问

H3C WX3024E 无线模块中vlan2 DHCP已经获取到了地址，但是无法连接上路由的外网

VLAN

2022-10-16提问

0关注
0收藏，662浏览

zhiliao_ADqbvA

zhiliao_ADqbvA 零段

粉丝：0人关注：0人

问题描述：

步骤就是

AC端

1. 聚合口加入了1/0/1，1/0/2，地址10.214.0.251，trunk类型，允许所有vlan通过,

2. ap配置了192.168.3.0 网段DHCP

3. 路由加入了 0.0.0.0 下一跳：10.214.0.254（路由网关地址）

交换板

1. 聚合口加入了1/0/24,1/0/23，配置了trunk类型，允许所有vlan通过

还缺少什么配置吗？

AC端

version 5.20, Release 3509P58 # sysname H3C # clock timezone UTC add 00:00:00 # domain default enable system # telnet server enable # port-security enable # oap management-ip 192.168.0.101 slot 0 # wlan auto-ap enable wlan auto-persistent enable # password-recovery enable # vlan 1 # vlan 2 # domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool ap network 192.168.3.0 mask 255.255.255.0 gateway-list 192.168.3.254 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$tw+8HzTEchyMQZRDxCM2XbUg8M4G85Zl authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 crypto ssid H3C-LITAO bind WLAN-ESS 0 cipher-suite tkip cipher-suite ccmp security-ie rsn security-ie wpa service-template enable # wlan ap-group default_group ap 60da-8323-5480 ap 74ea-cbb4-5b80 dot11a service-template 1 dot11bg service-template 1 dot11a radio enable dot11bg radio enable # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all # interface NULL0 # interface Vlan-interface1 ip address 10.214.0.251 255.255.255.0 # interface Vlan-interface2 ip address 192.168.3.254 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 1 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 to 2 untagged port hybrid pvid vlan 2 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$uih7m5exIaL9rVb+uFM+We/ZBl6NY2xR35yrT5gqrA== # interface WLAN-ESS5 wapi authentication method psk wapi psk pass-phrase cipher $c$3$Xj63TQ3MyaAlWoqNRbnep8ROsGKafnhOM3k= port-security port-mode wapi # wlan ap 60da-8323-5480 model WA4320i-ACN id 2 serial-id 210235A1GPC174000123 radio 1 service-template 1 radio enable radio 2 service-template 1 radio enable # wlan ap 74ea-cbb4-5b80 model WA4320i-ACN id 1 serial-id 210235A1GPC177000453 radio 1 service-template 1 radio enable radio 2 service-template 1 radio enable # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default # ip route-static 0.0.0.0 0.0.0.0 Vlan-interface2 10.214.0.254 ip route-static 0.0.0.0 0.0.0.0 Vlan-interface1 10.214.0.254 # dhcp server forbidden-ip 192.168.3.254 # dhcp enable

交换端

<H3C> #Apr 26 12:47:00:568 2000 H3C SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1<hh3cLogIn>: login from Console %Apr 26 12:47:00:708 2000 H3C SHELL/5/SHELL_LOGIN: Console logged in from aux0. <H3C> <H3C>dis <H3C>display cu <H3C>display current-configuration # version 5.20, Release 3507P29 # sysname H3C # domain default enable system # telnet server enable # oap management-ip 10.214.0.251 slot 1 # password-recovery enable # vlan 1 # vlan 2 # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system # local-user admin password cipher $c$3$vxUNFSIH8YvMwCQFVf7HWijWNakFyHEN authorization-attribute level 3 service-type telnet service-type web # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all # interface NULL0 # interface Vlan-interface1 ip address 10.214.0.252 255.255.255.0 # interface GigabitEthernet1/0/1 poe enable # interface GigabitEthernet1/0/2 poe enable # interface GigabitEthernet1/0/3 poe enable # interface GigabitEthernet1/0/4 poe enable # interface GigabitEthernet1/0/5 poe enable # interface GigabitEthernet1/0/6 poe enable # interface GigabitEthernet1/0/7 poe enable # interface GigabitEthernet1/0/8 poe enable # interface GigabitEthernet1/0/9 poe enable # interface GigabitEthernet1/0/10 poe enable # interface GigabitEthernet1/0/11 poe enable # interface GigabitEthernet1/0/12 poe enable # interface GigabitEthernet1/0/13 poe enable # interface GigabitEthernet1/0/14 poe enable # interface GigabitEthernet1/0/15 poe enable # interface GigabitEthernet1/0/16 poe enable # interface GigabitEthernet1/0/17 poe enable # interface GigabitEthernet1/0/18 poe enable # interface GigabitEthernet1/0/19 poe enable # interface GigabitEthernet1/0/20 poe enable # interface GigabitEthernet1/0/21 poe enable # interface GigabitEthernet1/0/22 poe enable # interface GigabitEthernet1/0/23 poe enable # interface GigabitEthernet1/0/24 poe enable # interface GigabitEthernet1/0/25 shutdown # interface GigabitEthernet1/0/26 shutdown # interface GigabitEthernet1/0/27 shutdown # interface GigabitEthernet1/0/28 shutdown # interface GigabitEthernet1/0/29 port link-type trunk port trunk permit vlan all port link-aggregation group 1 # interface GigabitEthernet1/0/30 port link-type trunk port trunk permit vlan all port link-aggregation group 1 # ip route-static 0.0.0.0 0.0.0.0 10.214.0.254 # user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user-interface vty 5 15