拓扑图

WLAN-二层隧道转发_无法识别

配置

由于AP无法识别带VLAN Tag 254的帧,所以交换机连接AP的Trunk接口要配置PVID

隧道转发模式,AC上 配置所需VLAN 10 254

AP上线认证方式默认为MAC认证,实验中配置为无认证

可创建AP组,或直接在AP中引用VAP配置文件

修改国家码命令,默认不需要修改

regulatory-domain-profile name default
 country-code CN

SW1:

sysname SW1
#
vlan batch 10 254
#
interface Vlanif10
 ip address 10.1.1.254 255.255.255.0
 dhcp select interface
#
interface Vlanif254
 ip address 10.1.254.254 255.255.255.0
 dhcp select interface
 dhcp server excluded-ip-address 10.1.254.253
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 254
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 254
 port trunk allow-pass vlan 254
#

SW1连接AP的接口还可以配置成access或hybrid

acess:

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 254
#

hybrid:

interface GigabitEthernet0/0/2
 port hybrid pvid vlan 254
 port hybrid untagged vlan 254
#

AC1:

sysname AC1
#
vlan batch 10 254
#
interface Vlanif254
 ip address 10.1.254.253 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 254
#
security-profile name SEC_PRO
  security wpa2 psk pass-phrase huawei@123 aes
#
 ssid-profile name SSID_PRO
  ssid HUAWEI
#
 vap-profile name VAP1_PRO
  forward-mode tunnel
  service-vlan vlan-id 10
  ssid-profile SSID_PRO
  security-profile SEC_PRO
#
ap auth-mode no-auth
#
ap-id 0 
  ap-name AP1
  radio 0
   vap-profile VAP1_PRO wlan 1
  radio 1
   vap-profile VAP1_PRO wlan 1
#
ip route-static 0.0.0.0 0.0.0.0 10.1.254.254
#

查看结果

STA连接无线

WLAN-二层隧道转发_无法识别_02

查看AP是否上线

WLAN-二层隧道转发_无法识别_03

查看STA连接情况

WLAN-二层隧道转发_无法识别_04

查看射频

WLAN-二层隧道转发_封装_05

查看VAP

WLAN-二层隧道转发_无法识别_06

转发流程

STA ping 网关,数字1-4对应下面的抓包

WLAN-二层隧道转发_无法识别_07

1.icmp数据包被封装在capwap协议中,由AP单播发送给AC,内层vlan10,外层vlan254

WLAN-二层隧道转发_无法识别_08

收到capwap报文后解封装,根据内层报文转发

WLAN-二层隧道转发_无法识别_09

WLAN-二层隧道转发_无法识别_10

3.网关回复icmp应答报文,发送给AC

WLAN-二层隧道转发_封装_11

收到icmp应答报文,外层封装capwap报头,单播发送给AP

WLAN-二层隧道转发_封装_12

WLAN-二层隧道转发_封装_13