]q
[AC] dhcp enable
[AC]interface Vlanif 100
[AC-Vlanif100]ip address 10.10.100.1 24
[AC-Vlanif100]dhcp select interface
命令:
dhcp enable开启DHCP功能
dhcp select interface开启接口采用接口地址池的DHCP Server功能
配置vlan 101为终端分配IP地址
[S1] dhcp enable
[S1]interface Vlanif 101
[S1-Vlanif101]ip address 10.10.10.2 24
[S1-Vlanif101]dhcp select interface
- 这里可以应该加一条命令dhcp server gateway-list 10.10.10.1 24就是让路由器做他的网关,但是不知道为什么在实验里这个命令就配置不上去,就只能10.10.10.2做网关了
配置AP上线
#创建ap组 组名为lnj_group_1
[AC]wlan
[AC-wlan-view]ap-group name lnj_group_1
[AC-wlan-ap-group-lnj_group_1]q
#创建域的管理模板,在域管理的模板下配置AC的国家码
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]country-code cn
[AC-wlan-regulate-domain-default]q
#在AP组下引用域管理模板。
[AC-wlan-view]ap-group name lnj_group_1
[AC-wlan-ap-group-lnj_group_1]regulatory-domain-profile default
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-lnj_group_1]q
[AC-wlan-view]q
#配置AC的源接口为vlan 100
[AC] capwap source interface vlanif 100
在AC上可以离线导入AP(00e0-fc13-10b0),并将AP加入AP组“lnj_group_1”
[AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
#我的AP的MAC:00e0-fc13-10b0
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc13-10b0
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group lnj_group_1
Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[AC-wlan-ap-0]q上面这一步完成,给AP通电,查看配置结果,State的值为nor表示AP正常
[AC-wlan-view]display ap all
配置WLAN参数
#创建名为lnj的安全模板,配置WPA-WPA2+PSK+AES的安全策略
[AC-wlan-view]security-profile name lnj
[AC-wlan-sec-prof-lnj]security wpa-wpa2 psk pass-phrase ax123456 aes
[AC-wlan-sec-prof-lnj]q
#配置wifi名称为lnj
[AC-wlan-view]ssid-profile name lnj
[AC-wlan-ssid-prof-lnj]ssid lnj
[AC-wlan-ssid-prof-lnj]q
创建名为“lnj”的VAP模板,配置业务数据转发模式为tunnel(隧道转发)
[AC-wlan-view]vap-profile name lnj
[AC-wlan-vap-prof-lnj]forward-mode tunnel
#业务vlan为101
[AC-wlan-vap-prof-lnj]service-vlan vlan-id 101
#引用安全模板和ssid模板
[AC-wlan-vap-prof-lnj]security-profile lnj
[AC-wlan-vap-prof-lnj]ssid-profile lnj
[AC-wlan-vap-prof-lnj]q
配置AP组引用VAP模板,指定射频为 0和1都使用lnj模板
[AC-wlan-view]ap-group name lnj_group_1
[AC-wlan-ap-group-lnj_group_1]vap-profile lnj wlan 1 radio 0
[AC-wlan-ap-group-lnj_group_1]vap-profile lnj wlan 1 radio 1
[AC-wlan-ap-group-lnj_group_1]q
配置让射频的信道和功率自动调优功能
[AC-wlan-view]regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]dca-channel 2.4g channel-set 1,6,11
[AC-wlan-regulate-domain-default]dca-channel 5g bandwidth 20mhz
[AC-wlan-regulate-domain-default]dca-channel 5g channel-set 149,153,157,161
创建扫描模板“wlan-air”,指定空口扫描信道集合为调优信道集合,指定空口扫描持续时间为60毫秒,指定空口扫描间隔时间为60000毫秒,间隔应该设置高一点,低了会占用较多资源,影响业务
[AC-wlan-view]air-scan-profile name wlan-air
[AC-wlan-air-scan-prof-wlan-air]scan-channel-set dca-channel
[AC-wlan-air-scan-prof-wlan-air]scan-period 60
[AC-wlan-air-scan-prof-wlan-air]scan-interval 60000
创建2G射频模板lnj_radio2g,并引用刚刚配置的空口扫描模板wlan-air,5G射频模板lnj_radio5g,引用模板wlan-air
[AC-wlan-view]radio-2g-profile name lnj_radio2g
[AC-wlan-radio-2g-prof-lnj_radio2g]air-scan-profile wlan-air
[AC-wlan-view]radio-5g-profile name lnj_radio5g
[AC-wlan-radio-5g-prof-lnj_radio5g]air-scan-profile wlan-air在名为AP组下引用5G射频模板lnj_radio5g 和2G射频模板lnj-radio2g
[AC-wlan-view]ap-group name lnj_group_1
[AC-wlan-ap-group-lnj_group_1]radio-5g-profile lnj_radio5g radio 1
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-lnj_group_1]radio-2g-profile lnj_radio2g radio 0
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-ap-group-lnj_group_1]q
配置射频调优模式为手动调优,并手动触发射频调优
[AC-wlan-view]calibrate enable manual
[AC-wlan-view]calibrate manual startup
调优结束后。开始定时调优,并将调优时间定为用户业务空闲时段(如当地时间凌晨00:00-06:00时段)。
[AC-wlan-view]calibrate enable schedule time 02:30:00
