华为WLAN的配置——三层互通采用直接转发

1.连通接入交换机
[sw-jr]vlan batch 10 to 13
[sw-jr-GigabitEthernet0/0/1]port link-type trunk
[sw-jr-GigabitEthernet0/0/1]port trunk pvid vlan 10
[sw-jr-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 12
[sw-jr-GigabitEthernet0/0/2]port link-type trunk
[sw-jr-GigabitEthernet0/0/2]port trunk pvid vlan 10
[sw-jr-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 12
[sw-jr-GigabitEthernet0/0/3]port link-type trunk
[sw-jr-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[sw-jr-GigabitEthernet0/0/4]port link-type access
[sw-jr-GigabitEthernet0/0/4]port default vlan 13
2.连通汇聚交换机
[sw-hj]vlan batch 10 to 13
[sw-hj-GigabitEthernet0/0/1]port link-type trunk
[sw-hj-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[sw-hj-GigabitEthernet0/0/2]port link-type trunk
[sw-hj-GigabitEthernet0/0/2]port trunk allow-pass vlan all
3.连通AC
[AC]vlan batch 10 to 13
[AC-GigabitEthernet0/0/1]port link-type trunk
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC-Vlanif13]ip add 10.1.13.13 24
[AC]ip route-static 0.0.0.0 0.0.0.0 10.1.13.1 //配置指向网关的缺省路由
4.汇聚交换机作为网关
[sw-hj-Vlanif10]ip add 10.1.10.1 24
[sw-hj-Vlanif11]ip add 10.1.11.1 24
[sw-hj-Vlanif12]ip add 10.1.12.1 24
[sw-hj-Vlanif13]ip add 10.1.13.1 24
5.汇聚交换机作为DHCP服务器
[sw-hj]dhcp enable
[sw-hj]ip pool ap-pool
[sw-hj-ip-pool-ap-pool]gateway-list 10.1.10.1
[sw-hj-ip-pool-ap-pool]network 10.1.10.0 mask 24
[sw-hj-ip-pool-ap-pool]dns-list 114.114.114.114
[sw-hj-ip-pool-ap-pool]option 43 sub-option 3 ascii 10.1.13.13 //指定AC的ip
[sw-hj]ip pool ssid-c-1
[sw-hj-ip-pool-ssid-c-1]network 10.1.10.0 mask 24
[sw-hj-ip-pool-ssid-c-1]gateway-list 10.1.11.1
[sw-hj-ip-pool-ssid-c-1]network 10.1.11.0 mask 24
[sw-hj-ip-pool-ssid-c-1]dns-list 114.114.114.114
[sw-hj-ip-pool-ssid-c-1]ip pool ssid-c-2
[sw-hj-ip-pool-ssid-c-2]gateway-list 10.1.12.1
[sw-hj-ip-pool-ssid-c-2]dns-list 114.114.114.114
[sw-hj-ip-pool-ssid-c-2]network 10.1.12.0 mask 24
[sw-hj]ip pool PC
[sw-hj-ip-pool-pc]gateway-list 10.1.13.1
[sw-hj-ip-pool-pc]network 10.1.13.0 mask 24
[sw-hj-ip-pool-pc]dns-list 114.114.114.114
[sw-hj-ip-pool-pc]excluded-ip-address 10.1.13.13
[sw-hj-Vlanif10]dhcp select global
[sw-hj-Vlanif11]dhcp select global
[sw-hj-Vlanif12]dhcp select global
[sw-hj-Vlanif13]dhcp select global


6.配置AP上线
[AC]wlan
[AC-wlan-view]ap-group name ap-group1 //创建AP组
[AC]capwap source interface Vlanif 13 //AC管理地址
[AC-wlan-view]regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1]country-code CN
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
[AC-wlan-view]ap-mac 00e0-fc6e-2bb0 ap-id 0
[AC-wlan-ap-0]ap-group ap-group1
[AC-wlan-view]ap-mac 00e0-fc3c-3f60 ap-id 1
[AC-wlan-ap-1]ap-group ap-group1

7.配置WLAN业务下发
[AC-wlan-view]security-profile name security-c //创建安全模板
[AC-wlan-view]ssid-profile name c-1 //创建SSID模板
[AC-wlan-ssid-prof-c-1]ssid c-1 //绑定ssid
[AC-wlan-view]ssid-profile name c-2
[AC-wlan-ssid-prof-c-2]ssid c-2
[AC-wlan-view]vap-profile name c-1-vap //创建vap模板
[AC-wlan-vap-prof-c-1-vap]forward-mode direct-forward //转发方式为直接转发
[AC-wlan-vap-prof-c-1-vap]service-vlan vlan-id 11 //绑定服务vlan
[AC-wlan-vap-prof-c-1-vap]security-profile security-c //绑定安全模板
[AC-wlan-vap-prof-c-1-vap]ssid-profile c-1 //绑定ssid模板
[AC-wlan-view]vap-profile name c-2-vap
[AC-wlan-vap-prof-c-2-vap]forward-mode direct-forward
[AC-wlan-vap-prof-c-2-vap]service-vlan vlan-id 12
[AC-wlan-vap-prof-c-2-vap]security-profile security-c
[AC-wlan-vap-prof-c-2-vap]ssid-profile c-2
[AC-wlan-view]ap-group name ap-group1 //进入AP组
[AC-wlan-ap-group-ap-group1]vap-profile c-1-vap wlan 1 radio all
[AC-wlan-ap-group-ap-group1]vap-profile c-2-vap wlan 2 radio all

8.验证
STA1连接信道1，STA2连接信道149


可以互相ping通，可以抓包验证