一。配置接口类型lsw1[LSW1]vlan batch 10 20 100[LSW1-GigabitEthernet0/0/1]port link-type trunk[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 100[LSW1]port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/4[LSW1-GigabitEthernet0/0/2]port link-type trunk[LSW1-GigabitEthernet0/0/3]port link-type trunk[LSW1-GigabitEthernet0/0/4]port link-type trunk[LSW1]port-group group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/3[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 100[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 100[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100[LSW1-GigabitEthernet0/0/3]port trunk pvid vlan 100[LSW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 20 100[LSW1-GigabitEthernet0/0/4]port trunk pvid vlan 100AC1[AC6605]vlan batch 100[AC6605-GigabitEthernet0/0/2]port link-type trunk[AC6605-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 100二。配置DHCP---地址池配置为AP分配IP地址lsw1[LSW1]dhcp enable[LSW1]ip pool wifi[LSW1-ip-pool-wifi]gateway-list 192.168.1.1[LSW1-ip-pool-wifi]network 192.168.1.0 mask 24[LSW1]interface Vlanif 100[LSW1-Vlanif100]ip address 192.168.1.1 24[LSW1-Vlanif100]dhcp select global三。WLAN配置AP与AC实现三层互递[AC6605]interface Vlanif 100[AC6605-Vlanif100]ip address 192.168.1.2 24在AP与AC间建立CAPWAP隧道[AC6605]capwap source interface Vlanif 100 --- 设置使用某个VLAN接口与AP进行隧道建立创建域管理模板[AC6605]wlan --- 进入WLAN配置视图[AC6605-wlan-view]regulatory-domain-profile name aa[AC6605-wlan-regulate-domain-aa]country-code CN ---- 设置采用的WLAN的频段[AC6605-wlan-view]ap auth-mode mac-auth --- 设置AP的认证模式创建AP组[AC6605-wlan-view]ap-group name gourp-1 --- 创建AP组[AC6605-wlan-ap-group-gourp-1]regulatory-domain-profile aa --- 将域管理模板绑定到该AP组内Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:Y[AC6605-wlan-view]ap-group name gourp-2 --- 创建AP组[AC6605-wlan-ap-group-gourp-2]regulatory-domain-profile aa--- 将域管理模板绑定到该AP组内Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:YAP接入[AC6605-wlan-view]ap-id 0 ap-mac 00e0-fcea-2130[AC6605-wlan-view]ap-id 1 ap-mac 00e0-fc45-1cd0[AC6605-wlan-view]ap-id 2 ap-mac 00e0-fcc6-35a0AP组中添加AP设备[AC6605-wlan-ap-0]ap-name ap-0--- 设置该AP的名称[AC6605-wlan-ap-0]ap-group gourp-1--- 将该AP绑定到AP组内Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:Y[AC6605-wlan-ap-1]ap-name ap-1[AC6605-wlan-ap-1]ap-group gourp-1Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y[AC6605-wlan-ap-2]ap-name ap-2[AC6605-wlan-ap-2]ap-group gourp-2Warning: This operation may cause AP reset. If the country code changes, it willclear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y配置安全模板[AC6605-wlan-view]security-profile name openlab-1[AC6605-wlan-sec-prof-openlab-1]security wpa2 psk pass-phrase openlab-2 aes[AC6605-wlan-view]security-profile name openlab-2[AC6605-wlan-sec-prof-openlab-2]security wpa2 psk pass-phrase openlab-1 aes配置SSID模板[AC6605-wlan-view]ssid-profile name openlab-1[AC6605-wlan-ssid-prof-openlab-1]ssid openlab-1[AC6605-wlan-view]ssid-profile name openlab-2[AC6605-wlan-ssid-prof-openlab-2]ssid openlab-2配置VAP模板[AC6605-wlan-view]vap-profile name openlab-1[AC6605-wlan-vap-prof-openlab-1]forward-mode tunnel --- 隧道转发模式[AC6605-wlan-vap-prof-openlab-1]service-vlan vlan-id 10 ---设定转发的业务流量所属VLAN就是 wifi用户所属的VLAN[AC6605-wlan-vap-prof-openlab-1]security-profile openlab-1--- 绑定安全模板[AC6605-wlan-vap-prof-openlab-1]ssid-profile openlab-1--- 绑定SSID模板[AC6605-wlan-view]vap-profile name openlab-2[AC6605-wlan-vap-prof-openlab-2]forward-mode tunnel[AC6605-wlan-vap-prof-openlab-2]service-vlan vlan-id 20[AC6605-wlan-vap-prof-openlab-2]security-profile openlab-2[AC6605-wlan-vap-prof-openlab-2]ssid-profile openlab-2在AP组中调用AP模板[AC6605-wlan-view]ap-group name gourp-1[AC6605-wlan-ap-group-gourp-1]vap-profile openlab-1 wlan 1 radio all[AC6605-wlan-view]ap-group name gourp-2[AC6605-wlan-ap-group-gourp-2]vap-profile openlab-2 wlan 2 radio all四。配置DHCP[LSW1]interface Vlanif 10[LSW1-Vlanif10]ip address 192.168.10.254 24[LSW1-Vlanif10]dhcp select global[LSW1]ip pool vlan10[LSW1-ip-pool-vlan10]network 192.168.10.0 mask 24[LSW1-ip-pool-vlan10]gateway-list 192.168.10.254[LSW1]int v 20[LSW1-Vlanif20]ip address 192.168.20.254 24[LSW1-Vlanif20]dhcp select global[LSW1]ip pool vlan20[LSW1-ip-pool-vlan20]network 192.168.20.0 mask 24[LSW1-ip-pool-vlan20]gateway-list 192.168.20.254五。配置全网可通[AC6605]vlan 200[AC6605-GigabitEthernet0/0/1]p l a[AC6605-GigabitEthernet0/0/1]port default vlan 200[AC6605]int v 200[AC6605-Vlanif200]ip address 192.168.200.1 24[AC6605]ip route-static 1.1.1.0 24 192.168.200.2[AC6605]ip route-static 192.168.10.0 24 192.168.1.1[AC6605]ip route-static 192.168.20.0 24 192.168.1.1[R1-GigabitEthernet0/0/0]ip address 192.168.200.2 24[R1-LoopBack0]ip address 1.1.1.1 24[R1]ip route-static 192.168.1.0 24 192.168.200.1[R1]ip route-static 192.168.20.0 24 192.168.200.1[LSW1]ip route-static 192.168.200.0 24 192.168.1.2[LSW1]ip route-static 1.1.1.0 24 192.168.1.2