vlan pool技术主是是解决在大型组网中全部显示一个名称SSID,但不同区域连接的用户对应不同的vlan,这样防止一个vlan太多用户,广播域太大,以实现一个SSID对应一堆vlan,且可以实现漫游。
用hash算法比较常用:
AC命令行配置:
dis current-configuration
set memory-usage threshold 0
ssl renegotiation-rate 1
vlan batch 100
vlan pool vlan_pool_test
vlan 11 to 12
diffserv domain default
radius-server template default
free-rule-template name default_free_rule
portal-access-profile name portal_access_profile
interface Vlanif1
ip address 10.0.0.10 255.255.255.0
interface Vlanif100
ip address 192.168.100.100 255.255.255.0
interface MEth0/0/1
undo negotiation auto
duplex half
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
interface GigabitEthernet0/0/2
port link-type access
interface GigabitEthernet0/0/21
undo negotiation auto
duplex half
interface GigabitEthernet0/0/22
undo negotiation auto
duplex half
interface GigabitEthernet0/0/23
undo negotiation auto
duplex half
interface GigabitEthernet0/0/24
undo negotiation auto
duplex half
interface XGigabitEthernet0/0/1
interface XGigabitEthernet0/0/2
interface NULL0
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
capwap source interface vlanif100
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
wlan
traffic-profile name default
security-profile name test
security wpa-wpa2 psk pass-phrase %^%#'eUg3D-zY)*Lg9$!hrxQ3PLCWMkf{<@D,p8tTzCY
%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test
service-vlan vlan-pool vlan_pool_test
ssid-profile test
security-profile test
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile test wlan 5
radio 1
vap-profile test wlan 5
radio 2
vap-profile test wlan 5
ap-id 0 type-id 56 ap-mac 00e0-fced-3880 ap-sn 21023544831051220D2C
ap-id 1 type-id 56 ap-mac 00e0-fcde-2c70 ap-sn 2102354483105E639023
provision-ap
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
核心交换机上配置
dis current-configuration
sysname Huawei
undo info-center enable
vlan batch 10 to 12 20 30 100 192 999
ip pool vlan11
gateway-list 172.16.11.1
network 172.16.11.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool vlan12
gateway-list 172.16.12.1
network 172.16.12.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool vlan20
gateway-list 172.16.2.1
network 172.16.2.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool vlan30
gateway-list 172.16.3.1
network 172.16.3.0 mask 255.255.255.0
excluded-ip-address 172.16.3.100
dns-list 8.8.8.8
ip pool vlan192
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.100.100
interface Vlanif11
ip address 172.16.11.1 255.255.255.0
dhcp select global
interface Vlanif12
ip address 172.16.12.1 255.255.255.0
dhcp select global
interface Vlanif20
ip address 172.16.2.1 255.255.255.0
dhcp select global
interface Vlanif30
ip address 172.16.3.1 255.255.255.0
dhcp select global
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
interface Vlanif192
ip address 192.168.10.1 255.255.255.0
dhcp select global
interface Vlanif999
ip address 10.0.0.2 255.255.255.0
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
interface GigabitEthernet0/0/2
port link-type access
port default vlan 999
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 30
接入交换机上也要相应放行这些vlan:
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192
interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192