无线实现分部AP通过总部AC NAT公网地址注册

一 组网说明如上图总部无线控制器AC和AP二层注册分别只有AP和POE交换机和总部无线控制器AC三层注册二 设备配置2.1 总部出口配置sysname ZB-R#lldp global enable#acl advanced 3000description NATrule 0 permit ip#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 202.1.1.1 255.255.255.0nat outbound 3000nat server protocol icmp global 202.1.1.10 inside 192.168.1.253nat server protocol tcp global 202.1.1.10 inside 192.168.1.253nat server protocol udp global 202.1.1.10 inside 192.168.1.253#interface GigabitEthernet0/1port link-mode routecombo enable copperip address 1.1.1.2 255.255.255.0#ip route-static 0.0.0.0 0 202.1.1.2ip route-static 192.168.1.0 24 1.1.1.1#2.1 总部核心配置sysname ZB-HX#dhcp enable#lldp global enable#stp global enable#dhcp server ip-pool ZB-WXgateway-list 192.168.1.254network 192.168.1.0 mask 255.255.255.0dns-list 202.106.0.20#interface Vlan-interface1ip address 192.168.1.254 255.255.255.0#interface GigabitEthernet1/0/1port link-mode routecombo enable fiberip address 1.1.1.1 255.255.255.0#ip route-static 0.0.0.0 0 1.1.1.2#2.3 总部无线控制器AC配置sysname ZB-AC#wlan service-template 1ssid huaiservice-template enable#interface Vlan-interface1ip address 192.168.1.253 255.255.255.0#ip route-static 0.0.0.0 0 192.168.1.254#wlan ap-group default-groupvlan 1#wlan virtual-ap-group default-virtualapgroup#wlan ap FB-AP model WA6320-HCLserial-id H3C_28-93-4B-53-08-00vlan 1radio 1radio enableradio 2radio enablegigabitethernet 1#wlan ap ZB-AP model WA6320-HCLserial-id H3C_28-92-87-1D-05-00vlan 1radio 1radio enableradio 2radio enablegigabitethernet 1#2.4 分部出口配置sysname FB-R#lldp global enable#acl advanced 3000description NATrule 0 permit ip#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 203.1.1.1 255.255.255.0nat outbound 3000#interface GigabitEthernet0/1port link-mode routecombo enable copperip address 2.2.2.2 255.255.255.0#ip route-static 0.0.0.0 0 203.1.1.2ip route-static 192.168.11.0 24 2.2.2.1#2.5 分部核心配置-option43属性sysname FB-HX#dhcp enable#dhcp server ip-pool FB-WXgateway-list 192.168.11.254network 192.168.11.0 mask 255.255.255.0dns-list 202.106.0.20option 43 hex 8007000001ca01010a //AC公网地址是202.1.1.101个AC地址#interface Vlan-interface1ip address 192.168.11.254 255.255.255.0#interface GigabitEthernet1/0/1port link-mode routecombo enable fiberip address 2.2.2.1 255.255.255.0#ip route-static 0.0.0.0 0 2.2.2.2#三 状态查看3.1 拓扑中无线信号看到辐射出来了3.2 查看AP在线状态和获取地址信息1.总部、分别AP全部上线了2.总部是内网地址分部是公网地址3.3 手机无法搜索信号问题-感觉是模拟器bug四 华三dhcp option43或者nat特殊配置4.1 分部核心option43配置sysname FB-HX#dhcp enable#dhcp server ip-pool FB-WXgateway-list 192.168.11.254network 192.168.11.0 mask 255.255.255.0dns-list 202.106.0.20option 43 hex 8007000001ca01010a //AC公网地址是202.1.1.101个AC地址#华三option43属性转换总结1.ACoption43转发方法1个AC地址202.1.1.10转换成16进制后CA01010A配置option 43 hex 8007000001ca01010a2个AC地址202.1.1.10、202.1.1.11转换成16进制后CA01010A、转换成16进制后CA01010B配置option 43 hex 8007000002ca01010b2.最后1个AC地址最终配置dhcp server ip-pool FB-WXgateway-list 192.168.11.254network 192.168.11.0 mask 255.255.255.0dns-list 202.106.0.20option 43 hex 8007000001ca01010a4.2 总部出口NAT配置与总结sysname ZB-R#lldp global enable#acl advanced 3000description NATrule 0 permit ip#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 202.1.1.1 255.255.255.0nat outbound 3000nat server protocol icmp global 202.1.1.10 inside 192.168.1.253nat server protocol tcp global 202.1.1.10 inside 192.168.1.253nat server protocol udp global 202.1.1.10 inside 192.168.1.253#五 各个厂商dhcp option43属性配置与总结5.1 华三、锐捷、华为dhcp option43属性配置1.华三交换机dhcp server ip-pool vlan1190network 10.192.223.0 255.255.255.0dns-server 114.114.114.114 8.8.8.8gateway-list 10.192.223.1option 43 hex 80070000013A85FA802.锐捷交换机ip dhcp pool vlan1190option 43 hex 8007.0000.013a.85fa.80network 10.192.223.0 255.255.255.0dns-server 114.114.114.114 8.8.8.8default-router 10.192.223.13.华为交换机基于全局的配置ip pool vlan1190gateway-list 10.192.4.1network 10.192.4.0 mask 255.255.255.0section 0 10.192.4.21 10.192.4.254option 43 hex 80070000013A85FA80#interface Vlanif1190dhcp select global基于接口的配置#interface Vlanif1190description ap-guanliip address 10.192.91.1 255.255.255.0dhcp select interfacedhcp server excluded-ip-address 10.192.91.2 10.192.91.20dhcp server option 43 hex 80070000013A85FA80#5.2 华三、华为和思科的Option 43属性的对比华三AP支持的Option 43属性在L3 Switch上启用DHCP Server正确配置Option43例如AP属于VLAN100是192.168.100.0/24网段AC的IP地址为192.168.10.100/24只支持16进制DHCP Server配置如下[AC] dhcp server ip-pool vlan100[AC-dhcp-pool-vlan100] network 192.168.100.0 mask 255.255.255.0[AC-dhcp-pool-vlan100] gateway-list 192.168.100.254[AC-dhcp-pool-vlan100] option 43 hex 80070000 01 C0A80A64#80选项类型固定为801个字节。#07选项长度表示其后内容的长度十六进制数的个数这里表示后面有7个十六进制数0B表示后面有11个十六进制数一个字节。#0000Server type固定配为0000两个字节。#01后面IP地址的个数一个字节。# C0A80A64 AC的IP地址192.168.10.100的十六进制表示。注意dhcp server option 43的选项中最多支持下发14个ip地址且为了满足这个最大的规格option43的选项配置参照以下方式每段最大4个字节最小1个字节大小写都可以option 43 hex 803f0000 0e c0a80a60 c0a80a61 c0a80a62 c0a80a63 c0a80a64 c0a80a65 c0a80a66 c0a80a67 c0a80a68 c0a80a69 c0a80a70 c0a80a71 c0a80a72 c0a80a73华为AP支持的Option 43属性AC的IP地址为192.168.10.100/24,既支持16进制又支持10进制[Dhcp-hw] ip pool ap[Dhcp-hw-ip-pool-huawei]network 192.168.100.0 255.255.255.0[Dhcp-hw-ip-pool-huawei]gateaway-list 192.168.100.254[Dhcp-hw-ip-pool-huawei]option 43 sub-option 3 hex 3139322e3136382e31302e313030 or option 43 sub-option 3 ascii 192.168.10.100Sub-option 3为option 43的子类型后面跟的16进制包含小数点一起16进制数31对应字符“1”的ASCII值32对应“2”的ASCII值以此类推2e代表“.”的值2c代表“,”的值。如果有两个AC地址的话中间要用逗号隔开(asicc码2c)比如AC的IP地址为192.168.10.100和192.168.1.100.option 43属性如下[Dhcp-hw-ip-pool-huawei]option 43 sub-option 3 hex 3139322e3136382e31302e3130302c3139322e3136382e312e313030 or option 43 sub-option 3 ascii 192.168.10.100192.168.1.100思科AP支持的Option 43属性AC的IP地址为192.168.10.100/24,只支持16进制。Dhcp-sw(config)#ip dhcp pool APDhcp-sw(dhcp-config)#network 192.168.100.0 /24Dhcp-sw(dhcp-config)#default-route 102.168.100.254Dhcp-sw(dhcp-config)#option 43 hex f1040c0a80a64Hex是固定的标识为16进制f1是固定type,04代表地址长度一个地址4位如果两个地址则为08c0a80a64标识192.168.10.100如果华为的交换机和思科的交换机不支持我们AP支持的option 43格式那么我们AP就没办法识别从而完成不了注册。现场华为交换机下发的为自己AP支持的option 43的属性而我们AP不识别导致我们AP没有获取到AC的IP地址出现注册不上的情况。将华为的交换机配置成和H3C AP识别的Option 43属性或者改成二层注册。友商产品配置以其官方资料为准此处仅供参考。5.3 华三NAT和2种映射配置都可以实现5.3.1 接口nat server配置方式sysname ZB-R#lldp global enable#acl advanced 3000description NATrule 0 permit ip#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 202.1.1.1 255.255.255.0nat outbound 3000nat server protocol icmp global 202.1.1.10 inside 192.168.1.253nat server protocol tcp global 202.1.1.10 inside 192.168.1.253nat server protocol udp global 202.1.1.10 inside 192.168.1.253#AP在线状态正常5.3.2 全局nat static outbound配置方式sysname ZB-R#lldp global enable#acl advanced 3000description NATrule 0 permit ip#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 202.1.1.1 255.255.255.0nat outbound 3000nat static enable#nat static outbound 192.168.1.253 202.1.1.10#AP在线状态正常