
一。配置接口类型
lsw1:
LSW1vlan batch 10 20 100
LSW1-GigabitEthernet0/0/1port link-type trunk
LSW1-GigabitEthernet0/0/1port trunk allow-pass vlan 10 20 100
LSW1port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/4
LSW1-GigabitEthernet0/0/2port link-type trunk
LSW1-GigabitEthernet0/0/3port link-type trunk
LSW1-GigabitEthernet0/0/4port link-type trunk
LSW1port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3
LSW1-GigabitEthernet0/0/2port trunk allow-pass vlan 10 100
LSW1-GigabitEthernet0/0/3port trunk allow-pass vlan 10 100
LSW1-GigabitEthernet0/0/2port trunk pvid vlan 100
LSW1-GigabitEthernet0/0/3port trunk pvid vlan 100
LSW1-GigabitEthernet0/0/4port trunk allow-pass vlan 20 100
LSW1-GigabitEthernet0/0/4port trunk pvid vlan 100
AC1:
-
AC6605vlan batch 100
-
AC6605-GigabitEthernet0/0/2port link-type trunk
-
AC6605-GigabitEthernet0/0/2port trunk allow-pass vlan 10 20 100
**二。配置DHCP---**地址池配置,为AP分配IP地址
lsw1:
LSW1dhcp enable
LSW1ip pool wifi
LSW1-ip-pool-wifigateway-list 192.168.1.1
LSW1-ip-pool-wifinetwork 192.168.1.0 mask 24
LSW1interface Vlanif 100
LSW1-Vlanif100ip address 192.168.1.1 24
LSW1-Vlanif100dhcp select global
三。WLAN配置
AP与AC实现三层互递
-
AC6605interface Vlanif 100
-
AC6605-Vlanif100ip address 192.168.1.2 24
在AP与AC间建立CAPWAP隧道
AC6605capwap source interface Vlanif 100 --- 设置使用某个VLAN接口与AP进行隧道建立
创建域管理模板
AC6605wlan --- 进入WLAN配置视图
AC6605-wlan-viewregulatory-domain-profile name aa
AC6605-wlan-regulate-domain-aacountry-code CN ---- 设置采用的WLAN的频段
AC6605-wlan-viewap auth-mode mac-auth --- 设置AP的认证模式
创建AP组
AC6605-wlan-viewap-group name gourp-1 --- 创建AP组
AC6605-wlan-ap-group-gourp-1regulatory-domain-profile aa --- 将域管理模板绑定到该AP组内
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?Y/N:Y
AC6605-wlan-viewap-group name gourp-2 --- 创建AP组
AC6605-wlan-ap-group-gourp-2regulatory-domain-profile aa--- 将域管理模板绑定到该AP组内
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?Y/N:Y
AP接入
AC6605-wlan-viewap-id 0 ap-mac 00e0-fcea-2130
AC6605-wlan-viewap-id 1 ap-mac 00e0-fc45-1cd0
AC6605-wlan-viewap-id 2 ap-mac 00e0-fcc6-35a0
AP组中添加AP设备
AC6605-wlan-ap-0ap-name ap-0--- 设置该AP的名称
AC6605-wlan-ap-0ap-group gourp-1--- 将该AP绑定到AP组内
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? Y/N:Y
AC6605-wlan-ap-1ap-name ap-1
AC6605-wlan-ap-1ap-group gourp-1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? Y/N:y
AC6605-wlan-ap-2ap-name ap-2
AC6605-wlan-ap-2ap-group gourp-2
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? Y/N:y

配置安全模板
AC6605-wlan-viewsecurity-profile name openlab-1
AC6605-wlan-sec-prof-openlab-1security wpa2 psk pass-phrase openlab-2 aes
AC6605-wlan-viewsecurity-profile name openlab-2
AC6605-wlan-sec-prof-openlab-2security wpa2 psk pass-phrase openlab-1 aes
配置SSID模板
AC6605-wlan-viewssid-profile name openlab-1
AC6605-wlan-ssid-prof-openlab-1ssid openlab-1
AC6605-wlan-viewssid-profile name openlab-2
AC6605-wlan-ssid-prof-openlab-2ssid openlab-2
配置VAP模板
AC6605-wlan-viewvap-profile name openlab-1
AC6605-wlan-vap-prof-openlab-1forward-mode tunnel --- 隧道转发模式
AC6605-wlan-vap-prof-openlab-1service-vlan vlan-id 10 ---设定转发的业务流量所属VLAN,就是 wifi用户所属的VLAN
AC6605-wlan-vap-prof-openlab-1security-profile openlab-1--- 绑定安全模板
AC6605-wlan-vap-prof-openlab-1ssid-profile openlab-1--- 绑定SSID模板
AC6605-wlan-viewvap-profile name openlab-2
AC6605-wlan-vap-prof-openlab-2forward-mode tunnel
AC6605-wlan-vap-prof-openlab-2service-vlan vlan-id 20
AC6605-wlan-vap-prof-openlab-2security-profile openlab-2
AC6605-wlan-vap-prof-openlab-2ssid-profile openlab-2
在AP组中调用AP模板
AC6605-wlan-viewap-group name gourp-1
AC6605-wlan-ap-group-gourp-1vap-profile openlab-1 wlan 1 radio all
AC6605-wlan-viewap-group name gourp-2
AC6605-wlan-ap-group-gourp-2vap-profile openlab-2 wlan 2 radio all


四。配置DHCP
LSW1interface Vlanif 10
LSW1-Vlanif10ip address 192.168.10.254 24
LSW1-Vlanif10dhcp select global
LSW1ip pool vlan10
LSW1-ip-pool-vlan10network 192.168.10.0 mask 24
LSW1-ip-pool-vlan10gateway-list 192.168.10.254
LSW1int v 20
LSW1-Vlanif20ip address 192.168.20.254 24
LSW1-Vlanif20dhcp select global
LSW1ip pool vlan20
LSW1-ip-pool-vlan20network 192.168.20.0 mask 24
LSW1-ip-pool-vlan20gateway-list 192.168.20.254


五。配置全网可通
AC6605vlan 200
AC6605-GigabitEthernet0/0/1p l a
AC6605-GigabitEthernet0/0/1port default vlan 200
AC6605int v 200
AC6605-Vlanif200ip address 192.168.200.1 24
AC6605ip route-static 1.1.1.0 24 192.168.200.2
AC6605ip route-static 192.168.10.0 24 192.168.1.1
AC6605ip route-static 192.168.20.0 24 192.168.1.1
R1-GigabitEthernet0/0/0ip address 192.168.200.2 24
R1-LoopBack0ip address 1.1.1.1 24
R1ip route-static 192.168.1.0 24 192.168.200.1
R1ip route-static 192.168.20.0 24 192.168.200.1
LSW1ip route-static 192.168.200.0 24 192.168.1.2
LSW1ip route-static 1.1.1.0 24 192.168.1.2

