vlan
pool技术主是是解决在大型组网中全部显示一个名称SSID,但不同区域连接的用户对应不同的vlan,这样防止一个vlan太多用户,广播域太大,以实现一个SSID对应一堆vlan,且可以实现漫游。

用hash算法比较常用:

AC命令行配置:
dis current-configuration

<>

set memory-usage threshold 0

<>

ssl renegotiation-rate 1

<>

vlan batch 100

<>

<>

vlan pool vlan_pool_test
vlan 11 to 12

<>

diffserv domain default

<>

radius-server template default

<>

<>

free-rule-template name default_free_rule

<>

portal-access-profile name portal_access_profile

<>

<>

interface Vlanif1
ip address 10.0.0.10 255.255.255.0

<>

interface Vlanif100
ip address 192.168.100.100 255.255.255.0

<>

interface MEth0/0/1
undo negotiation auto
duplex half

<>

interface GigabitEthernet0/0/1
port link-type access
port default vlan 100

<>

interface GigabitEthernet0/0/2
port link-type access

<>

<>

interface GigabitEthernet0/0/21
undo negotiation auto
duplex half

<>

interface GigabitEthernet0/0/22
undo negotiation auto
duplex half

<>

interface GigabitEthernet0/0/23
undo negotiation auto
duplex half

<>

interface GigabitEthernet0/0/24
undo negotiation auto
duplex half

<>

interface XGigabitEthernet0/0/1

<>

interface XGigabitEthernet0/0/2

<>

interface NULL0

<>

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

<>

ip route-static 0.0.0.0 0.0.0.0 192.168.100.1

<>

capwap source interface vlanif100

<>

user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all

<>

wlan
traffic-profile name default
security-profile name test
security wpa-wpa2 psk pass-phrase %^%#'eUg3D-zY)*Lg9$!hrxQ3PLCWMkf{<@D,p8tTzCY
%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test
service-vlan vlan-pool vlan_pool_test
ssid-profile test
security-profile test
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile test wlan 5
radio 1
vap-profile test wlan 5
radio 2
vap-profile test wlan 5
ap-id 0 type-id 56 ap-mac 00e0-fced-3880 ap-sn 21023544831051220D2C
ap-id 1 type-id 56 ap-mac 00e0-fcde-2c70 ap-sn 2102354483105E639023
provision-ap

<>

dot1x-access-profile name dot1x_access_profile

<>

mac-access-profile name mac_access_profile

<>

核心交换机上配置
dis current-configuration

<>

sysname Huawei

<>

undo info-center enable

<>

vlan batch 10 to 12 20 30 100 192 999

ip pool vlan11
gateway-list 172.16.11.1
network 172.16.11.0 mask 255.255.255.0
dns-list 8.8.8.8

<>

ip pool vlan12
gateway-list 172.16.12.1
network 172.16.12.0 mask 255.255.255.0
dns-list 8.8.8.8

<>

ip pool vlan20
gateway-list 172.16.2.1
network 172.16.2.0 mask 255.255.255.0
dns-list 8.8.8.8

<>

ip pool vlan30
gateway-list 172.16.3.1
network 172.16.3.0 mask 255.255.255.0
excluded-ip-address 172.16.3.100
dns-list 8.8.8.8

<>

ip pool vlan192
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.100.100

<>

<>

interface Vlanif11
ip address 172.16.11.1 255.255.255.0
dhcp select global

<>

interface Vlanif12
ip address 172.16.12.1 255.255.255.0
dhcp select global

<>

interface Vlanif20
ip address 172.16.2.1 255.255.255.0
dhcp select global

<>

interface Vlanif30
ip address 172.16.3.1 255.255.255.0
dhcp select global

<>

interface Vlanif100
ip address 192.168.100.1 255.255.255.0

<>

interface Vlanif192
ip address 192.168.10.1 255.255.255.0
dhcp select global

<>

interface Vlanif999
ip address 10.0.0.2 255.255.255.0

<>

interface MEth0/0/1

<>

interface GigabitEthernet0/0/1
port link-type access
port default vlan 100

<>

interface GigabitEthernet0/0/2
port link-type access
port default vlan 999

<>

interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192

<>

interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 30

<>

接入交换机上也要相应放行这些vlan:
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192

<>

interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192

<>

interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192

技术
今日推荐
阅读数 170189
阅读数 23
阅读数 5
阅读数 0
下载桌面版
GitHub
百度网盘(提取码:draw)
Gitee
云服务器优惠
阿里云优惠券
腾讯云优惠券
华为云优惠券
站点信息
问题反馈
邮箱:ixiaoyang8@qq.com
QQ群:766591547
关注微信