宝塔服务器面板，一键全能部署及管理，送你10850元礼包，点我领取

华为模拟器模拟中小型企业办公网和WLAN组网实验

实验拓扑图

实验说明

公司内部部分及相应vlan划分，行政部vlan10，市场部vlan20，生产部vlan30，每个办公区都有无线网络，无线AP属于vlan100，无线网划分vlan101

核心交换机SW1和SW5做VRRP虚拟冗余链路备份，核心交换机和出口路由器做Eth-Trunk负载均衡

各设备配置

交换机SW1

sys
sys SW1
vlan batch 10 20 30 40 100 to 101
ip pool p101
gateway-list 192.168.101.254
network 192.168.101.0 mask 255.255.255.0
dns-list 114.114.114.114
q
int vlanif 10
ip address 192.168.10.251 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 120
dhcp select interface
dhcp server excluded-ip-address 192.168.10.1 192.168.10.127
dhcp server dns-list 114.114.114.114
q
int vlanif 20
ip address 192.168.20.251 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 120
dhcp select interface
dhcp server excluded-ip-address 192.168.20.1 192.168.20.127
dhcp server dns-list 114.114.114.114
int vlanif 30
ip address 192.168.30.251 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.30.254
vrrp vrid 3 priority 120
dhcp select interface
dhcp server excluded-ip-address 192.168.30.1 192.168.30.127
dhcp server dns-list 114.114.114.114
int vlanif 40
ip address 192.168.40.251 255.255.255.0
vrrp vrid 4 virtual-ip 192.168.40.254
vrrp vrid 4 priority 120
dhcp select interface
dhcp server static-bind ip-address 192.168.40.100 mac-address 5489-9877-0834
q
int vlanif 101
ip address 192.168.101.254 255.255.255.0
dhcp select global
q
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/5
port link-type trunk
port trunk allow-pass vlan 10
q
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 20
q
interface GigabitEthernet0/0/7
port link-type trunk
port trunk allow-pass vlan 30 40
q


交换机SW5

sys
sys SW5
vlan batch 10 20 30 40
dhcp enable
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
dhcp select interface
dhcp server excluded-ip-address 192.168.10.128 192.168.10.250
dhcp server dns-list 114.114.114.114
q
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
dhcp select interface
dhcp server excluded-ip-address 192.168.20.128 192.168.20.250
dhcp server dns-list 114.114.114.114
q
interface Vlanif30
ip address 192.168.30.252 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.30.254
dhcp select interface
dhcp server excluded-ip-address 192.168.30.128 192.168.30.250
dhcp server dns-list 114.114.114.114
q
interface Vlanif40
ip address 192.168.40.252 255.255.255.0
vrrp vrid 4 virtual-ip 192.168.40.254
dhcp select interface
dhcp server static-bind ip-address 192.168.40.100 mac-address 5489-9877-0834
q
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
q
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
q
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30 40
q


无线控制器AC

sys
sys AC
vlan batch 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 101
q
wlan
traffic-profile name default
security-profile name Test
security wpa-wpa2 psk pass-phrase %^%#>o"90r[*uP6kR}Gi9e}Od$o@AW5uTLz9b}MeJ;$2%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name Test
ssid Test
ssid-profile name default
vap-profile name Test
service-vlan vlan-id 101
ssid-profile Test
security-profile Test
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap-group name group1
radio 0
vap-profile Test wlan 1
radio 1
vap-profile Test wlan 1
radio 2
vap-profile Test wlan 1
ap-group name default
ap-id 0 type-id 60 ap-mac 00e0-fc14-2a80 ap-sn 21023544831077393C60
ap-name ap0
ap-group group1
ap-id 1 type-id 60 ap-mac 00e0-fc9d-77a0 ap-sn 210235448310913B800F
ap-name ap1
ap-group group1
ap-id 2 type-id 60 ap-mac 00e0-fc88-70f0 ap-sn 2102354483102C673E2D
ap-name ap2
ap-group group1
q

出口路由器R1

sys
sys R1
interface Eth-Trunk1
undo portswitch
mode lacp-static
q
interface Eth-Trunk1.100
dot1q termination vid 111
ip address 192.168.1.1 255.255.255.0
arp broadcast enable
q
interface Eth-Trunk2
undo portswitch
mode lacp-static
q
interface Eth-Trunk2.100
dot1q termination vid 112
ip address 192.168.2.1 255.255.255.0
arp broadcast enable
q
interface GigabitEthernet0/0/0
eth-trunk 1
q
interface GigabitEthernet0/0/1
eth-trunk 1
q
interface GigabitEthernet0/0/2
eth-trunk 1
q
interface GigabitEthernet4/0/3
ip address 1.1.1.1 255.255.255.0
nat outbound 2000
q
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
ip route-static 192.168.0.0 255.255.0.0 192.168.1.2 preference 50
ip route-static 192.168.0.0 255.255.0.0 192.168.2.2

实验结果验证：

①各部门网络互访

行政部PC访问生产部PC

行政部PC访问外网R2

②无线网能访问外网

sta终端通过无线访问外网

③VRRP冗余链路测试

vrrp测试