祖瑞科技 全国计算机 网络IT运维社区!

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
查看: 10466|回复: 0

三层旁挂组网遂道转发

[复制链接]

205

主题

218

帖子

1286

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
1286
发表于 2021-3-4 15:08:17 | 显示全部楼层 |阅读模式
三层旁挂组网遂道转发

配置项数据
  
项目
  
数据
  
AP管理VLAN
  
VLAN10/VLAN100
  
STA业务VLAN
  
VLAN101/VLAN102
  
DHCP服务器
  
AC作为AP的DHCP服务器
  
Core SW作为STA的DHCP服务器
  
Core SW作为PC的DHCP服务器
  
网关
  
STA 172.16.101.1/172.16.102.1
  
PC 192.168.200.1
  
AP地址池
  
172.16.10.2~172.16.10.254/24
  
STA地址池
  
172.16.101.3~172.16.101.254/24
  
172.16.102.3~172.16.102.254/24
  
PC地址池
  
192.168.200.2~192.168.200.254/24
  
路由
  
OSPF
  
VLAN POOL
  
名称:VLANPOOL
  
参与VLAN:VLAN101/VLAN102
  
AC源接口/capwap
  
VLANIF 100
  
AP组/ap-group
  
名称:zurkj
  
引用模板: VAP模板zurkj
  
      域管理模板zurkj
  
      流量模板zurkj
  
域管理模板/regulatory-domain-profile      
  
名称:zurkj
  
国家代码:CN
  
安全模板/security-profile
  
名称:zurkj
  
安全:WPA2+PSK+AES
  
密码:qwe123123
  
SSID模板/ssid-profile
  
名称:zurkj
  
SSID:zurkj
  
流量模板/traffic-profile
  
名称:zurkj
  
上行流量:1024
  
下行流量:1024
  
VAP模板/vap-profile
  
名称:zurkj
  
转发模式: 遂道
  
业务VLAN: VLANPOOL
  
引用模板: 安全模板zurkj
  
      SSID模板zurkj
  
      流量模板zurkj

配置有线网络互通
JRSW
<Huawei>system-view
[Huawei]sysname JRSW
[JRSW]vlan batch 10
[JRSW]interface gigabitethernet 0/0/1
[JRSW-GigabitEthernet0/0/1]port link-typetrunk
[JRSW-GigabitEthernet0/0/1]porttrunk pvid vlan 10
[JRSW-GigabitEthernet0/0/1]undo port trunkallow-pass vlan 1
[JRSW-GigabitEthernet0/0/1]porttrunk allow-pass vlan 10
[JRSW-GigabitEthernet0/0/1]port-isolateenable  //启用商品隔离
[JRSW-GigabitEthernet0/0/1]quit
[JRSW]interfacegigabitethernet 0/0/2
[JRSW-GigabitEthernet0/0/2]portlink-type trunk
[JRSW-GigabitEthernet0/0/2]undoport trunk allow-pass vlan 1
[JRSW-GigabitEthernet0/0/2]porttrunk allow-pass vlan 10
[JRSW-GigabitEthernet0/0/2]quit
JRSW2
<Huawei>system-view
[Huawei]sysname JRSW2
[JRSW2]vlan batch 200
[JRSW2]interface gigabitethernet 0/0/1
[JRSW2-GigabitEthernet0/0/1]port link-typetrunk
[JRSW2-GigabitEthernet0/0/1]undoport trunk allow-pass vlan 1
[JRSW2-GigabitEthernet0/0/1]porttrunk allow-pass vlan 200
[JRSW2-GigabitEthernet0/0/1]quit
[JRSW2]interfacegigabitethernet 0/0/2
[JRSW2-GigabitEthernet0/0/2]portlink-type access
[JRSW2-GigabitEthernet0/0/2]portdefault vlan 200
[JRSW2-GigabitEthernet0/0/2]quit
CoreSW
配置端口
<Huawei>system-view
[Huawei]sysnameCore SW
[Core SW]vlan batch10 100 to 102 200
[Core SW]interfacegigabitethernet 0/0/1
[CoreSW-GigabitEthernet0/0/1]port link-type trunk
[CoreSW-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[CoreSW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[CoreSW-GigabitEthernet0/0/1]quit
[Core SW]interfacegigabitethernet 0/0/2
[CoreSW-GigabitEthernet0/0/2]port link-type trunk
[CoreSW-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[CoreSW-GigabitEthernet0/0/2]port trunk allow-pass vlan 101 to 102 200
[CoreSW-GigabitEthernet0/0/2]quit
[Core SW]interfacegigabitethernet 0/0/3
[CoreSW-GigabitEthernet0/0/3]port link-type trunk
[CoreSW-GigabitEthernet0/0/3]undo port trunk allow-pass vlan 1
[CoreSW-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 101 to 102
[CoreSW-GigabitEthernet0/0/3]quit
[Core SW]interfacegigabitethernet 0/0/4
[CoreSW-GigabitEthernet0/0/4]port link-type trunk
[CoreSW-GigabitEthernet0/0/4]undo port trunk allow-pass vlan 1
[CoreSW-GigabitEthernet0/0/4]port trunk allow-pass vlan 200
[CoreSW-GigabitEthernet0/0/4]quit
配置DHCP服务
[Core SW]dhcpenable  //开启DHCP服务功能
[Core SW]dhcpserver group dhcpgroup  //创建DHCP服务组
[CoreSW-dhcp-server-group-dhcpgroup]dhcp-server 172.16.100.1 //配置DHCP服务地址
[CoreSW-dhcp-server-group-dhcpgroup]quit
[Core SW]ip poolvlan101 //创建DHCP地址池
[CoreSW-ip-pool-vlan101]gateway-list 172.16.101.1
[CoreSW-ip-pool-vlan101]network 172.16.101.0 mask 24
[CoreSW-ip-pool-vlan101]excluded-ip-address 172.16.101.2
[Core SW-ip-pool-vlan101]excluded-ip-address172.16.101.200 172.16.101.254
[CoreSW-ip-pool-vlan101]lease day 2 hour 0 minute 0
[CoreSW-ip-pool-vlan101]dns-list 114.114.114.114 8.8.8.8
[CoreSW-ip-pool-vlan101]quit
[Core SW]ip poolvlan102
[CoreSW-ip-pool-vlan102]gateway-list 172.16.102.1
[CoreSW-ip-pool-vlan102]network 172.16.102.0 mask 24
[CoreSW-ip-pool-vlan102]excluded-ip-address 172.16.102.2
[CoreSW-ip-pool-vlan102]excluded-ip-address 172.16.102.200 172.16.102.254
[CoreSW-ip-pool-vlan102]lease day 2 hour 0 minute 0
[CoreSW-ip-pool-vlan102]dns-list 114.114.114.114 8.8.8.8
[CoreSW-ip-pool-vlan102]quit
[Core SW]ip poolvlan200
[CoreSW-ip-pool-vlan200]gateway-list 192.168.200.1
[CoreSW-ip-pool-vlan200]network 192.168.200.0 mask 24
[CoreSW-ip-pool-vlan200]excluded-ip-address 192.168.200.200 192.168.200.254
[CoreSW-ip-pool-vlan200]lease day 2 hour 0 minute 0
[CoreSW-ip-pool-vlan200]dns-list 114.114.114.114 8.8.8.8
[CoreSW-ip-pool-vlan200]quit
配置三层接口
[Core SW]interfacevlanif 10
[CoreSW-Vlanif10]ip address 172.16.10.1 24
[CoreSW-Vlanif10]dhcp select relay //配置DHCP服务选择中继
[CoreSW-Vlanif10]dhcp relay server-select dhcpgroup //配置DHCP中继服务引用服务组
[CoreSW-Vlanif10]quit
[Core SW]interfacevlanif 100
[Core SW-Vlanif100]ipaddress 172.16.100.2 24
[CoreSW-Vlanif100]quit
[Core SW]interfacevlanif 101
[CoreSW-Vlanif101]ip address 172.16.101.2 24
[CoreSW-Vlanif101]dhcp select global  //配置DHCP服务基于全局
[CoreSW-Vlanif101]quit
[Core SW]interfacevlanif 102
[CoreSW-Vlanif102]ip address 172.16.102.2 24
[CoreSW-Vlanif102]dhcp select global
[CoreSW-Vlanif102]quit
[Core SW]interfacevlanif 200
[CoreSW-Vlanif200]ip address 192.168.200.2 24
[CoreSW-Vlanif200]dhcp select global
[Core SW-Vlanif200]quit
配置环回口
[Core SW]interfaceloopback 0
[Core SW-LoopBack0]ipaddress 100.100.100.101 32
[CoreSW-LoopBack0]quit
配置OSPF路由协议
[Core SW]ospf 1
[CoreSW-ospf-1]area 0
[CoreSW-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher admin1234  //配置OSPF协议认证
[CoreSW-ospf-1-area-0.0.0.0]network 172.16.10.0 0.0.0.255
[CoreSW-ospf-1-area-0.0.0.0]network 172.16.100.0 0.0.0.255
[CoreSW-ospf-1-area-0.0.0.0]network 172.16.200.0 0.0.0.255
[CoreSW-ospf-1-area-0.0.0.0]network 172.16.101.0 0.0.0.255
[CoreSW-ospf-1-area-0.0.0.0]network 172.16.102.0 0.0.0.255
[CoreSW-ospf-1-area-0.0.0.0]network 100.100.100.101 0.0.0.0
[CoreSW-ospf-1-area-0.0.0.0]quit
[Core SW-ospf-1]quit
Gateway(出口路由)
配置端口
<Huawei>system-view
[Huawei]sysnameGateway
[Gateway]vlan batch101 to 102 200
[Gateway]interfaceethernet 0/0/0
[Gateway-Ethernet0/0/0]portlink-type trunk
[Gateway-Ethernet0/0/0]undoport trunk allow-pass vlan 1
[Gateway-Ethernet0/0/0]porttrunk allow-pass vlan 101 to 102 200
[Gateway-Ethernet0/0/0]quit
配置接口
[Gateway]interfacevlanif 101
[Gateway-Vlanif101]ipaddress 172.16.101.1 24
[Gateway-Vlanif101]quit
[Gateway]interfacevlanif 102
[Gateway-Vlanif102]ipaddress 172.16.102.1 24
[Gateway-Vlanif102]quit
[Gateway]interfacevlanif 200
[Gateway-Vlanif200]ipaddress 192.168.200.1 24
[Gateway-Vlanif200]quit
配置环回口
[Gateway]interfaceloopback 0
[Gateway-LoopBack0]ipaddress 100.100.100.100 32
[Gateway-LoopBack0]quit
配置出口及ACL
[Gateway]interfacegigabitethernet 0/0/0
[Gateway-GigabitEthernet0/0/0]ipaddress 222.67.55.2 29
[Gateway-GigabitEthernet0/0/0]quit
[Gateway]acl 2000 //创建ACL2000
[Gateway-acl-basic-2000]step20  //配置步长
[Gateway-acl-basic-2000]rule20 permit source any  //放行所有源
[Gateway-acl-basic-2000]quit
[Gateway]interfacegigabitethernet 0/0/0
[Gateway-GigabitEthernet0/0/0]natoutbound 2000 //出接口调用ACL 2000规则
[Gateway-GigabitEthernet0/0/0]quit
[Gateway]iproute-static 0.0.0.0 0.0.0.0 222.67.55.1 //配置默认路由
配置OSPF
[Gateway]ospf 1
[Gateway-ospf-1]area0
[Gateway-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234
[Gateway-ospf-1-area-0.0.0.0]network172.16.101.0 0.0.0.255
[Gateway-ospf-1-area-0.0.0.0]network172.16.102.0 0.0.0.255
[Gateway-ospf-1-area-0.0.0.0]network192.168.200.0 0.0.0.255
[Gateway-ospf-1-area-0.0.0.0]network100.100.100.100 0.0.0.0
[Gateway-ospf-1-area-0.0.0.0]quit
[Gateway-ospf-1]quit
AC
配置端口
<AC6005>system-view
[AC6005]sysname AC
[AC]vlan batch 100to 102
[AC]interfacegigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]portlink-type trunk
[AC-GigabitEthernet0/0/1]undoport trunk allow-pass vlan 1
[AC-GigabitEthernet0/0/1]porttrunk allow-pass vlan 100 to 102
[AC-GigabitEthernet0/0/1]quit
配置DHCP服务
[AC]dhcp enable
[AC]ip pool vlan10
[AC-ip-pool-vlan10]gateway-list172.16.10.1
[AC-ip-pool-vlan10]network172.16.10.0 mask 24
[AC-ip-pool-vlan10]excluded-ip-address172.16.10.200 172.16.10.254
[AC-ip-pool-vlan10]leaseday 2 hour 0 minute 0
[AC-ip-pool-vlan10]option43 sub-option 3 ascii 172.16.100.1
[AC-ip-pool-vlan10]quit
配置三层接口
[AC]interfacevlanif 100
[AC-Vlanif100]ipaddress 172.16.100.1 24
[AC-Vlanif100]dhcpselect global
[AC-Vlanif100]quit
配置环回口
[AC]interfaceloopback 0
[AC-LoopBack0]ipaddress 100.100.100.102 32
[AC-LoopBack0]quit
配置OSPF
[AC]ospf 1
[AC-ospf-1]area 0
[AC-ospf-1-area-0.0.0.0]authentication-modemd5 1 cipher admin1234
[AC-ospf-1-area-0.0.0.0]network172.16.100.0 0.0.0.255
[AC-ospf-1-area-0.0.0.0]network100.100.100.100 0.0.0.0
[AC-ospf-1-area-0.0.0.0]quit
[AC-ospf-1]quit
配置VLAN POOL
[AC]vlan poolvlanpool
[AC-vlan-pool-vlanpool]vlan101 102
[AC-vlan-pool-vlanpool]assignmenthash
[AC-vlan-pool-vlanpool]quit
配置WLAN业务
创建AP组和域管理模板,并在AP组引用域管理模板
[AC]wlan
[AC-wlan-view]ap-groupname zurkj
[AC-wlan-ap-group-zurkj]quit
[AC-wlan-view]regulatory-domain-profilename zurkj
[AC-wlan-regulate-domain-zurkj]country-codecn
[AC-wlan-regulate-domain-zurkj]quit
[AC-wlan-view]ap-groupname zurkj
[AC-wlan-ap-group-zurkj]regulatory-domain-profilezurkj
[AC-wlan-ap-group-zurkj]quit
[AC-wlan-view]quit
配置AC源接口
[AC]capwap sourceinterface vlanif 100
创建AP并离线导入AP
[AC]wlan
[AC-wlan-view]apauth-mode sn-auth
[AC-wlan-view]ap-id0 ap-sn 210235448310C762C05C
[AC-wlan-ap-0]ap-nameap1
[AC-wlan-ap-0]ap-groupzurkj
[AC-wlan-ap-0]quit
配置安全模板
[AC-wlan-view]security-profilename zurkj
[AC-wlan-sec-prof-zurkj]securitywpa2 psk pass-phrase qwe123123 aes
[AC-wlan-sec-prof-zurkj]quit
配置SSID模板
[AC-wlan-view]ssid-profilename zurkj
[AC-wlan-ssid-prof-zurkj]ssidzurkj
[AC-wlan-ssid-prof-zurkj]quit
配置流量模板
[AC-wlan-view]traffic-profilename zurkj
[AC-wlan-traffic-prof-zurkj]rate-limitclient up 1024  //配置上行流量
[AC-wlan-traffic-prof-zurkj]rate-limitclient down 1024 //配置下行流量
[AC-wlan-traffic-prof-zurkj]quit
配置VAP模板
[AC-wlan-view]vap-profilename zurkj  
[AC-wlan-vap-prof-zurkj]forward-modetunnel  //配置转发模式为遂道
[AC-wlan-vap-prof-zurkj]service-vlanvlan-pool vlanpool  //配置服务VLAN
[AC-wlan-vap-prof-zurkj]security-profilezurkj //引用安全模板
[AC-wlan-vap-prof-zurkj]ssid-profilezurkj  //引用SSID模板
[AC-wlan-vap-prof-zurkj]traffic-profilezurkj //引用流量模板
[AC-wlan-vap-prof-zurkj]quit
[AC-wlan-view]ap-groupname zurkj  
[AC-wlan-ap-group-zurkj]vap-profilezurkj wlan 1 radio 0  //引用VAP模板并发布置射频
[AC-wlan-ap-group-zurkj]vap-profilezurkj wlan 1 radio 1
[AC-wlan-ap-group-zurkj]quit
ISP
<Huawei>system-view
[Huawei]sysname ISP
[ISP]interfacegigabitethernet 0/0/0
[ISP-GigabitEthernet0/0/0]ipaddress 222.67.55.1 29
[ISP-GigabitEthernet0/0/0]quit
[ISP]interfaceloopback 0
[ISP-LoopBack0]ipaddress 200.200.200.200 32
[ISP-LoopBack0]quit
测试结果:
STA1
STA>ipconfig
Link local IPv6address...........: ::
IPv6address......................: :: / 128
IPv6gateway......................: ::
IPv4address......................: 172.16.101.199
Subnetmask.......................: 255.255.255.0
Gateway...........................:172.16.101.1
Physicaladdress..................: 54-89-98-81-65-1F
DNSserver........................: 114.114.114.114
                                    8.8.8.8
STA>ping200.200.200.200
Ping200.200.200.200: 32 data bytes, Press Ctrl_C to break
Request timeout!
From200.200.200.200: bytes=32 seq=2 ttl=254 time=344 ms
From200.200.200.200: bytes=32 seq=3 ttl=254 time=219 ms
From200.200.200.200: bytes=32 seq=4 ttl=254 time=187 ms
From200.200.200.200: bytes=32 seq=5 ttl=254 time=203 ms
--- 200.200.200.200ping statistics ---
  5 packet(s) transmitted
  4 packet(s) received
  20.00% packet loss
  round-trip min/avg/max = 0/238/344 ms
STA2
STA>ipconfig
Link local IPv6address...........: ::
IPv6address......................: :: / 128
IPv6gateway......................: ::
IPv4address......................: 172.16.102.199
Subnetmask.......................: 255.255.255.0
Gateway...........................:172.16.102.1
Physicaladdress..................: 54-89-98-2C-09-B7
DNSserver........................: 114.114.114.114
                                    8.8.8.8
STA>ping200.200.200.200
Ping200.200.200.200: 32 data bytes, Press Ctrl_C to break
From200.200.200.200: bytes=32 seq=1 ttl=254 time=188 ms
From200.200.200.200: bytes=32 seq=2 ttl=254 time=203 ms
From200.200.200.200: bytes=32 seq=3 ttl=254 time=218 ms
From200.200.200.200: bytes=32 seq=4 ttl=254 time=187 ms
From200.200.200.200: bytes=32 seq=5 ttl=254 time=204 ms
--- 200.200.200.200ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 187/200/218 ms
PC
PC>ipconfig
Link local IPv6address...........: fe80::5689:98ff:fedd:5a2e
IPv6address......................: :: / 128
IPv6gateway......................: ::
IPv4address......................: 192.168.200.199
Subnetmask.......................: 255.255.255.0
Gateway...........................:192.168.200.1
Physicaladdress..................: 54-89-98-DD-5A-2E
DNSserver........................: 114.114.114.114
                                    8.8.8.8
PC>ping200.200.200.200
Ping200.200.200.200: 32 data bytes, Press Ctrl_C to break
From200.200.200.200: bytes=32 seq=1 ttl=254 time=94 ms
From200.200.200.200: bytes=32 seq=2 ttl=254 time=63 ms
From200.200.200.200: bytes=32 seq=3 ttl=254 time=62 ms
From200.200.200.200: bytes=32 seq=4 ttl=254 time=47 ms
From200.200.200.200: bytes=32 seq=5 ttl=254 time=78 ms
--- 200.200.200.200ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 47/68/94 ms

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
祖瑞(上海)网络科技有限公司
我们在全国范围提供企业IT运维、网络工程、弱电安装、监控安防、计算机产品收售、办公设备耗材等服务!
期待与您的合作!
邮箱:sanne@zurkj.com
电话:021-51850021 18918292296
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

公司网站

扫一扫加站主微信

QQ|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区! ( 沪ICP备16021636号-2 )

GMT+8, 2024-11-25 21:23 , Processed in 0.037553 second(s), 20 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表