祖瑞科技 全国计算机 网络IT运维社区!

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
查看: 4710|回复: 1

华为直连二层直接转发

[复制链接]

196

主题

209

帖子

1183

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
1183
发表于 2021-2-2 22:37:20 | 显示全部楼层 |阅读模式
华为直连二层直接转发


规划表
  
DHCP服务器
  
Router作为DHCP服务器为有线STA分配地址
  
AC作为DHCP服务器为AP和无线STA分配地址
  
AP地址池
  
192.168.200.2~192.168.200.254/24
  
STA地址池
  
有线STA
  
192.168.10.2~192.168.10.199/24
无线STA
  
192.168.101.3~192.168.101.199/24
  
AC源接口IP
  
VLANIF100:192.168.100.1/24
  
AP组
  
名称:zurkj
  
引用模板:VAP模板zurkj 引用域管理模板:zurkj
  
域管理模板
  
  
名称:zurkj
  
国家代码:CN
  
安全模板
  
名称:zurkj
  
安全策略:WPA2+PSK+AES
  
密码:qwe123123
  
SSID模板
  
名称:zurkj
  
SSID:zurkj
  
VAP模板
  
名称:zurkj
  
转发模式:直接转发
  
业务VLAN:101
  
引用模板:安全模板zurkj SSID模板zurkj
注意:遂道转发模式下,管理VLAN和业务VLAN不能配置成同一个VLAN,并且APAC之间只能放通管理VLAN,不能放通业务VLAN,反之如果为直接转发模式,APAC之间需要同时放通管理和业务VLAN
配置JRSW与Router基础互通。
JRSW
<Huawei>system-view
[Huawei]sysname jrsw
[jrsw]interface gigabitethernet 0/0/2
[jrsw-GigabitEthernet0/0/2]port link-type trunk
[jrsw-GigabitEthernet0/0/2]port trunk pvid vlan 100
[jrsw-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[jrsw-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 1
[jrsw-GigabitEthernet0/0/2]port-isolate enable group 1
[jrsw-GigabitEthernet0/0/2]quit
[jrsw]interface gigabitethernet 0/0/1
[jrsw-GigabitEthernet0/0/1]port link-type trunk
[jrsw-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 101
[jrsw-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[jrsw-GigabitEthernet0/0/1]quit

Router
<Huawei>system-view
[Huawei]sysname router
[router]dhcp enable
[router]interface gigabitethernet 0/0/2
[router-GigabitEthernet0/0/2]ip address 192.168.10.1 24
[router-GigabitEthernet0/0/2]dhcp select interface
[router-GigabitEthernet0/0/2]dhcp server excluded-ip-address192.168.10.200 192.168.10.254
[router-GigabitEthernet0/0/2]dhcp server lease day 2 hour 0 minute 0
[router-GigabitEthernet0/0/2]dhcp server dns-list 114.114.114.1148.8.8.8
[router-GigabitEthernet0/0/2]quit
[router]interface gigabitethernet 0/0/0
[router-GigabitEthernet0/0/0]ip address 192.168.101.2 24
[router-GigabitEthernet0/0/0]quit

AC
<AC6005>system-view
[AC6005]sysname ac
[ac]vlan batch 100 101
[ac]dhcp enable
[ac]ip pool vlan100
[ac-ip-pool-vlan100]gateway-list 192.168.100.1
[ac-ip-pool-vlan100]network 192.168.100.0 mask 24
[ac-ip-pool-vlan100]excluded-ip-address 192.168.100.200 192.168.100.254
[ac-ip-pool-vlan100]lease day 2 hour 0 minute 0
[ac-ip-pool-vlan100]dns-list 114.114.114.114 8.8.8.8
[ac-ip-pool-vlan100]quit
[ac]ip pool vlan101
[ac-ip-pool-vlan101]gateway 192.168.101.1
[ac-ip-pool-vlan101]network 192.168.101.0 mask 24
[ac-ip-pool-vlan101]excluded-ip-address 192.168.101.2
[ac-ip-pool-vlan101]excluded-ip-address 192.168.101.200 192.168.101.254
[ac-ip-pool-vlan101]lease day 2 hour 0 minute 0
[ac-ip-pool-vlan101]dns-list 114.114.114.114 8.8.8.8
[ac-ip-pool-vlan101]quit
[ac]interface vlanif 100
[ac-Vlanif100]ip address 192.168.100.1 24
[ac-Vlanif100]dhcp select global
[ac-Vlanif100]quit
[ac]interface vlanif 101
[ac-Vlanif101]ip address 192.168.101.1 24
[ac-Vlanif101]dhcp select global
[ac-Vlanif101]quit
[ac]interface gigabitethernet 0/0/1
[ac-GigabitEthernet0/0/1]port link-type trunk
[ac-GigabitEthernet0/0/1]port trunk pvid vlan 101
[ac-GigabitEthernet0/0/1]port trunk allow-pass vlan 101
[ac-GigabitEthernet0/0/1]undo port trunk allow-pass vlan 1
[ac-GigabitEthernet0/0/1]quit
[ac]interface gigabitethernet 0/0/2
[ac-GigabitEthernet0/0/2]port link-type trunk
[ac-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 101
[ac-GigabitEthernet0/0/2]quit
[ac]ip route-static 0.0.0.0 0.0.0.0 192.168.101.2
配置AP上线
配置AP组及域管理模板
[ac]wlan
[ac-wlan-view]ap-group name zurkj
[ac-wlan-ap-group-zurkj]quit
[ac-wlan-view]regulatory-domain-profile name zurkj
[ac-wlan-regulate-domain-zurkj]country-code cn
[ac-wlan-regulate-domain-zurkj]quit
[ac-wlan-view]ap-group name zurkj
[ac-wlan-ap-group-zurkj]regulatory-domain-profile zurkj
[ac-wlan-ap-group-zurkj]quit
[ac-wlan-view]quit
配置AC源接口
[ac]capwap source interface vlanif 100
离线导入AP
[ac]wlan
[ac-wlan-view]ap auth-mode sn-auth
[ac-wlan-view]ap-id 0 ap-sn 210235448310C762C05C
[ac-wlan-ap-0]ap-name ap1
[ac-wlan-ap-0]ap-group zurkj
[ac-wlan-ap-0]quit
配置安全模板
[ac-wlan-view]security-profile name zurkj
[ac-wlan-sec-prof-zurkj]security wpa2 psk pass-phrase qwe123123 aes
[ac-wlan-sec-prof-zurkj]quit
配置SSID模板
[ac-wlan-view]ssid-profile name zurkj
[ac-wlan-ssid-prof-zurkj]ssid zurkj
[ac-wlan-ssid-prof-zurkj]quit
配置VAP模板
[ac-wlan-view]vap-profile name zurkj
[ac-wlan-vap-prof-zurkj]forward-mode direct-forward
[ac-wlan-vap-prof-zurkj]service-vlan vlan-id 101
[ac-wlan-vap-prof-zurkj]security-profile zurkj
[ac-wlan-vap-prof-zurkj]ssid-profile zurkj
[ac-wlan-vap-prof-zurkj]quit
AP组引用VAP模板
[ac-wlan-view]ap-group name zurkj
[ac-wlan-ap-group-zurkj]vap-profile zurkj wlan 1 radio all
[ac-wlan-ap-group-zurkj]quit
[ac-wlan-view]quit


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
祖瑞(上海)网络科技有限公司
我们在全国范围提供企业IT运维、网络工程、弱电安装、监控安防、计算机产品收售、办公设备耗材等服务!
期待与您的合作!
邮箱:sanne@zurkj.com
电话:021-51850021 18918292296
回复

使用道具 举报

52

主题

56

帖子

241

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
241
发表于 2021-2-3 18:05:00 | 显示全部楼层
不错不错
祖瑞(上海)网络科技有限公司
我们在全国范围提供企业IT运维、网络工程、弱电安装、监控安防、计算机产品收售、办公设备耗材等服务!
期待与您的合作!
邮箱:d3interspace@zurkj.com
电话:021-51850021 15102191303
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

公司网站

QQ|Archiver|手机版|小黑屋|祖瑞科技 全国计算机 网络IT运维社区! ( 沪ICP备16021636号-2 )

GMT+8, 2024-3-29 15:15 , Processed in 0.238658 second(s), 19 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表