1. 配置网络互通
[LSW2]vlan batch 100 to 104
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 104
[LSW2-GigabitEthernet0/0/2]port link-type trunk
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 100 to 102
[LSW2-GigabitEthernet0/0/2]port trunk pvid vlan 100
[LSW2-GigabitEthernet0/0/2]port-isolate enable
[LSW2-GigabitEthernet0/0/3]port link-type trunk
[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 100 to 102
[LSW2-GigabitEthernet0/0/3]port trunk pvid vlan 100
[LSW2-GigabitEthernet0/0/3]port-isolate enable
[LSW2-GigabitEthernet0/0/4]port link-type trunk
[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 100 103 104
[LSW2-GigabitEthernet0/0/4]port trunk pvid vlan 100
[LSW2-GigabitEthernet0/0/4]port-isolate enable
[LSW2-GigabitEthernet0/0/5]port link-type trunk
[LSW2-GigabitEthernet0/0/5]port trunk allow-pass vlan 100 103 to 104
[LSW2-GigabitEthernet0/0/5]port trunk pvid vlan 100
[LSW2-GigabitEthernet0/0/5]port-isolate enable
[LSW1]vlan batch 100 to 104 200 201
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100 to 104
[LSW1-GigabitEthernet0/0/3]port link-type trunk
[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 200
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 201
[LSW1-Vlanif100]ip add 10.1.1.1 24
[LSW1-Vlanif101]ip add 10.1.11.1 24
[LSW1-Vlanif102]ip add 10.1.12.1 24
[LSW1-Vlanif103]ip add 10.1.13.1 24
[LSW1-Vlanif104]ip add 10.1.14.1 24
[LSW1-Vlanif200]ip add 10.2.1.1 24
[LSW1-Vlanif201]ip add 10.3.1.1 24
[AC1]vlan batch 101 to 104 200
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 200
[AC1-Vlanif200]ip add 10.2.1.2 24
[AR1-GigabitEthernet0/0/0]ip add 10.3.1.3 24
[AR1]ip route-static 10.1.1.0 24 10.3.1.1 //配置AR1到LSW1的路由
[AR1]ip route-static 10.1.11.0 24 10.3.1.1
[AR1]ip route-static 10.1.12.0 24 10.3.1.1
[AR1]ip route-static 10.1.13.0 24 10.3.1.1
[AR1]ip route-static 10.1.14.0 24 10.3.1.1
[LSW1]ip route-static 0.0.0.0 0.0.0.0 10.3.1.3 //配置LSW1的缺省路由
[AC1]ip route-static 10.1.1.0 24 10.2.1.1 //配置AC到AP的路由
2. 配置DHCP服务,为AP和STA分配IP地址
[LSW1]dhcp enable
[LSW1-Vlanif100]dhcp select relay
[LSW1-Vlanif100]dhcp relay server-ip 10.3.1.3
[LSW1-Vlanif101]dhcp select relay
[LSW1-Vlanif101]dhcp relay server-ip 10.3.1.3
[LSW1-Vlanif102]dhcp select relay
[LSW1-Vlanif102]dhcp relay server-ip 10.3.1.3
[LSW1-Vlanif103]dhcp select relay
[LSW1-Vlanif103]dhcp relay server-ip 10.3.1.3
[LSW1-Vlanif104]dhcp select relay
[LSW1-Vlanif104]dhcp relay server-ip 10.3.1.3
[AR1]dhcp enable
[AR1]ip pool ap //配置由AR1作为DHCP服务器给AP分配IP地址
[AR1-ip-pool-ap]network 10.1.1.0 mask 24
[AR1-ip-pool-ap]gateway-list 10.1.1.1
[AR1-ip-pool-ap]option 43 sub-option 3 ascii 10.2.1.2
[AR1]ip pool sta1 //配置由AR1作为DHCP服务器给STA分配IP地址
[AR1-ip-pool-sta1]network 10.1.11.0 mask 24
[AR1-ip-pool-sta1]gateway-list 10.1.11.1
[AR1]ip pool sta2
[AR1-ip-pool-sta2]network 10.1.12.0 mask 24
[AR1-ip-pool-sta2]gateway-list 10.1.12.1
[AR1]ip pool sta3
[AR1-ip-pool-sta3]network 10.1.13.0 mask 24
[AR1-ip-pool-sta3]gateway-list 10.1.13.1
[AR1]ip pool sta4
[AR1-ip-pool-sta4]network 10.1.14.0 mask 24
[AR1-ip-pool-sta4]gateway-list 10.1.14.1
[AR1-GigabitEthernet0/0/0]dhcp select global
3. 配置VLAN pool,用于作为业务VLAN
[AC1]vlan pool sta-pool1
[AC1-vlan-pool-sta-pool1]vlan 101 102
[AC1-vlan-pool-sta-pool1]assignment hash
[AC1]vlan pool sta-pool2
[AC1-vlan-pool-sta-pool2]vlan 103 104
[AC1-vlan-pool-sta-pool2]assignment hash
4. 配置AP上线
[AC1-wlan-view]ap-group name guest //创建AP组
[AC1-wlan-view]ap-group name employee
[AC1-wlan-view]regulatory-domain-profile name domain1 //创建域管理模板
[AC1-wlan-regulate-domain-domain1]country-code cn //配置AC的国家码
[AC1-wlan-view]ap-group name guest
[AC1-wlan-ap-group-guest]regulatory-domain-profile domain1 //在AP组下引用域管理模板
[AC1-wlan-view]ap-group name employee
[AC1-wlan-ap-group-employee]regulatory-domain-profile domain1
[AC1]capwap source interface Vlanif 200 //配置AC的源接口
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc32-56d0 //在AC上离线导入AP
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group guest
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc42-47d0
[AC1-wlan-ap-1]ap-name ap2
[AC1-wlan-ap-1]ap-group guest
[AC1-wlan-view]ap-id 2 ap-mac 00e0-fcc1-3660
[AC1-wlan-ap-2]ap-name ap3
[AC1-wlan-ap-2]ap-group employee
[AC1-wlan-view]ap-id 3 ap-mac 00e0-fca3-0630
[AC1-wlan-ap-3]ap-name ap4
[AC1-wlan-ap-3]ap-group employee
5. 配置WLAN业务参数
[AC1-wlan-view]security-profile name guest //创建名为安全模板
[AC1-wlan-sec-prof-guest]security wpa2 psk pass-phrase abc@1234 aes //配置安全策略
[AC1-wlan-view]security-profile name employee
[AC1-wlan-sec-prof-employee]security wpa2 psk pass-phrase abcd@1234 aes
[AC1-wlan-view]ssid-profile name guest //创建SSID模板
[AC1-wlan-ssid-prof-guest]ssid guest //配置SSID名称
[AC1-wlan-view]ssid-profile name employee
[AC1-wlan-ssid-prof-employee]ssid employee
[AC1-wlan-view]vap-profile name guest //创建VAP模板
[AC1-wlan-vap-prof-guest]forward-mode direct-forward //配置业务数据转发模式
[AC1-wlan-vap-prof-guest]service-vlan vlan-pool sta-pool1 //配置业务VLAN
[AC1-wlan-vap-prof-guest]security-profile guest //引用安全模板
[AC1-wlan-vap-prof-guest]ssid-profile guest //引用SSID模板
[AC1-wlan-view]vap-profile name employee
[AC1-wlan-vap-prof-employee]forward-mode direct-forward
[AC1-wlan-vap-prof-employee]service-vlan vlan-pool sta-pool2
[AC1-wlan-vap-prof-employee]security-profile employee
[AC1-wlan-vap-prof-employee]ssid-profile employee
[AC1-wlan-view]ap-group name guest
[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 0 //配置AP组引用VAP模板,AP上射频0使用VAP模板的配置
[AC1-wlan-ap-group-guest]vap-profile guest wlan 1 radio 1 //配置AP组引用VAP模板,AP上射频0使用VAP模板的配置
[AC1-wlan-view]ap-group name employee
[AC1-wlan-ap-group-employee]vap-profile employee wlan 1 radio 0
[AC1-wlan-ap-group-employee]vap-profile employee wlan 1 radio 1
6. 配置AP射频的信道和功率
[AC1-wlan-view]ap-id 0
[AC1-wlan-ap-0]radio 0
[AC1-wlan-radio-0/0]channel 20mhz 6
[AC1-wlan-radio-0/0]eirp 127
[AC1-wlan-ap-0]radio 1
[AC1-wlan-radio-0/1]channel 20mhz 149
[AC1-wlan-radio-0/1]eirp 127
7. 验证配置
