©2020-2024 ioDraw All rights reserved,
Privacy Policy
vlan
pool技术主是是解决在大型组网中全部显示一个名称SSID,但不同区域连接的用户对应不同的vlan,这样防止一个vlan太多用户,广播域太大,以实现一个SSID对应一堆vlan,且可以实现漫游。
用hash算法比较常用:
AC命令行配置:
dis current-configuration
<>
set memory-usage threshold 0
<>
ssl renegotiation-rate 1
<>
vlan batch 100
<>
<>
vlan pool vlan_pool_test
vlan 11 to 12
<>
diffserv domain default
<>
radius-server template default
<>
<>
free-rule-template name default_free_rule
<>
portal-access-profile name portal_access_profile
<>
<>
interface Vlanif1
ip address 10.0.0.10 255.255.255.0
<>
interface Vlanif100
ip address 192.168.100.100 255.255.255.0
<>
interface MEth0/0/1
undo negotiation auto
duplex half
<>
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
<>
interface GigabitEthernet0/0/2
port link-type access
<>
<>
interface GigabitEthernet0/0/21
undo negotiation auto
duplex half
<>
interface GigabitEthernet0/0/22
undo negotiation auto
duplex half
<>
interface GigabitEthernet0/0/23
undo negotiation auto
duplex half
<>
interface GigabitEthernet0/0/24
undo negotiation auto
duplex half
<>
interface XGigabitEthernet0/0/1
<>
interface XGigabitEthernet0/0/2
<>
interface NULL0
<>
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
<>
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
<>
capwap source interface vlanif100
<>
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
<>
wlan
traffic-profile name default
security-profile name test
security wpa-wpa2 psk pass-phrase %^%#'eUg3D-zY)*Lg9$!hrxQ3PLCWMkf{<@D,p8tTzCY
%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name test
ssid test
ssid-profile name default
vap-profile name test
service-vlan vlan-pool vlan_pool_test
ssid-profile test
security-profile test
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
radio 0
vap-profile test wlan 5
radio 1
vap-profile test wlan 5
radio 2
vap-profile test wlan 5
ap-id 0 type-id 56 ap-mac 00e0-fced-3880 ap-sn 21023544831051220D2C
ap-id 1 type-id 56 ap-mac 00e0-fcde-2c70 ap-sn 2102354483105E639023
provision-ap
<>
dot1x-access-profile name dot1x_access_profile
<>
mac-access-profile name mac_access_profile
<>
核心交换机上配置
dis current-configuration
<>
sysname Huawei
<>
undo info-center enable
<>
vlan batch 10 to 12 20 30 100 192 999
ip pool vlan11
gateway-list 172.16.11.1
network 172.16.11.0 mask 255.255.255.0
dns-list 8.8.8.8
<>
ip pool vlan12
gateway-list 172.16.12.1
network 172.16.12.0 mask 255.255.255.0
dns-list 8.8.8.8
<>
ip pool vlan20
gateway-list 172.16.2.1
network 172.16.2.0 mask 255.255.255.0
dns-list 8.8.8.8
<>
ip pool vlan30
gateway-list 172.16.3.1
network 172.16.3.0 mask 255.255.255.0
excluded-ip-address 172.16.3.100
dns-list 8.8.8.8
<>
ip pool vlan192
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 192.168.100.100
<>
<>
interface Vlanif11
ip address 172.16.11.1 255.255.255.0
dhcp select global
<>
interface Vlanif12
ip address 172.16.12.1 255.255.255.0
dhcp select global
<>
interface Vlanif20
ip address 172.16.2.1 255.255.255.0
dhcp select global
<>
interface Vlanif30
ip address 172.16.3.1 255.255.255.0
dhcp select global
<>
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
<>
interface Vlanif192
ip address 192.168.10.1 255.255.255.0
dhcp select global
<>
interface Vlanif999
ip address 10.0.0.2 255.255.255.0
<>
interface MEth0/0/1
<>
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
<>
interface GigabitEthernet0/0/2
port link-type access
port default vlan 999
<>
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192
<>
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 30
<>
接入交换机上也要相应放行这些vlan:
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12 20 192
<>
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192
<>
interface Ethernet0/0/3
port link-type trunk
port trunk pvid vlan 192
port trunk allow-pass vlan 11 to 12 20 192