WLAN-案例-1直连二层组网（直接转发发/隧道转发）

1/直连二层组网直接转发

配置建议

建议在与AP直连的设备接口上配置端口隔离，如果不配置端口隔离，尤其是业务数据转发方式采用直接转发时，可能会在VLAN内形成大量不必要的广播报文，导致网络阻塞，影响用户体验。

隧道转发模式下，管理VLAN和业务VLAN不能配置为同一VLAN，且AP和AC之间只能放通管理VLAN，不能放通业务VLAN。

配置配置

1 GW配置

[r1]inter g0/0/0

[r1-GigabitEthernet0/0/0]ip add 192.168.101.100 24

2 SW配置（接入层）

[sw]vlan batch 100 101

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 101

 port-isolate enable group 1

3 AC配置

 接口状态

interface Vlanif100

 ip address 192.168.100.1 255.255.255.0

 dhcp select interface   //配置接口的DHCP

#

interface Vlanif101

 ip address 192.168.101.1 255.255.255.0

 dhcp select interface    //配置接口的DHCP

 dhcp server excluded-ip-address 192.168.101.100  //排除GW的IP地址

AC-WLAN配置

[AC6005]dis thiscapwap source interface vlanif100

[AC6005]wlan

[AC6005-wlan-view]ap-gr

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-view]quit

[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fcaa-7e80

[AC6005-wlan-ap-0]ap-name wfy

[AC6005-wlan-ap-0]ap-group wfy

Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y

[AC6005-wlan-view]security-profile name wfy

[AC6005-wlan-sec-prof-wfy]security wpa2 psk pass-phrase 12345678 aes

[AC6005-wlan-view]ssid-profile name wfy

[AC6005-wlan-ssid-prof-wfy]ssid wfy

[AC6005-wlan-view]vap-profile name wfy

[AC6005-wlan-vap-prof-wfy]ssid-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]security-profile wfy

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]service-vlan vlan-id 101

Info: This operation may take a few seconds, please wait.done.

[AC6005-wlan-vap-prof-wfy]forward-mode  direct-forward

[AC6005-wlan-view]ap-group name wfy

[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all

Info: This operation may take a few seconds, please wait...done.

Ac上还需要有一条默认路由指向上层路由器

2/直连二层组网隧道转发

现在是隧道模式，其特点如下

并且在该模式下，在AC和AP之间的交换机，仅可以放行AP的管理VLAN通行即可

实际配置

Gw不变，

SW1

interface Ethernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

interface Ethernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 10

AC配置

[AC6005]capwap source inter vlan 10

interface GigabitEthernet0/0/2

 port link-type trunk

 port trunk pvid vlan 10

 port trunk allow-pass vlan 10

interface GigabitEthernet0/0/1

 port link-type access

 port default vlan 20

#

interface Vlanif10

 ip address 192.168.10.1 255.255.255.0

 dhcp select interface

#

interface Vlanif20

 ip address 20.0.0.2 255.255.255.0

 dhcp select interface

 dhcp server excluded-ip-address 20.0.0.1

WLAN配置

只有一处改动，

那就是在VAP模板中的forward-mode 转发模式

vap-profile name wfy

  forward-mode tunnel

  service-vlan vlan-id 20

  ssid-profile wfy

  security-profile wfy

OK no problem

其实最主要的就是要搞明白，接入交换机上接口的VLAN配置，以及trunk的配置，

究竟哪里设置pvid，哪里放行具体的vlan,

------------------------------------------

CCIE成长之路 --- 梅利

WLAN-案例-1直连二层组网（直接转发发/隧道转发）

原文：https://www.cnblogs.com/meili333/p/14125070.html