AC+FITAP二层组网

1.AC旁挂式组网

思路：AC作为DHCP服务器位AP分配管理地址；SW1作为DHCP服务器为STA分配地址；AC采取隧道转发，所以交换机下面只需要透传VLAN100

先从下往上配置，联通网络再做其余配置

SW2配置

[SW2]vlan 100
[SW2-vlan100]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access 
[SW2-GigabitEthernet0/0/2]port default vlan 100
[SW2-GigabitEthernet0/0/2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type hybrid 
[SW2-GigabitEthernet0/0/1]port hybrid tagged vlan 100
[SW2-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
 port hybrid tagged vlan 100
#
return
由于采取的时AC隧道转发，所以不需要透传VLAN101

SW1配置

创建并透传相应VLAN
[SW1]vlan batch 100 101 4000
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port hybrid tagged vlan 100
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port hybrid tagged vlan 100 101
[SW1-GigabitEthernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access 	
[SW1-GigabitEthernet0/0/1]port default vlan 4000

做基于接口的DHCP
[SW1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[SW1]int vlan 101
[SW1-Vlanif101]ip add 10.1.101.1 24 
[SW1-Vlanif101]dhcp select interface 
[SW1-Vlanif101]dis this
#
interface Vlanif101
 ip address 10.1.101.1 255.255.255.0
 dhcp select interface
#
return
[SW1-Vlanif101]

给VLAN4000添加IP地址
[SW1-Vlanif101]int vlan 4000
[SW1-Vlanif4000]ip add 172.16.1.2 30
[SW1-Vlanif4000]dis this
#
interface Vlanif4000
 ip address 172.16.1.2 255.255.255.252
#
return
[SW1-Vlanif4000]

AC配置

在AC上做基于接口的DHCP
[AC6605]int vlan 100
[AC6605-Vlanif100]dhcp select interface 
[AC6605-Vlanif100]dis this
#
interface Vlanif100
 ip address 10.1.100.1 255.255.255.0
 dhcp select interface
#
return
[AC6605-Vlanif100]

透传VLAN
AC6605]int g0/0/1
[AC6605-GigabitEthernet0/0/1]port hybrid tagged vlan 100 101

AR只是简单配置IP地址与LOOPBACK；向下指明细路由，不做赘述。效果如下

AC配置

创建域管理模板，并添加国家代码
[AC6605-wlan-view]regulatory-domain-profile name domain
[AC6605-wlan-regulate-domain-domain]country-code cn
Info: The current country code is same with the input country code.
[AC6605-wlan-regulate-domain-domain]dis this
#
return

创建AP组，并在AP组引用域管理模板
AC6605-wlan-view]ap-group name ap-group1
Info: This operation may take a few seconds. Please wait for a moment.done.
[AC6605-wlan-ap-group-ap-group1]regulatory-domain-profile doamin
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
Error: The binding profile does not exist.
[AC6605-wlan-ap-group-ap-group1]

配置AC源接口地址，非双栈场景，AC必须配置唯一的源地址或源接口，用于AC和AP间建立CAPWAP隧道通信
[AC6605]capwap source interface Vlanif 100

AP上线，这里选用MAC地址上线AP
[AC6605-wlan-view]ap auth-mode mac-auth    认证方式选择为MAC地址验证
[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fc66-7640
[AC6605-wlan-ap-0]ap-name cookie    这里的名字就是为了便于自己认识
[AC6605-wlan-ap-0]ap-group ap-group1    将AP加入到ap-group1组中
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
查看AP是否上线，字段state为nor代表成功上线
[AC6605]dis ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [1]
--------------------------------------------------------------------------------
------------
ID   MAC            Name   Group     IP         Type            State STA Uptime
--------------------------------------------------------------------------------
------------
0    00e0-fc66-7640 cookie ap-group1 10.1.100.2 AP6050DN        nor   1   10M:32
S
--------------------------------------------------------------------------------
------------
Total: 1
[AC6605]

创建SSID,Security,vap模板；为了方便所有模板名称都为wlan-net
[AC6605-wlan-view]ssid-profile name wlan-net
[AC6605-wlan-ssid-prof-wlan-net]ssid wlan-net 
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-ssid-prof-wlan-net]dis this
#
  ssid wlan-net
#
return

[AC6605-wlan-view]security-profile name wlan-net
[AC6605-wlan-sec-prof-wlan-net]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC6605-wlan-sec-prof-wlan-net]dis this
#
  security wpa-wpa2 psk pass-phrase %^%#2x{)HVEjI.6uL{,o1IT&~E1'-)9aW'~[}OP&CrhK
%^%# aes
#
return

[AC6605-wlan-view]vap-profile name wlan-net
[AC6605-wlan-vap-prof-wlan-net]forward-mode tunnel 
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-vap-prof-wlan-net]service-vlan vlan-id 101
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-vap-prof-wlan-net]ssid-profile wlan-net 引用SSID模板
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-vap-prof-wlan-net]security-profile wlan-net 引用security模板
Info: This operation may take a few seconds, please wait.done.
[AC6605-wlan-vap-prof-wlan-net]dis this
#
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
#
return
在AP组里面，引用vap模板
[AC6605-wlan-view]ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1]vap-profile wlan-net wlan 1 radio all
Info: This operation may take a few seconds, please wait...done.
[AC6605-wlan-ap-group-ap-group1]q
[AC6605-wlan-view]dis vap all
Info: This operation may take a few seconds, please wait.
WID : WLAN ID            
-----------------------------------------------------------------------------
AP ID AP name RfID WID  BSSID          Status  Auth type     STA   SSID    
-----------------------------------------------------------------------------
0     cookie  0    1    00E0-FC66-7640 ON      WPA/WPA2-PSK  0     wlan-net
0     cookie  1    1    00E0-FC66-7650 ON      WPA/WPA2-PSK  0     wlan-net
-----------------------------------------------------------------------------
Total: 2
[AC6605-wlan-view]

效果图

2.AC直连组网