|
|
一、实验环境
- Q( W7 P) L8 y' z2 O0 K/ Z$ g4 c
2 p* W. ^8 j# Q. N' N; d+ q. Q
二、创建VLAN
?7 S( K9 w+ G- ^/ S9 V+ e7 H6 }[huawei]sy AC1
+ w3 X) |% g8 f6 d" Y0 s[AC1]un in en
: S" ?# {) H* g( A6 n2 h0 y+ G[AC1]vlan batch 100 101 102 800( b, G& h' W& c! L% W/ ~% x
6 _6 }; O3 G2 u0 s/ }9 i+ winterface GigabitEthernet0/0/3
& s( O. I! i# P3 B6 x port link-type access
; x, V+ l3 D+ k1 N0 q- M( T* S port default vlan 800& {. \) U) r$ A% {
q
: y3 f- @( ~/ L- I2 s7 `8 s$ B+ k9 q
. j8 s, h$ Z5 H, o% m+ ginterface Vlanif800
2 Q0 g8 Z1 \* @' D4 ^* r3 \* p ip address 192.168.240.1 255.255.255.2528 a( ~ D2 O3 H+ X
q4 g6 q/ G" Y$ \2 C8 }
|, c5 {3 q1 O3 K+ j
三、AP上线
1 f+ u4 ?, d7 i: t: d; y% L3 j1 AAP与AC之间打trunk。将管理vlan100设为trunk的本征vlan。0 o0 h: _( D3 D* o" H3 m
" n: l9 ?8 F0 L- x$ F0 r
什么是本征vlan?
+ q; R2 K: w u1 l& a: h0 D' Y2 z( `/ i4 m# Q* X( ^ Y
关于本征vlan的概念总是忘记,重新搜索了一下加深一下记忆,总结了几条:& F( w* q( ^; | ^ b
1、本征vlan默认是vlan1,并且是可以修改的,修改后,不加tag的帧全都送给本征vlan来在中继端口上传输;
, X; d- } x7 ~' W% P! |2 K2、交换机的access口是不存在本征vlan的概念的,这个概念只存在中继端口上;
, \! c" c3 p& D. U. E3、本来所有经过中继口上的帧都应该打上标记的,中继通过allow vlan *** 来放行相关vlan通行,但是交换机之间不管存在穿越帧,还存在交换机之间协商信息的帧,如果将这些帧打上tag,也就是那些交换机管理信息,那么这些信息传递到目的地,并不需要送往对应vlan中,而是让交换机接收的信息,那么这时候就需要本征vlan了,不打tag的帧全送到本征vlan进行传送;, W( w3 j3 E5 z
4、本征vlan收到带tag的帧是会丢弃的。
f$ D z( S: s6 Z- T' f6 L5 I# X+ E* Q
默认情况下,Trunk 端口的缺省VLAN 为VLAN1。对 Trunk 端口,执行undo vlan 命令删除端口的缺省VLAN 后,端口的缺省VLAN 配置不会改变的,即使用已经不存在的VLAN 作为缺省VLAN。
$ v# P/ g( @3 _5 Q# w1 J
& p5 s5 W; }$ y6 {interface GigabitEthernet0/0/1
% ~; k. R1 R' O9 q# @ port link-type trunk
' @2 \; v, X# Y port trunk pvid vlan 100 #将vlan100配置为本征vlan
. `4 c |4 W1 r port trunk allow-pass vlan 100 to 101 #允许vlan100和vlan101通过
+ c7 N3 x# [# U q
2 H, n8 [, O9 e# f+ V& k5 Z1 I1 A( X% n( C$ u/ f
interface GigabitEthernet0/0/2
, r1 a- ?4 k9 q, m- | port link-type trunk; A; R# ^ ~. M& h2 E
port trunk pvid vlan 100 #将vlan100配置为本征vlan
5 R0 [& }8 |, s2 O port trunk allow-pass vlan 100 to 102 #允许vlan100和vlan101通过' p% v* _! g- Z: g
q
# D: b8 p) G% ?/ _
4 h4 L9 v& \) F; J* A注意事项:将vlan100配置为本征vlan,目的是使得AP发来的不打tag的DHCP请求报文,归为vlan100的流量,从而使得AP获取到IP地址。AP和AC之间交互的管理流量都是不打tag的。1 R; m! R, q8 [+ H+ z% p
, l) o: F+ R$ |+ Z" f查看一下vlan接口信息
+ L0 t1 l& N& S
$ g( B" c. Q1 L: |. J) ~4 q @0 N2 Q[AC1]dis port vlan8 V5 z2 N6 [9 ?1 K
Port Link Type PVID Trunk VLAN List5 n: O& ]2 M8 q1 J& [' k- n9 W0 A1 d
-------------------------------------------------------------------------------
! X- P% y% x) b" `% d8 [GigabitEthernet0/0/1 trunk 100 1 100-101
7 h& S9 t" F) u# n( x& f" U0 c" G, mGigabitEthernet0/0/2 trunk 100 1 100-102
7 y0 a& y, G0 A0 S1 J- b( ZGigabitEthernet0/0/3 access 800 -
) n) M. z1 S# X, } y! j3 h: WGigabitEthernet0/0/4 hybrid 1 - 8 b4 p) y$ `) w$ h) t
GigabitEthernet0/0/5 hybrid 1 - 5 @% x* W5 u( e5 B, Q) M
...
5 M- a5 s2 b2 \- R
, B+ d$ i K! O1 w创建AP地址池
- y% Y8 T! l/ q这里是基于接口的DHCP配置,用于给AP分配IP地址。
! n; N I! ?+ } m; z2 y1 F; D& x- p0 a
dhcp enable
/ ~/ m8 g. H% {" K* B- Pinterface Vlanif100; j9 ?+ b( Q6 l& i* g0 p: G
ip address 192.168.100.1 255.255.255.0& E2 {+ b2 G/ X8 v
dhcp select interface
, H' C+ V J6 ?/ d" c+ l dhcp server dns-list 114.114.114.114 8.8.8.83 s+ g! Y. O8 }. |( \4 ?
7 x7 J' z7 e" z, ^
验证AP上线! e5 ~4 c( Z; o
在AC上查看% E% M+ M. c# I- Y: r
* @% a2 p/ E) z; \% o. r4 B: I6 h
[AC1]dis ip pool interface Vlanif100 used * r1 o: D0 m. o
Pool-name : Vlanif100
& x6 g+ s4 i: R- ^. F( u! q Pool-No : 0: X( N8 c2 n7 E% [& Y
Lease : 1 Days 0 Hours 0 Minutes
+ U1 g' A' G- l& J/ }5 c) F: ]0 g: M Domain-name : -9 y! ?& p# ? \, b* Q& c4 g4 O
DNS-server0 : 114.114.114.114 5 j, M$ @0 W/ K# V
DNS-server1 : 8.8.8.8
4 ]+ S, o7 I: c( P9 C NBNS-server0 : -
9 k3 R+ F: Z9 j, B t) v Netbios-type : - ) ]# {+ @ e8 i% O' F9 [
Position : Interface Status : Unlocked. j: a2 w- f! v' I. s
Gateway-0 : - & w- A( j8 {3 J) D: n
Network : 192.168.100.0: `$ ?6 E5 q" T9 V% I2 a" _! E
Mask : 255.255.255.0/ _% N ?2 i( v4 T8 C/ F8 Q
Logging : Disable* P" H: d2 L b! d+ ~4 P; s
Conflicted address recycle interval: -( b. z: i. R5 I7 m
Address Statistic: Total :254 Used :2 + f( y! Z5 i, M' Y8 G- X$ W
Idle :252 Expired :0
9 L9 n% R% J {2 p Conflict :0 Disabled :0 . w+ }5 D( W" G9 z
C, }& x ~- V) J3 V9 n8 X6 `
-------------------------------------------------------------------------------
# `* q ^/ r6 s! |0 P1 b Network section 0 c! z+ ?1 i3 d6 d, t/ @
Start End Total Used Idle(Expired) Conflict Disabled
$ o5 J; z4 _* z/ y -------------------------------------------------------------------------------3 {$ J0 s4 ?9 O* t4 k) p
192.168.100.1 192.168.100.254 254 2 252(0) 0 0) h K: @. Y9 R) P
-------------------------------------------------------------------------------
% a8 S% K1 l# ^. J: G Client-ID format as follows: ) h9 S+ m! e) N" u
DHCP : mac-address PPPoE : mac-address
: K% H) w1 ]) ~# t: Q% s IPSec : user-id/portnumber/vrf PPP : interface index
. O: c7 |8 B; |6 Y5 Q4 E4 { L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id& C# u/ u: p4 f( K0 O5 m: E8 z
-------------------------------------------------------------------------------
2 a& C; j5 s0 b6 j Index IP Client-ID Type Left Status - |+ l# R4 j F; }8 Q
-------------------------------------------------------------------------------8 d |! W4 _* {6 g( X* U4 L* b
83 192.168.100.84 00e0-fc59-48f0 DHCP 85055 Used
% w$ [5 [; y1 [" e9 e( {# q' N5 N 156 192.168.100.157 00e0-fcd9-2cc0 DHCP 85055 Used
" m6 E2 H. |1 M -------------------------------------------------------------------------------
3 L' `0 Z: l; y" P
+ w0 i4 S" D8 Y7 t但是现在我们没法分清楚哪个是AP1、AP2,接下来我们可以到AP上分别去查看。0 Y2 ~/ ~3 w. R& W9 q$ O
3 M4 D% A- a$ ^; |
我们看到AP1拿到的地址是192.168.100.844 D+ u" b# z4 T8 Q% B
) M3 d; W/ \2 B0 M! F, e0 R
#在AP1上查看
; x' M( W* c' [* B6 a7 C[Huawei]dis ip in b" s2 [& c7 V0 {' D
*down: administratively down
6 g7 U7 G. |/ x: p; y7 E f^down: standby
8 x0 @& i( Q& u. R(l): loopback
% s: g, B( U5 A6 p6 w6 r2 j( K( u(s): spoofing
4 A6 P0 P6 o% Q# B/ J& B: E(E): E-Trunk down; u9 u* x$ z& F8 @: |2 W5 s3 Y
The number of interface that is UP in Physical is 2- e! @/ I9 o3 b- B
The number of interface that is DOWN in Physical is 0- a" A+ K6 k4 ], u3 F
The number of interface that is UP in Protocol is 2
' L% O& b& E9 z0 B3 ?# f. W6 FThe number of interface that is DOWN in Protocol is 0
' E0 C+ N5 N; H$ t' `8 e; ^* o% p) ]3 c! }$ C( ?) l/ H
Interface IP Address/Mask Physical Protocol
6 K+ x; {* H; b1 Y# [7 yNULL0 unassigned up up(s)
, }! a& _/ |# b4 o JVlanif1 192.168.100.84/24 up up
4 u0 w5 O3 f9 U: h5 M+ P
; R6 W9 i7 x! a0 k9 H3 c[Huawei]ping 192.168.100.1
3 v+ u5 o7 o) l' P1 B$ {: b PING 192.168.100.1: 56 data bytes, press CTRL_C to break$ P4 @: d0 p" [6 _
Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=255 time=110 ms" k0 E/ w. R8 z$ s) A
Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=255 time=1 ms4 G5 l' M s% u3 C& A
Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=255 time=1 ms& @$ s3 i9 E# X2 Q( {1 [& ~: y
Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=255 time=1 ms# ?& K9 B% F. U6 ?
Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=255 time=10 ms4 s* S5 A5 u3 Z3 e. f7 h
& [8 Z; t5 e, k --- 192.168.100.1 ping statistics ---
5 T' k& x( E$ j( B( } 5 packet(s) transmitted
; Q# P0 ]5 Q& l, N7 A0 h 5 packet(s) received
# t {" x" z8 u$ m- f& P 0.00% packet loss& ~# |1 X9 P" ~% h6 |% e
round-trip min/avg/max = 1/24/110 ms
5 a( Q8 i9 ] p1 W' b' @$ t9 C( w# w: n' d' p5 x3 f
AP2拿到了192.168.100.1572 d+ G* t+ S, R- v* I5 F
+ N% r( d3 V! g( }$ c在AP2上查看
* b2 X- [7 G4 ? O d6 `<Huawei>dis ip in b
, p+ m$ H. C+ X- X: `*down: administratively down9 |# Y, T$ _& n3 t
^down: standby$ p8 d j; ~, d5 Z" K$ A0 {6 H
(l): loopback$ F# z4 U+ `2 _* F# X
(s): spoofing
( e# D$ y a0 X/ I# f1 Z% V(E): E-Trunk down- @$ [) Z- D+ r
The number of interface that is UP in Physical is 2
; P K0 A# j) u( ]* w# gThe number of interface that is DOWN in Physical is 03 `2 o1 | c# j v* k3 u4 ~
The number of interface that is UP in Protocol is 2* z: h, C/ I# P
The number of interface that is DOWN in Protocol is 06 Y( _) I$ q m/ l3 H& R6 f+ f2 l
* j* U& T$ G! c" n/ Z
Interface IP Address/Mask Physical Protocol ) L! ]/ X$ O% d4 q1 X
NULL0 unassigned up up(s) " L7 i" G" f: y
Vlanif1 192.168.100.157/24 up up ( q! l' L o: M" e/ f3 i' \9 Z
5 D9 N) S! d+ @- T' R我们看到AP1拿到的地址是192.168.100.84,现在我们可以在AC上ping一下
- c: {1 y' B: Z R- v4 L/ d. [2 s; x; X1 L* G2 w
[AC1]ping 192.168.100.84( b; |% R: _) |; c1 M" Z! z; F
PING 192.168.100.84: 56 data bytes, press CTRL_C to break' A. K: _6 F& }
Reply from 192.168.100.84: bytes=56 Sequence=1 ttl=255 time=1 ms
" o. v/ L/ g7 V; H Reply from 192.168.100.84: bytes=56 Sequence=2 ttl=255 time=1 ms( {7 M+ j0 H) j. t4 B
Reply from 192.168.100.84: bytes=56 Sequence=3 ttl=255 time=10 ms
" o( g% A. C M8 f* c, H* \. j Reply from 192.168.100.84: bytes=56 Sequence=4 ttl=255 time=1 ms
4 x8 [( o' }" T/ c Reply from 192.168.100.84: bytes=56 Sequence=5 ttl=255 time=1 ms; O+ h0 _3 ^( ~6 e3 O5 G% J$ {- a9 w/ }
/ ]& R% {! M* ~: i% s$ b; o4 r8 W" S7 m* ~ --- 192.168.100.84 ping statistics ---( [" V4 G( B! x& \5 w
5 packet(s) transmitted
( ]& G0 x. H7 |( u/ z 5 packet(s) received
9 r. { j6 ]! N# z1 @ 0.00% packet loss
. @7 l X% }4 ^/ @5 V* M round-trip min/avg/max = 1/2/10 ms- \$ T9 a1 D2 Q, b* V
4 M- a# _8 i: y3 S- s[AC1]ping 192.168.100.1570 q) h' M' c. R, G2 j9 u
PING 192.168.100.157: 56 data bytes, press CTRL_C to break
$ A% ]. k2 a2 P Reply from 192.168.100.157: bytes=56 Sequence=1 ttl=255 time=1 ms
( s' u+ Q& ?$ J9 l5 D Reply from 192.168.100.157: bytes=56 Sequence=2 ttl=255 time=1 ms( H+ C0 A" G5 M \; t% i* E) |
Reply from 192.168.100.157: bytes=56 Sequence=3 ttl=255 time=1 ms
F, f) r$ ]+ T Reply from 192.168.100.157: bytes=56 Sequence=4 ttl=255 time=10 ms
8 F* ^3 w5 s0 D3 k) n# D Reply from 192.168.100.157: bytes=56 Sequence=5 ttl=255 time=1 ms$ J% r! b% Q' {
9 n. X, K' ?' }, D
--- 192.168.100.157 ping statistics ---
0 H' v5 @* C/ l 5 packet(s) transmitted9 }4 m6 l. E& H; e5 O
5 packet(s) received$ J" ]4 I+ }) e( V/ d. k1 E
0.00% packet loss/ g2 f2 F/ E+ S
round-trip min/avg/max = 1/2/10 ms8 {9 X- ], S* c% Z' v
. C( [) ?' _# ^( d0 P; g" h( b, a8 D5 {7 S" g
四、创建用户群地址池" `) K) H- y# U9 I5 D' u1 X1 u
用户群A的DHCP! M9 B( B+ a8 t' c. F
用于给用户群A分配IP地址' K1 L9 X# n/ k' Y% {, }
5 x& n1 K! M9 T' u- dinterface Vlanif1010 U3 r, I5 k; i$ c( u- U
ip address 192.168.101.1 255.255.255.05 [$ a0 E/ Y1 _& Y+ k9 y6 U' H
dhcp select interface
, }# u/ Q- e5 _ dhcp server dns-list 114.114.114.114 8.8.8.8. C5 C/ \' _& I; p. n
2 @6 i, ~/ O) b+ g4 i0 S用户群B的DHCP- k" r! O2 k. J8 m3 J1 @: Y
用于给用户群A分配IP地址
" ]) z, Q+ h; }$ \+ J# X) B5 u
* g2 o( t: m; ointerface Vlanif102% N* h% ]7 b0 F. I* ?) h
ip address 192.168.102.1 255.255.255.01 o* F- Y1 e8 T M$ ?8 g* ^
dhcp select interface
9 y, v) {. m% n" r/ T dhcp server dns-list 114.114.114.114 8.8.8.8" h/ u' N/ x5 j) ? U2 ?; a
; N8 V+ n" c; i, i: b j3 F0 m2 k6 ^& N
g$ F/ c' @) F! j |
|
发表于 2022-3-16 10:00:02