想要完成这样的部署,需要完成几步走
1 配置AP-AC之间的二层互通,
2 配置AP-AC的三层互通
3 配置AP上线
4 配置模板
5 下发配置
1 配置ap-ac的二层互通
其实就是保证AC-AP在一个广播域内,因为默认就是以这种形式AP来发现AC的,
在如下情况,AP会发送Discovery Request广播报文自动发现同一网段中的AC,然后通过AC响应的Discovery Response报文选择一个待关联的AC开始建立CAPWAP隧道。
但需要注意的是,如果AP-AC直接相连,最好不用使用ac上的VLAN1 (尽可能的避免后续的广播流量)
所以应该全用另外的VLAN,
[AC6005]vlan batch 100 200 //100为capwap 的管理vlan,200为业务 vlan
[AC6005]inter g0/0/1
[AC6005-GigabitEthernet0/0/1]por li tr
[AC6005-GigabitEthernet0/0/1]por tr pvid vlan 100 //设置PVID为100
[AC6005-GigabitEthernet0/0/1]port tr all vlan 100 200 //放行的vlan,(这里还要取决于后续的转发方式,共有两种,直接转发发和隧道转发,原理不同,放行的VLAN也不同)
然后配置VLAN100的vlan-if,并且配置dhcp server
2 配置AP-AC的三层互通(保证AP可以获得IP地址)
[AC6005]dhcp enable
[AC6005-Vlanif100]inter vlan 100
[AC6005-Vlanif100]ip add 192.168.100.1 24
[AC6005-Vlanif100]dhcp se in //偷个懒,直接从接口调用
3 配置AP上线
有了IP之后,就可以和AC进行通信了,来配置AP上线
3-1 配置AC源地址(capwap隧道的源)
[AC6005]capwap source interface vlan 100
3-2 配置AP上线
[AC6005]wlan
[AC6005-wlan-view]ap-group name wfy //ap组名字叫做wfy
[AC6005-wlan-view]ap-id 0 ap-mac?
ap-mac AP MAC address
[AC6005-wlan-view]ap-id 0 ap-mac ? //添加ap, 从0 开始排数,
MAC_ADDR<XXXX-XXXX-XXXX> AP MAC address
[AC6005-wlan-view]ap-id 0 ap-mac 00e0-fc37-5060 //指定AP的MAC<
Ap的mac就不用我说了吧,到AP上去查一下,
[AC6005-wlan-ap-0]ap-name wfy
[AC6005-wlan-ap-0]ap-group wfy
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
在AP上可以看到这样的消息,capwap隧道建立完成
4 配置模板
包括安全模板,ssid 模板 vap模板
[AC6005-wlan-view]security-profile name wfy //安全模板
[AC6005-wlan-sec-prof-wfy]security wpa-wpa2 psk pass-phrase 12345678 aes
Warning: The current password is too simple. For the sake of security, you are advised to set a password containing at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters. Continue? [Y/N]:y
[AC6005-wlan-view]ssid-profile name wfy //ssid 模板
[AC6005-wlan-ssid-prof-wfy]ssid wfy
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-ssid-prof-wfy]q
[AC6005-wlan-view]vap-profile name wfy //vap 模板
[AC6005-wlan-vap-prof-wfy]ssid-profile wfy //调用SSID模板
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-wfy]security-profile wfy //调用安全模板
Info: This operation may take a few seconds, please wait.done.
[AC6005-wlan-vap-prof-wfy]service-vlan vlan-id 200 //定义业务vlan
[AC6005-wlan-vap-prof-wfy]forward-mode tunnel //设置转发模板
Info: This operation may take a few seconds, please wait.done.
5 配置下发
[AC6005]wlan
[AC6005-wlan-view]ap-group name wfy
[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
最后不要忘了配置业务 VLAN
[AC6005]inter vlan 200
[AC6005-Vlanif200]ip add 192.168.200.1 24
[AC6005]ip pool vlan200
[AC6005-ip-pool-vlan200]network 192.168.200.0 mas 24
[AC6005-ip-pool-vlan200]gateway-list 192.168.200.1
[AC6005]inter vlan 200
[AC6005-Vlanif200]dhcp se glo
这是最基本的环境
如果说当出现网络问题,有没有思路去排错呢?
不难吧,
先二层,再三层,AP上线,配置模板,下发配置。
---------------------------------------
CCIE成长之路 --- 梅利
原文:https://www.cnblogs.com/meili333/p/14125053.html