WX系列AC+Fit AP AP管理和用户业务QinQ功能典型配置
一、组网需求:
WX系列AC、FIT AP、便携机(安装有无线网卡)
二、组网图:
本典型配置举例中AC使用WX5004无线控制器,版本为R2308P18。AC上AP网关(Vlan-int2(1001 to 2000):192.168.2.1/24)开启QinQ终结功能,终结外层VLAN ID为2、内层VLAN ID为1001 to 2000的报文。Client 业务网关(Vlan-int10(2001 to 3000):192.168.10.1/24)开启QinQ终结功能,终结外层VLAN ID为10、内层VLAN ID为2001 to 3000的报文。AC上配置DHCP Server为FIT AP和Client分配IP地址。
三、特性介绍:
QinQ是802.1Q in 802.1Q的简称,它是基于IEEE 802.1Q技术的一种二层隧道协议,通过将用户的私网报文封装上外层VLAN Tag,使其携带两层VLAN Tag穿越运营商的骨干网络(又称公网),从而为用户提供了一种比较简单的二层VPN隧道技术,也使运营商能够利用一个VLAN为包含多个VLAN的用户网络提供服务成为了可能。
四、配置信息:
1.AC配置信息:
#
version 5.20, Release 2308P18
#
sysname AC
#
domain default enable system
#
telnet server enable
#
port-security enable
#
vlan 1
#
vlan 2
#
vlan 10
#
vlan 100
#
vlan 1001 to 3000
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool pool-ap
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.1
#
dhcp server ip-pool pool-client
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$Q2OFxkTW6JNExNed47sgZCEuBJZReJGc
authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 clear
ssid h3c-qinq
bind WLAN-ESS 1
service-template enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
#
interface Vlan-interface2
second-dot1q 1001 to 2000
ip address 192.168.2.1 255.255.255.0
#
interface Vlan-interface10
second-dot1q 2001 to 3000
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface Ten-GigabitEthernet1/0/5
#
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 100 untagged
port hybrid pvid vlan 100
#
wlan ap ap01 model WA2210-AG id 1
serial-id 210235A29DB095000845
radio 1
service-template 1 vlan-id 10 2001
radio enable
#
dhcp enable
#
arp-snooping enable
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
2.SW配置信息:
#
version 5.20, Release 5106
#
sysname SW
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 2
#
vlan 1001
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
interface NULL0
#
interface Ethernet1/0/1
port access vlan 1001
poe enable
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001
#
interface Ethernet1/0/4
port access vlan 2
qinq enable
#
interface Ethernet1/0/5
#
interface Ethernet1/0/6
#
interface Ethernet1/0/7
#
interface Ethernet1/0/8
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface GigabitEthernet1/0/9
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
#
return
五、主要配置步骤:
1.AC配置:
#创建VLAN,二层端口配置VLAN信息,并配置VLAN接口IP地址。开启VLAN2的QinQ终结功能,并指定该接口可以终结的VLAN报文的第二层VLAN ID为1001 to 2000;开启VLAN10的QinQ终结功能,并指定该接口可以终结的VLAN报文的第二层VLAN ID为2001 to 3000(说明:开启此功能后,AC能发送QinQ格式的arp报文,与AP和Client进行二层通信)。
system-view [AC] vlan 2
[AC –vlan2] quit
[AC] vlan 10
[AC –vlan10] quit
[AC] vlan 100
[AC –vlan100] quit
[AC] vlan 1001 to 3000
[AC] interface GigabitEthernet1/0/1
[AC- GigabitEthernet1/0/1] port link-type trunk
[AC- GigabitEthernet1/0/1] undo port trunk permit vlan 1
[AC- GigabitEthernet1/0/1] port trunk permit vlan 2
[AC- GigabitEthernet1/0/1] quit
[AC] interface Vlan-interface2
[AC-Vlan-interface2] ip address 192.168.2.1 255.255.255.0
[AC-Vlan-interface2] second-dot1q 1001 to 2000
[AC-Vlan-interface2] quit
[AC] interface Vlan-interface10
[AC-Vlan-interface10] ip address 192.168.10.1 255.255.255.0
[AC-Vlan-interface10] second-dot1q 2001 to 3000
[AC-Vlan-interface10] quit
#配置DHCP server。
[AC] dhcp enable
[AC] dhcp server ip-pool pool-ap
[AC- dhcp server ip-pool pool-ap] network 192.168.2.0 mask 255.255.255.0
[AC- dhcp server ip-pool pool-ap] gateway-list 192.168.2.1
[AC- dhcp server ip-pool pool-ap] quit
[AC] dhcp server ip-pool pool-client
[AC- dhcp server ip-pool pool- client] network 192.168.10.0 mask 255.255.255.0
[AC- dhcp server ip-pool pool- client] gateway-list 192.168.10.1
[AC- dhcp server ip-pool pool- client] quit
#使能ARP Snooping功能。
[AC] arp-snooping enable
#配置WLAN ESS接口。
[AC] interface WLAN-ESS1
[AC-WLAN-ESS1] port link-type hybrid
[AC-WLAN-ESS1] undo port hybrid vlan 1
[AC-WLAN-ESS1] port hybrid pvid vlan 100
[AC-WLAN-ESS1] port hybrid vlan 100 untagged
[AC-WLAN-ESS1]quit
#配置service-template服务模板。
[AC] wlan service-template 1 clear
[AC-wlan-st-1] ssid h3c-qinq
[AC-wlan-st-1] bind WLAN-ESS 1
[AC-wlan-st-1] service-template enable
[AC-wlan-st-1] quit
#配置ap1,AP射频上绑定服务模板时指定Client的业务VLAN为双VLAN(外层为VLAN10,内层为VLAN2001)。
[AC] wlan ap ap01 model WA2210-AG
[AC-wlan-ap-ap01] serial-id 210235A29DB095000845
[AC-wlan-ap-ap01] radio 1
[AC- wlan-ap-ap01-radio-1] service-template 1 vlan-id 10 2001
[AC- wlan-ap-ap01-radio-1] radio enable
[AC- wlan-ap-ap01-radio-1] quit
[AC-wlan-ap-ap01] quit
2.SW配置:
#创建VLAN,二层端口配置VLAN信息,开启PoE功能。SW上数据流向从E1/0/1流入,从E1/0/3流出,从E1/0/4流入,从E1/0/8流出,E1/0/4流入时打上第二层VLAN Tag(VLAN2),最终到达AC时是一个QinQ报文(外层VLAN Tag是2,内层VLAN Tag是1001)。
system-view [SW] vlan 2
[SW –vlan2] quit
[SW] vlan 1001
[SW –vlan1001] quit
[SW] interface Ethernet1/0/1
[SW-Ethernet1/0/1] port access vlan 1001
[SW-Ethernet1/0/1] poe enable
[SW-Ethernet1/0/1] quit
[SW] interface Ethernet1/0/3
[SW-Ethernet1/0/3] port link-type trunk
[SW-Ethernet1/0/3] undo port trunk permit vlan 1
[SW-Ethernet1/0/3] port trunk permit vlan 1001
[SW-Ethernet1/0/3] quit
[SW] interface Ethernet1/0/4
[SW-Ethernet1/0/4] port access vlan 2
[SW-Ethernet1/0/4] qinq enable
[SW-Ethernet1/0/4] quit
[SW] interface Ethernet1/0/8
[SW-Ethernet1/0/8] port link-type trunk
[SW-Ethernet1/0/8] undo port trunk permit vlan 1
[SW-Ethernet1/0/8] port trunk permit vlan 2
[SW-Ethernet1/0/8] quit
六、结果验证:
(1)查看AP注册上线信息。
(2)查看客户端信息,客户端可以ping通网关地址。
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作