需求:
企业建设无线局域网以满足无线终端访问互联网需求,新购置锐捷无线控制器、POE交换机及无线AP;
为减轻无线控制器性能压力部署为旁路、本地转发模式,交换机配置为无线终端网关;终端IP地址为DHCP动态分配,财务部门ssid为finance , 领导 ssid 为 manager, 认证模式为个人wap;
无线控制器6008配置:
ac6008#show run
version AC_RGOS 11.9(2)B1, Release(06152111)
hostname ac6008
!
wlan-config 100 finance
ssid-code utf-8
tunnel local
!
wlan-config 200 manager
ssid-code utf-8
tunnel local
!
ap-group inherit
interface-mapping 100 100 ap-wlan-id 1
interface-mapping 200 200 ap-wlan-id 2
!
ap-config all
!
ac-controller
ac-name inherit
ap-image auto-upgrade
location inherit
capwap ctrl-ip 10.254.254.254
country CN
802.11g network rate 1 disabled
802.11g network rate 2 disabled
802.11g network rate 5 disabled
802.11g network rate 6 supported
802.11g network rate 9 supported
802.11g network rate 11 mandatory
802.11g network rate 12 supported
802.11g network rate 18 supported
802.11g network rate 24 supported
802.11g network rate 36 supported
802.11g network rate 48 supported
802.11g network rate 54 supported
802.11b network rate 1 disabled
802.11b network rate 2 disabled
802.11b network rate 5 disabled
802.11b network rate 11 mandatory
802.11a network rate 6 mandatory
802.11a network rate 9 supported
802.11a network rate 12 mandatory
802.11a network rate 18 supported
802.11a network rate 24 mandatory
802.11a network rate 36 supported
802.11a network rate 48 supported
802.11a network rate 54 supported
!
802.11kv load-balance mode station-number
!
vlan 20
name ac2sw
!
vlan 100
name finance
!
vlan 200
name manager
!
interface GigabitEthernet 0/1
switchport mode trunk
switchport trunk allowed vlan only 20,100,200
!
interface Loopback 0
ip address 10.254.254.254 255.255.255.255
!
interface VLAN 20
description ac2sw
ip address 10.20.20.253 255.255.255.0
!
wlansec 100
security rsn enable
security rsn ciphers aes enable
security rsn akm psk enable
security rsn akm psk set-key ascii 1234567890
security wpa enable
security wpa ciphers aes enable
security wpa akm psk enable
security wpa akm psk set-key ascii 1234567890
!
wlansec 200
security rsn enable
security rsn ciphers aes enable
security rsn akm psk enable
security rsn akm psk set-key ascii 9876543210
security wpa enable
security wpa ciphers aes enable
security wpa akm psk enable
security wpa akm psk set-key ascii 9876543210
!
ip route 0.0.0.0 0.0.0.0 10.20.20.254
!
end
ac6008#show ap-config running
!
ap-config itap1
ap-mac 8005.8895.a2a7
ap-group inherit
!
ap-config itap2
ap-mac 8005.886f.8394
ap-group inherit
!
交换机配置:
sw1#show run
version S5700H_RGOS 11.4(1)B12P8
hostname sw1
!
service dhcp
ip dhcp excluded-address 10.10.10.254
ip dhcp excluded-address 10.1.1.254
ip dhcp excluded-address 10.2.2.254
!
ip dhcp pool apuser
option 138 ip 10.254.254.254
network 10.10.10.0 255.255.255.0
default-router 10.10.10.254
!
ip dhcp pool finance
network 10.1.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.1.1.254
!
ip dhcp pool manager
network 10.2.2.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.2.2.254
!
vlan range 1,10,20,100,200
!
interface GigabitEthernet 0/1
description to_ac6008_g0/1
switchport mode trunk
switchport trunk allowed vlan only 20,100,200
!
interface GigabitEthernet 0/2
no switchport
description to_internet fw
ip address 10.1.2.220 255.255.255.0
!
interface GigabitEthernet 0/3
description to_itap1
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan only 10,100,200
!
interface GigabitEthernet 0/4
description to_itap2
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan only 10,100,200
!
interface VLAN 10
ip address 10.10.10.254 255.255.255.0
!
interface VLAN 20
ip address 10.20.20.254 255.255.255.0
!
interface VLAN 100
ip address 10.1.1.254 255.255.255.0
!
interface VLAN 200
ip address 10.2.2.254 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 10.1.2.254
ip route 10.254.254.254 255.255.255.255 10.20.20.253
!
!
end
验证测试:
1、PC使用无线连接ssid finance , ping 和 tracert 8.8.8.8 测试无线连通性和路径;
2、PC使用无线连接ssid manager , ping 和 tracert 8.8.8.8 测试无线连通性和路径;
3、无线控制器 ac6008 使用以下命令验证;
show ap-config summary 查看ap注册状态
show capwap state 查看 capwap隧道状态
show ac-config client 查看接入wlan的无线终端状态