重要說明

1、在一臺ac中實(shí)現(xiàn)三層漫游
2、ac和核心的互聯(lián)vlan和ap的管理vlan是同一個(gè)廣播域，可以不用配option 43
3、直接轉(zhuǎn)發(fā)模式，ac上可以不起業(yè)務(wù)vlan，ac和核心交換機(jī)上可以只放行一個(gè)互聯(lián)vlan 10
4、ac上要啟兩個(gè)vap魔板，兩個(gè)ap-group，每個(gè)ap-group對應(yīng)一個(gè)vap魔板
5、2個(gè)vap和ap-group魔板可以調(diào)用 相同的一個(gè)ssid和security魔板
6、漫游注意ssid和密碼都得一樣

直接轉(zhuǎn)發(fā)模式配置：

SW1

vlan batch 10 20 100 to 101 200

dhcp enable

interface Vlanif10
ip address 10.0.10.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.0.10.10
dhcp server option 43 sub-option 3 ascii 10.0.10.10

interface Vlanif20
ip address 10.0.20.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.0.20.10
dhcp server option 43 sub-option 3 ascii 10.0.20.10

interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface

interface Vlanif101
ip address 192.168.101.1 255.255.255.0
dhcp select interface

interface Vlanif200
ip address 192.168.200.1 255.255.255.0
dhcp select interface

interface MEth0/0/1

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 101

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20 200

interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100

interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 101

interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 20 200

AC1

vlan batch 10 100 to 101

interface Vlanif10
ip address 10.0.10.10 255.255.255.0

interface MEth0/0/1
undo negotiation auto
duplex half

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 101

ip route-static 0.0.0.0 0.0.0.0 10.0.10.1

capwap source ip-address 10.0.10.10

user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all

wlan
security-profile name test //安全魔板
security wpa-wpa2 psk pass-phrase adminadmin aes

ssid-profile name test //SSID魔板
ssid admin

vap-profile name test100 //第一個(gè)ap的vap魔板
service-vlan vlan-id 100
ssid-profile test
security-profile test

vap-profile name test101 //第2個(gè)ap的vap魔板
service-vlan vlan-id 101
ssid-profile test
security-profile test

ap-group name test100 //第一個(gè)vap魔板關(guān)聯(lián)進(jìn)這個(gè)組
vap-profile test100 wlan 1 radio all

ap-group name test101 //第2個(gè)vap魔板關(guān)聯(lián)進(jìn)這個(gè)組
vap-profile test100 wlan 1 radio all

ap-id 0 type-id 69 ap-mac 00e0-fce1-0250 //第一個(gè)ap
ap-name 1-lay-01
ap-group test100

ap-id 1 type-id 69 ap-mac 00e0-fc0a-43b0 //第2個(gè)ap
ap-name 2-lay-01
ap-group test101

現(xiàn)在漫游后的數(shù)據(jù)轉(zhuǎn)發(fā)流程是：

sta->漫游后的ap->sw->Hac->家鄉(xiāng)Hap->sw->外網(wǎng)

如果是隧道轉(zhuǎn)發(fā)數(shù)據(jù)流程是：

sta->漫游后的ap->sw->Hac->sw->外網(wǎng)

沒有次優(yōu)路徑繞行

如果非要用直接轉(zhuǎn)發(fā)模式，為了解決hap家鄉(xiāng)代理，數(shù)據(jù)有次優(yōu)路徑繞行，可以配置ac做為家鄉(xiāng)代理，不用再把數(shù)據(jù)回到家鄉(xiāng)hap上面再出去，而是到ac后直接發(fā)給核心交換機(jī)出去上網(wǎng)

vap-profile name test100 //第一個(gè)ap的vap魔板
home-agent ac

vap-profile name test101 //第2個(gè)ap的vap魔板
home-agent ac

只要AP獲取到地址就能查看到mac

查看ap是不是上線了

查看vap配置