3/旁挂二层组网直接转发
交换机上需要在trunk上允许管理的和业务的同时跑
直连和旁挂配置上有什么区别吗?
交换机部份,
不用说了,trunk+pvid ,(AC-AP的管理VLAN)放行管理vlan 以及业务vlan
核心交换
用来分担 AC的业务VLAN下放IP地址,所以要配置DHCP,还要连接上行的路由器
具体配置
Access-sw
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
coresw
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
IP及DHCP(业务)
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
dhcp select interface
AC配置
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
#
wlan
security-profile name wfy
security wpa2 psk pass-phrase %^%#X~g/A70^SCf1zEDOU9sQ0]q;;,!‘rL\!,FY‘0XBX%^%# aes
ssid-profile name wfy
ssid wfy
vap-profile name wfy
service-vlan vlan-id 20
ssid-profile wfy
security-profile wfy
默认就是直接转发,所以没有显示
ap-group name wfy
ap-id 0 type-id 69 ap-mac 00e0-fc13-43a0 ap-sn 210235448310656FF341
ap-name wfy
ap-group wfy
[AC6005-wlan-view]ap-group name wfy
[AC6005-wlan-ap-group-wfy]vap-profile wfy wlan 1 radio all
ap-group name wfy
radio 0
vap-profile wfy wlan 1
radio 1
vap-profile wfy wlan 1
radio 2
vap-profile wfy wlan 1
4/旁挂二层组网隧道转发
Accesssw
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
#
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
coresw
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20 //这里必须要放行20,因为业务数据也要经过AC
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20 //同上
#
interface GigabitEthernet0/0/1 //连接路由器
port link-type access
port default vlan 20
ip pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
excluded-ip-address 192.168.20.2
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
dhcp select global
AC配置
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 20
#
Dhcp enable
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select interface
AP上线之前,查IP地址有没有收到
Interface IP Address/Mask Physical Protocol
NULL0 unassigned up up(s)
Vlanif1 192.168.10.109/24 up up
并且可以和AC通信
<wfy>ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 192.168.10.1: bytes=56 Sequence=2 ttl=255 time=60 ms
Reply from 192.168.10.1: bytes=56 Sequence=3 ttl=255 time=40 ms
WLAN配置
Wlan 其它的都和直连一样,只有一点区别,就是forward-mode – tunnel
vap-profile name wfy
forward-mode tunnel
service-vlan vlan-id 20
ssid-profile wfy
security-profile wfy
--------------------------------------
CCIE成长之路 --- 梅利
原文:https://www.cnblogs.com/meili333/p/14125079.html