H3C-IRF堆叠+无线配置（实验环境）

1.为了保证网络的可靠性sw1与sw2做堆叠，逻辑上为一台交换机；

2.划分vlan 10,20,30,40将宿舍，教学楼，办公楼，食堂区域划分到对应vlan中；

3.vlan100为无线的管理vlan，vlan200为宿舍，办公，教学楼无线vlan；vlan300为食堂的无线vlan.

4.所有用户通过DHCP服务器获取IP；

5.要求食堂区域不可以和其他三个区域之间互访，只能访问INTERNET；

6.在R1上配置NAT地址转换，实现内网用户访问INTERNET;

#首先修改sw2的编号为2，不可与sw1重复
irf member 2 priority 1
#在SW2上将用于堆叠的物理端口关闭
interface range Ten-GigabitEthernet2/0/49 t2/0/50
 shutdown
#将端口加入堆叠组，在sw1和sw2分别配置
irf-port 1/1
 port group interface Ten-GigabitEthernet1/0/49
 port group interface Ten-GigabitEthernet1/0/50
irf-port 2/2
 port group interface Ten-GigabitEthernet2/0/49
 port group interface Ten-GigabitEthernet2/0/50
#配置完成后在SW2上将物理端口启用，此时交换机会重启
interface range Ten-GigabitEthernet2/0/49 t2/0/50
 undo shutdown

核心交换机配置

#
 sysname SW1
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
 irf member 2 priority 1
#
 dhcp enable
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 100
#
vlan 200
#
vlan 300
#
irf-port 1/1
 port group interface Ten-GigabitEthernet1/0/49
 port group interface Ten-GigabitEthernet1/0/50
#
irf-port 2/2
 port group interface Ten-GigabitEthernet2/0/49
 port group interface Ten-GigabitEthernet2/0/50
#
dhcp server ip-pool vlan10
 gateway-list 10.1.10.254
 network 10.1.10.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
dhcp server ip-pool vlan20
 gateway-list 10.1.20.254
 network 10.1.20.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
dhcp server ip-pool vlan30
 gateway-list 10.1.30.254
 network 10.1.30.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
dhcp server ip-pool vlan40
 gateway-list 10.1.40.254
 network 10.1.40.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
dhcp server ip-pool vlan200
 gateway-list 10.1.200.254
 network 10.1.200.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
dhcp server ip-pool vlan300
 gateway-list 10.2.210.254
 network 10.2.210.0 mask 255.255.255.0
 dns-list 8.8.8.8
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
#
interface Route-Aggregation1
 ip address 100.1.1.2 255.255.255.252
#
interface NULL0
#
interface Vlan-interface10
 ip address 10.1.10.254 255.255.255.0
 dhcp server apply ip-pool vlan10
#
interface Vlan-interface20
 ip address 10.1.20.254 255.255.255.0
 dhcp server apply ip-pool vlan20
#
interface Vlan-interface30
 ip address 10.1.30.254 255.255.255.0
 dhcp server apply ip-pool vlan30
#
interface Vlan-interface40
 ip address 10.1.40.254 255.255.255.0
 packet-filter 3000 inbound
 packet-filter 3000 outbound
 dhcp server apply ip-pool vlan40
#
interface Vlan-interface200
 ip address 10.1.200.254 255.255.255.0
 dhcp server apply ip-pool vlan200
#
interface Vlan-interface300
 ip address 10.2.210.254 255.255.255.0
 packet-filter 3000 inbound
 packet-filter 3000 outbound
 dhcp server apply ip-pool vlan300
#
interface GigabitEthernet1/0/5
 port link-mode route
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet2/0/5
 port link-mode route
 combo enable fiber
 port link-aggregation group 1
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet2/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet2/0/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet2/0/3
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface GigabitEthernet2/0/4
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
#
interface Ten-GigabitEthernet1/0/51
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
 port link-aggregation group 1
#
interface Ten-GigabitEthernet2/0/51
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
 port link-aggregation group 1
#
 ip route-static 0.0.0.0 0 100.1.1.1
#
acl advanced 3000
 rule 0 permit udp source-port range bootps bootpc
 rule 5 permit ip source 10.1.40.0 0.0.0.255
 rule 10 permit ip source 10.2.210.0 0.0.0.255
 rule 20 permit ip source 200.1.1.0 0.0.0.3
 rule 25 permit ip source 100.1.1.0 0.0.0.3
 rule 30 deny ip

AC配置

#
 sysname AC
#
wlan global-configuration
#
 dhcp enable
#
vlan 1
#
vlan 100
#
vlan 200
#
vlan 300
#
dhcp server ip-pool vlan100
 gateway-list 10.1.100.254
 network 10.1.100.0 mask 255.255.255.0
#
wlan service-template 1
 ssid sushe
 service-template enable
#
wlan service-template 2
 ssid jiaoxuelou
 service-template enable
#
wlan service-template 3
 ssid bangonglou
 service-template enable
#
wlan service-template 4
 ssid shitang
 service-template enable
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
#
interface NULL0
#
interface Vlan-interface100
 ip address 10.1.100.254 255.255.255.0
 dhcp server apply ip-pool vlan100
#
interface Ten-GigabitEthernet1/0/24
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
 port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/25
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 combo enable fiber
 port link-aggregation group 1
#
user-group system
#
 wlan auto-ap enable
#
wlan ap-group bangonglou
 vlan 1
 vlan 100
 ap bangonglou
 ap-model WA6320-HCL
  radio 1
   radio enable
   service-template 3 vlan 200
  radio 2
   radio enable
   service-template 3 vlan 200
  gigabitethernet 1
#
wlan ap-group default-group
 vlan 1
 vlan 100
#
wlan ap-group jiaoxuelou
 vlan 1
 vlan 100
 ap jiaoxuelou
 ap-model WA6320-HCL
  radio 1
   radio enable
   service-template 2 vlan 200
  radio 2
   radio enable
   service-template 2 vlan 200
  gigabitethernet 1
#
wlan ap-group shitang
 vlan 1
 vlan 100
 ap shitang
 ap-model WA6320-HCL
  radio 1
   radio enable
   service-template 4 vlan 300
  radio 2
   radio enable
   service-template 4 vlan 300
  gigabitethernet 1
#
wlan ap-group sushe
 vlan 1
 vlan 100
 ap sushe
 ap-model WA6320-HCL
  radio 1
   radio enable
   service-template 1 vlan 200
  radio 2
   radio enable
   service-template 1 vlan 200
  gigabitethernet 1
#
wlan virtual-ap-group default-virtualapgroup
#
wlan ap bangonglou model WA6320-HCL 
 serial-id H3C_2A-A2-D3-3C-0A-00
 vlan 1
 radio 1
 radio 2
 gigabitethernet 1
#
wlan ap jiaoxuelou model WA6320-HCL 
 serial-id H3C_2A-A2-CF-87-09-00
 vlan 1
 radio 1
 radio 2
 gigabitethernet 1
#
wlan ap shitang model WA6320-HCL 
 serial-id H3C_2A-A2-D7-65-0B-00
 vlan 1
 radio 1
 radio 2
 gigabitethernet 1
#
wlan ap sushe model WA6320-HCL 
 serial-id H3C_2A-A2-CB-4A-08-00
 vlan 1
 radio 1
 radio 2
 gigabitethernet 1
#
return

R1配置

#
 sysname R1
#
vlan 1
#
interface Route-Aggregation1
 ip address 100.1.1.1 255.255.255.252
#
interface GigabitEthernet0/0/0
 port link-mode route
 combo enable copper
 port link-aggregation group 1
#
interface GigabitEthernet0/0/1
 port link-mode route
 combo enable copper
 port link-aggregation group 1
#
interface GigabitEthernet0/0/2
 port link-mode route
 combo enable copper
 ip address 200.1.1.1 255.255.255.252
 nat outbound 2000
#
 ip route-static 10.0.0.0 8 100.1.1.2
#
acl basic 2000
 rule 5 permit source 10.0.0.0 0.255.255.255
#

Elijah's Blog

H3C-IRF堆叠+无线配置（实验环境）

核心交换机配置

AC配置

R1配置