|
|
一、实验环境, A: U }% Y4 z/ z
1 _1 G+ j+ U$ O; c* l3 x. _
; D I" Q2 ^9 q& `' n, {3 L二、创建VLAN% o ^8 R7 C0 i6 c
[huawei]sy AC1
0 u5 Y, B) G6 l% t7 q3 A8 L[AC1]un in en: a1 y) _) K, q- ^2 c! A% \
[AC1]vlan batch 100 101 102 8007 r: } {7 j2 f1 Y) \" p6 }
1 p. ^5 J; x! q5 l' G* H- `) Minterface GigabitEthernet0/0/3) _& O4 h9 E* ?& }# Q: M
port link-type access
' V+ X, K+ x$ u; I6 ?+ l0 m port default vlan 8003 n2 u4 a9 `8 ?! h
q
9 E( N& _9 b3 V7 H, \/ D( F _: D1 @: ~. `. G
interface Vlanif800+ r$ w4 E8 }( O& T- B- H, {" U
ip address 192.168.240.1 255.255.255.252! R6 a E9 Z* t. [) W) E4 Y& t2 t
q
- f1 j: |" |' z, H i& K1 z; R( Z. {! Z1 }
三、AP上线! V& ?$ e5 H- I% Z
AP与AC之间打trunk。将管理vlan100设为trunk的本征vlan。
; M! d c+ \* E4 Y$ E. N: \5 k# Z7 a1 z x
什么是本征vlan?
0 m3 f+ Q0 G1 U% N( |# q) q% d& [* m
0 H4 P* p# Q. Z关于本征vlan的概念总是忘记,重新搜索了一下加深一下记忆,总结了几条:( L! O! L H/ [, @ [2 W4 e/ d
1、本征vlan默认是vlan1,并且是可以修改的,修改后,不加tag的帧全都送给本征vlan来在中继端口上传输;3 z3 n8 o. G9 ]5 a
2、交换机的access口是不存在本征vlan的概念的,这个概念只存在中继端口上;
' _0 S. X- b/ }0 B3、本来所有经过中继口上的帧都应该打上标记的,中继通过allow vlan *** 来放行相关vlan通行,但是交换机之间不管存在穿越帧,还存在交换机之间协商信息的帧,如果将这些帧打上tag,也就是那些交换机管理信息,那么这些信息传递到目的地,并不需要送往对应vlan中,而是让交换机接收的信息,那么这时候就需要本征vlan了,不打tag的帧全送到本征vlan进行传送;( D) ~1 `1 S1 x4 d' o
4、本征vlan收到带tag的帧是会丢弃的。0 w0 K/ Y, M7 s5 `# F
6 c* r6 x( B4 F$ ^0 M# {默认情况下,Trunk 端口的缺省VLAN 为VLAN1。对 Trunk 端口,执行undo vlan 命令删除端口的缺省VLAN 后,端口的缺省VLAN 配置不会改变的,即使用已经不存在的VLAN 作为缺省VLAN。0 P, e5 L" r1 w! u$ |
( N2 h! v! [& _1 |/ d( q. ~( ^* ^
interface GigabitEthernet0/0/1: A9 {' p' ~5 F# x
port link-type trunk
/ w5 q6 | U$ o( r+ J9 M% i2 p; H port trunk pvid vlan 100 #将vlan100配置为本征vlan
; d& ^7 U$ q G' k! O3 ~0 x! h0 ? port trunk allow-pass vlan 100 to 101 #允许vlan100和vlan101通过0 ?$ h& |9 R: L& C# _6 X
q
( x* k: J( Q) A# S. O3 I4 i2 K# y" I
interface GigabitEthernet0/0/2
- T( M0 v O/ r$ C) f port link-type trunk- H& m/ Y' k7 e1 z8 `9 n" Y
port trunk pvid vlan 100 #将vlan100配置为本征vlan, B8 q/ a$ s; D* D! t1 p, f k- z2 _
port trunk allow-pass vlan 100 to 102 #允许vlan100和vlan101通过6 |6 j) I' _) a* D( T
q# D# }8 V2 ?" |! e" E8 E
9 B0 M+ ]; v$ b& z0 p" F, P N
注意事项:将vlan100配置为本征vlan,目的是使得AP发来的不打tag的DHCP请求报文,归为vlan100的流量,从而使得AP获取到IP地址。AP和AC之间交互的管理流量都是不打tag的。
9 H" ]% T6 Y# A+ \& ~% ^$ R
% a: f( W: p3 T; D1 T查看一下vlan接口信息
! r+ R$ H$ Z+ T, e( U, J* {( {% b/ y4 G3 n( h# @
[AC1]dis port vlan
9 c _" g; U% h$ ^Port Link Type PVID Trunk VLAN List
3 u' B) i0 O& r F6 L7 O* j-------------------------------------------------------------------------------
. t9 R5 D/ G! d7 {# ~& ~7 bGigabitEthernet0/0/1 trunk 100 1 100-101
+ c5 D# }; k5 x" kGigabitEthernet0/0/2 trunk 100 1 100-102' S7 I# G; W) p: C6 I
GigabitEthernet0/0/3 access 800 -
6 y+ \. _" S, NGigabitEthernet0/0/4 hybrid 1 - , [- q& I( k, h8 R. J) R: f
GigabitEthernet0/0/5 hybrid 1 - 3 c2 T% q, s) f" K+ h( Q
...
/ ]: s: R5 y6 @) B
8 v( K+ n* W( ?2 D( F# g) Y创建AP地址池
3 n; d% h' `, P' W4 A: z0 o这里是基于接口的DHCP配置,用于给AP分配IP地址。/ h# b' f* ~( `+ ]! x p; ] I
7 g' K, i. G4 ^# C2 vdhcp enable1 p) q- f- h) j" p
interface Vlanif100
, F l" V( A- L# G9 R5 U ip address 192.168.100.1 255.255.255.0: H" B" u, y8 W% D) W; x
dhcp select interface5 q8 W; W, N4 \( m9 `$ [3 c& i, R
dhcp server dns-list 114.114.114.114 8.8.8.8
/ Z2 @& l0 x1 L6 Z! E
) Z p" H" S# q4 c4 D p2 w验证AP上线! u, w; v" [ U5 @% U& z6 e
在AC上查看8 u9 ]# N1 E6 A' i- i* j8 R
$ t8 o% w! Q. @" h0 h
[AC1]dis ip pool interface Vlanif100 used
' x2 s- N4 }; b9 C7 k Pool-name : Vlanif100
/ j0 ~# ]# n4 b' }7 c8 ^0 d5 i Pool-No : 0
$ l% {2 p* ^8 T+ g Lease : 1 Days 0 Hours 0 Minutes
7 | w; U, A9 u+ Q( C( C Domain-name : -: I$ J; l2 k6 N
DNS-server0 : 114.114.114.114
6 P- }" E# X; n9 Z DNS-server1 : 8.8.8.8 / f+ v8 b8 Z5 O
NBNS-server0 : -
5 G6 o! k; O4 E2 b; x# M0 ]8 d Netbios-type : -
" Y0 \8 E, \2 i! ^2 S7 G* I Position : Interface Status : Unlocked4 ]& c) _8 N; Z: J# ]7 E# K: h5 I
Gateway-0 : - * \2 l2 @/ C" o, K
Network : 192.168.100.0+ b9 F9 S2 N' p
Mask : 255.255.255.0, @1 x+ H5 j5 Z# u6 I$ l
Logging : Disable
( d% }, o6 d) D- A5 Z Conflicted address recycle interval: -$ E, \4 ~! n- Q. r" z6 |* ?
Address Statistic: Total :254 Used :2
6 @! M8 D9 t0 W/ ]4 m Idle :252 Expired :0 7 A9 A( E; [; u6 m2 A9 {0 d" y
Conflict :0 Disabled :0
- h6 a; ?# j! f
; G; z8 b( T! S. v6 T6 I) p -------------------------------------------------------------------------------3 O* W' @9 A8 B3 n/ F
Network section ; b" o! g. ?8 Q Z6 m. v( `
Start End Total Used Idle(Expired) Conflict Disabled
7 x& K) Q- d- ?# N ?6 C5 Z -------------------------------------------------------------------------------- r) f0 A. U& w: o
192.168.100.1 192.168.100.254 254 2 252(0) 0 0# ^: O: [- |1 T- z3 p) M- E/ c
-------------------------------------------------------------------------------
* e, h5 u5 a. z4 z7 F Client-ID format as follows: ( D9 \1 g/ u1 q- l
DHCP : mac-address PPPoE : mac-address 7 G; }$ V s4 C- K2 G5 d/ w/ Z7 _
IPSec : user-id/portnumber/vrf PPP : interface index h1 d4 R$ S# W Y* T
L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
; N* M8 W+ a; n5 r6 r -------------------------------------------------------------------------------
4 S0 y# c7 m# @, n3 y, G4 ?, w; [ Index IP Client-ID Type Left Status
* G1 d6 o. d ]# E j -------------------------------------------------------------------------------: Q9 t' r, _) w9 D
83 192.168.100.84 00e0-fc59-48f0 DHCP 85055 Used
: ~+ z( p* ]0 d) C0 n3 p" F$ Y( P. M 156 192.168.100.157 00e0-fcd9-2cc0 DHCP 85055 Used
7 w i! A+ R! z -------------------------------------------------------------------------------2 Q k5 l8 [% `/ r+ b- q
* j( _* ^. A/ v: r& x
但是现在我们没法分清楚哪个是AP1、AP2,接下来我们可以到AP上分别去查看。
) c) l, u7 l* a
) [5 [# @0 F- I, L$ K我们看到AP1拿到的地址是192.168.100.84' z0 B, J: ? n2 h, s4 p
8 {# l/ I) |, {: x/ R6 e; h#在AP1上查看1 j6 i& u. ^& D/ p8 F, l* v
[Huawei]dis ip in b& ` o% P; [0 X- i+ A3 U+ ]
*down: administratively down( C% z( s# z8 N; |/ }8 e" h/ \4 j
^down: standby
) B. G) }7 L" a, ?; x' J7 J(l): loopback
7 {/ b- g+ N1 o l) N4 G2 m' e' j(s): spoofing
6 {/ A4 `1 Q3 N' l" D* p9 {(E): E-Trunk down- ~0 R2 l+ P# [* q. S2 j2 Z; N& ^
The number of interface that is UP in Physical is 2% N0 f* q; L- }9 m
The number of interface that is DOWN in Physical is 0' q4 Y7 ^5 U* B* N- J* _
The number of interface that is UP in Protocol is 21 L+ U& i3 h2 A3 D$ g6 j% F& D
The number of interface that is DOWN in Protocol is 0
) a3 H& q% _6 O" d. Z% S2 }9 a5 y, m1 m) O
Interface IP Address/Mask Physical Protocol 6 Q( C$ j: w: u% T. Q& V
NULL0 unassigned up up(s)
5 t7 I/ M+ O9 U, j( V" u' y* \Vlanif1 192.168.100.84/24 up up
6 B* x$ [' \0 g; r: m! D9 C$ }" P* ~ L. \. ^5 \9 S: l' m7 A; _
[Huawei]ping 192.168.100.1
7 T3 _( t' S. ?( [$ E PING 192.168.100.1: 56 data bytes, press CTRL_C to break
p# z6 f8 }+ r! A+ U$ u5 ] Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=255 time=110 ms
, N: b6 ?# T1 v: g Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=255 time=1 ms
; k4 e$ h) l$ }, v, B9 H4 |" ] Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=255 time=1 ms+ L* p6 v) K4 g+ N
Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=255 time=1 ms" d6 E" N% ]; `% y
Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=255 time=10 ms
; p8 x# w# p' y- {
% T: J+ j' n% { --- 192.168.100.1 ping statistics ---
7 f4 f+ z T5 D2 k0 i/ ?$ z1 \ 5 packet(s) transmitted7 e! m: h/ M4 B6 s- b: p" i
5 packet(s) received7 ^4 j5 L! ~( T* z" v4 R2 _
0.00% packet loss+ E% e) U& w$ i( b( V5 G1 D7 d
round-trip min/avg/max = 1/24/110 ms
/ Y: ]5 \5 t0 i7 @& B6 Z1 i4 l2 k u+ z \! {) z/ m4 {
AP2拿到了192.168.100.157
. k3 f* Q$ N/ q+ a1 l- `
7 |' {( V+ l0 E在AP2上查看
7 D7 T, h5 t% b: ?! f<Huawei>dis ip in b* z. l6 F6 F9 N4 {4 S
*down: administratively down3 K0 U8 T% _+ I; S% g: P5 E
^down: standby/ A. B+ G. A- i' y& p
(l): loopback
8 v0 A" z3 f$ e M& @2 z(s): spoofing; n" k0 [* ?# p3 e
(E): E-Trunk down Y- [$ c' D' e6 T/ ^* u ?( j
The number of interface that is UP in Physical is 2
0 Z/ e3 x$ f' ?6 V K6 V! CThe number of interface that is DOWN in Physical is 0/ Z+ w+ K1 w% B1 w, |$ U
The number of interface that is UP in Protocol is 23 C2 }8 v( s9 |' a! }
The number of interface that is DOWN in Protocol is 0
) u& S5 E, r0 E# {6 J
) ^# D" p' ^" R7 y. z q# M5 FInterface IP Address/Mask Physical Protocol
: Q, A% l+ T$ M. {- a8 l# yNULL0 unassigned up up(s)
( G4 A+ Z5 A5 O& w% Q. [: X$ H0 ?1 qVlanif1 192.168.100.157/24 up up " N# q. E4 O* J' F: P
# G" L1 c% P! l+ g+ M' U5 P
我们看到AP1拿到的地址是192.168.100.84,现在我们可以在AC上ping一下
R# O) M" e2 V6 ?* i$ Q0 U$ V8 a
" |) t7 U3 K, {3 @8 y4 ?" V# ][AC1]ping 192.168.100.840 a" p2 ?5 R# X r# e) m
PING 192.168.100.84: 56 data bytes, press CTRL_C to break, o' k3 _0 `. l# a
Reply from 192.168.100.84: bytes=56 Sequence=1 ttl=255 time=1 ms
' V, T% |: ?+ _3 l# y Reply from 192.168.100.84: bytes=56 Sequence=2 ttl=255 time=1 ms
. U. y. Z3 f- [( ?) g7 g1 A7 H Reply from 192.168.100.84: bytes=56 Sequence=3 ttl=255 time=10 ms
2 x% e& L; S& N) ^ Reply from 192.168.100.84: bytes=56 Sequence=4 ttl=255 time=1 ms
4 _3 E" m2 Z1 e( E: U" j Reply from 192.168.100.84: bytes=56 Sequence=5 ttl=255 time=1 ms
! ?# j! V2 i9 S0 ~* i" `1 V$ f, l3 l; J
--- 192.168.100.84 ping statistics ---5 c) g. h8 `' d, A
5 packet(s) transmitted
0 P1 j7 c! m! V8 H5 l! D 5 packet(s) received
5 w8 {3 Z1 Q: B 0.00% packet loss
, P' c+ J# x9 u( ]4 P+ c" v2 l' }; ?/ | round-trip min/avg/max = 1/2/10 ms
+ \ W; y2 ~3 d6 t3 g6 I2 d. ?) G4 V: ~0 j/ }* J; e
[AC1]ping 192.168.100.157
1 ^8 d j w0 E' a# Q _$ P PING 192.168.100.157: 56 data bytes, press CTRL_C to break' [" S5 G5 [$ Z) e3 B3 v! |
Reply from 192.168.100.157: bytes=56 Sequence=1 ttl=255 time=1 ms
& {1 L1 K8 _- q1 | ?! L' R Reply from 192.168.100.157: bytes=56 Sequence=2 ttl=255 time=1 ms
* g5 A( Z# N7 X1 a Reply from 192.168.100.157: bytes=56 Sequence=3 ttl=255 time=1 ms0 e; [" O7 |+ C! W! \$ \
Reply from 192.168.100.157: bytes=56 Sequence=4 ttl=255 time=10 ms' f' v7 ?4 s# E7 ?; U9 `; `8 _& v& }
Reply from 192.168.100.157: bytes=56 Sequence=5 ttl=255 time=1 ms
- |# @8 Z' g# C
& h( M) \, `: I8 } --- 192.168.100.157 ping statistics ---$ O+ O% r; N2 }6 @; r8 h# F
5 packet(s) transmitted$ E1 o/ H7 I+ _- s1 o
5 packet(s) received
9 T. T2 v2 O$ z5 c 0.00% packet loss
- t$ e) r8 \! V; ?2 w; ]* ` round-trip min/avg/max = 1/2/10 ms
7 Z9 G* s2 L+ `. @# m
( Q4 D+ n5 H# C1 c; q+ r( K3 a' e1 M4 }7 ]! ^: @" {
四、创建用户群地址池
! V. @% [2 h- ?) Y2 J5 w+ r. p用户群A的DHCP
! x+ [8 F5 y9 R `9 E3 n( _" j2 c用于给用户群A分配IP地址: ]" e. C# m5 u' C4 X5 ~
+ A. z3 | \& A* a) }
interface Vlanif101
4 {/ H$ h. S" G0 h ip address 192.168.101.1 255.255.255.09 @) a X: {- |) f5 o2 F
dhcp select interface% v2 e5 Z/ f" F
dhcp server dns-list 114.114.114.114 8.8.8.8
6 D0 }/ i- f& P+ }* V6 s; Z. m( V4 Y
用户群B的DHCP
$ d* C* E) J' f用于给用户群A分配IP地址
) t# A$ `8 h. Q" e2 w4 a, g) @ ^1 l
interface Vlanif1027 y% `4 c8 a& S" E. C/ r
ip address 192.168.102.1 255.255.255.03 }% P# p9 W+ D7 v( ~+ J. A
dhcp select interface1 _1 E: |2 t' ]! `& Z5 r
dhcp server dns-list 114.114.114.114 8.8.8.8
2 |* B. J- ?; o. B9 ^; D
- k& Y8 Y% n0 m- }& c
( x8 Q. x) F0 L7 [+ c4 X D: g4 G9 w9 ]: v4 }, I) Z; N4 j
|
|
发表于 2022-3-16 10:00:02