实验拓扑

拓扑下载

9e7c747ebb914aa8ba226323ffbeac0d.png

业务需求

企业用户通过WLAN接入网络,以满足移动办公的最基本需求。为了区分部门进行管理,不同部门的员工在不同的子网。且在覆盖区域内移动发生漫游时,不影响用户的业务使用。

LSW3

设置对应的vlan通过就行了,我们这里使用101和100的vlan

sys
#
 sysname Switch_1
#
 vlan batch 100 to 101
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 101
 #
return

LSW4

设置对应的vlan通过就行了,我们这里使用102和200的vlan

sys
#
 sysname Switch_2
#
 vlan batch 102 200
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 200
 port trunk allow-pass vlan 102 200
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 102 200
 #
return

AR1

sys
#
 sysname Router
#
interface GigabitEthernet0/0/1
 ip address 10.23.100.2 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 10.23.200.2 255.255.255.0
q
ip route-static 0.0.0.0 0 30.30.30.1
ip route-static 10.23.101.0 24 10.23.100.1
ip route-static 10.23.102.0 24 10.23.200.1
int g0/0/0
ip add 30.30.30.2 24
q
acl num 2000
rule per sou any
q
int g0/0/0
nat out 2000
!

AR2(用于模拟外网)

sys
sysn ar2
int g0/0/0
ip add 30.30.30.1 24
q
int loo 0
ip add 1.1.1.1 32
q

AC1

后续的操作需要等待ap上线后,前提是两端ac使用静态地址配通后,才可以实现跨ac的三层漫游,当然你使用其它的动态链路协议也可以,bgp,ospf都行,两端ac可以通讯就行了

sys
#
sysname AC_1
#
vlan batch 100 to 102
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
dhcp ser ex 10.23.100.2
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type acc
 port d v 100
#
ip route-static 10.23.200.0 255.255.255.0 10.23.100.2 
ip route-static 0.0.0.0 0 10.23.100.2
#
capwap source interface vlanif100
#
wlan
ap auth no   //这里一定要等待ap上线后才可以进行后续的操作
regulatory-domain-profile name guojia
country-code CN
ap-group name 101
regulatory-domain-profile guojia 
y
q
ap-id 0
ap-group 101
y
q
ssid-profile name wifiname
 ssid erceng
 security-profile name passwd
security wpa2 psk pass-phrase 12345678 aes
y

 vap-profile name 101
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile wifiname
  security-profile passwd
rrm-profile name rrm
  smart-roam enable
  smart-roam roam-threshold check-snr check-rate
  smart-roam roam-threshold snr 30
  smart-roam roam-threshold rate 30

radio-2g-profile name 2g
  rrm-profile rrm
 radio-5g-profile name 5g
  rrm-profile rrm
ap-group name 101
  radio 0
   radio-2g-profile 2g
y
   vap-profile 101 wlan 1
  radio 1
   radio-5g-profile 5g
y
vap-profile 101 wlan 1
!  
 mobility-group name mobility    //主要靠这个ac漫游组
  member ip-address 10.23.100.1
  member ip-address 10.23.200.1  ac给ap上线分配地址的网关
q

AC2

后续的操作需要等待ap上线后,前提是两端ac使用静态地址配通后,才可以实现跨ac的三层漫游,当然你使用其它的动态链路协议也可以,bgp,ospf都行,两端ac可以通讯就行了

sys
#
sysname AC_2
#
vlan batch 101 to 102 200
#
dhcp enable
#
interface Vlanif200
 ip address 10.23.200.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
dhcp ser ex 10.23.200.2
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
 dhcp select interface
dhcp ser dns 114.114.114.114
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 102 200 
#
interface GigabitEthernet0/0/2
 port link-type acc
 port def vlan 200
#
ip route-static 10.23.100.0 255.255.255.0 10.23.200.2 
ip route-static 0.0.0.0 0 10.23.200.2
#
capwap source interface vlanif200
#
wlan
ap auth no
regulatory-domain-profile name guojia
country-code CN
ap-group name 102
regulatory-domain-profile guojia 
y
q
ap-id 0
ap-group 102
y
q
ssid-profile name wifiname
 ssid erceng
 security-profile name passwd
security wpa2 psk pass-phrase 12345678 aes
y

 vap-profile name 102
  forward-mode tunnel
  service-vlan vlan-id 102
  ssid-profile wifiname
  security-profile passwd
rrm-profile name rrm
  smart-roam enable
  smart-roam roam-threshold check-snr check-rate
  smart-roam roam-threshold snr 30
  smart-roam roam-threshold rate 30

radio-2g-profile name 2g
  rrm-profile rrm
 radio-5g-profile name 5g
  rrm-profile rrm
ap-group name 102
  radio 0
   radio-2g-profile 2g
y
   vap-profile 102 wlan 1
  radio 1
   radio-5g-profile 5g
y
vap-profile 102 wlan 1
!
 mobility-group name mobility   //主要就是靠这个ac漫游组来配置的
  member ip-address 10.23.100.1   //ac给ap上线分配地址的网关
  member ip-address 10.23.200.1
q

主要就是配置漫游组前提两台ac可以互相通讯

 mobility-group name mobility   //主要就是靠这个ac漫游组来配置的
  member ip-address 10.23.100.1   //ac给ap上线分配地址的网关
  member ip-address 10.23.200.1

  最终效果,这里我们ping外网进行测试,wifi密码12345678

73d76724f4dd45068248513833f93f83.gif

 

 

 

# 华为
Logo
2048 AI社区

有“AI”的1024 = 2048,欢迎大家加入2048 AI社区

更多推荐

cover

机器学习 决策树-分类

avatar 2048 AI社区
cover

软考中级-软件设计师 UML图详解( 类图,对象图,用例图,序列图,通信图,状态图,活动图,构件图,部署图)

avatar 2048 AI社区

不懂编程本科毕业生手搓三个APP,用ChatGPT两年狂赚千万美金!

而现在更厉害的是,有了多模态能力的ChatGPT,直接上传设计图片、截图,并告诉它「我要做成这个样子,这些按钮要实现xxx功能,帮我把代码写出来」。ChatGPT发布那天,Walter Isaacson在课上也是表现的异常热情激动,他的眼睛闪烁着兴奋的光芒,就像孩子看到了心爱的玩具一样。也就是说,假设你能做对80%的决策,另一个人也能做对80%,并且你们的专长领域不重叠,那么当你们联手的时候,正确

avatar 2048 AI社区