Сравнение версий

Старая версия 1

changes.mady.by.user Сагательян Регина Михайловна

Сохранено

по сравнению с

Новая версия Текущий

changes.mady.by.user Сагательян Регина Михайловна

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

Оглавление

Switching user traffic via VLAN

This approach is used in small networks where deploying VLAN does not cause difficulties.

In this case, traffic can either pass through the controller or be processed locally, depending on the switching settings.

In the provided example, traffic will be forwarded centrally through the controller.

The article covers a simple diagram:

Configuring switch

Блок кода
languagebash
titlePort configuration towards the AP
MES2324P#configure 
MES2324P(config)#interface GigabitEthernet 1/0/3
MES2324P(config-if)#switchport mode trunk 
MES2324P(config-if)#switchport trunk allowed vlan add 115
MES2324P(config-if)#switchport trunk native vlan 110
MES2324P(config-if)#exit
Блок кода
titleCommand description
#go to configuration mode
#go to interface configuration to which the access point is connected
#specify the port mode, in our case — trunk
#set 115 — VLAN for transmitting user traffic, which will then be routed (or switched) according to the network topology.
#set 110 — VLAN for access point management
Блок кода
languagebash
titlePort configuration towards WLC
MES2324P(config)#interface GigabitEthernet 1/0/5
MES2324P(config-if)# switchport mode trunk
MES2324P(config-if)#switchport trunk allowed vlan add 110,115
MES2324P(config-if)#exit
Блок кода
titleCommand description
#go to interface configuration to which the access point is connected
#specify the port mode, in our case — trunk
#set 115 — VLAN for transmitting user traffic, which will then be routed on the WLC (or on intermediate equipment between MES and WLC) and 110 — VLAN for access point management

 Configuring WLC

 Configuring physical interface

Блок кода
languagebash
titleConfiguring physical port towards MES
wlc-30(config)# interface gigabitethernet 1/0/1
wlc-30(config-if-gi)# switchport mode trunk 
wlc-30(config-if-gi)# switchport trunk allowed vlan add 115,110
wlc-30(config-if)#exit
Блок кода
titleCommand description
#go to interface configuration to which the access point is connected
#specify the port mode, in our case — trunk
#set 115 — VLAN for transmitting user traffic and 110 — VLAN for access point management

 VLAN termination in bridge

Блок кода
languagebash
titleInterface parameters for access points
wlc(config)# bridge 10
wlc(config)# description MNGT_AP
wlc(config-bridge)# vlan 110                           
wlc(config-bridge)# no spanning-tree                    
wlc(config-bridge)# ip address 192.168.1.1/24          
wlc(config-bridge)# ip firewall disable                
wlc(config-bridge)# enable                              
wlc(config-bridge)# exit
Блок кода
titleCommand description
#create a bridge named "10" 
#for easier reading and navigation through the configuration, add a short description of the interface
#VLAN ID 110 — VLAN number for transmitting management traffic
#disable the STP protocol
#specify the IP address of the management subnet
#disable the firewall
#enable the bridge
Блок кода
languagebash
titleConfiguring interface parameters for Wi-Fi users
wlc(config)# bridge 15
wlc(config)# description USERS 
wlc(config-bridge)# vlan 115                          
wlc(config-bridge)# no spanning-tree                    
wlc(config-bridge)# ip address 192.168.2.1/24          
wlc(config-bridge)# ip firewall disable                
wlc(config-bridge)# enable                              
wlc(config-bridge)# exit
Блок кода
titleCommand description
#create a bridge named "15" 
#for easier reading and navigation through the configuration, add a short description of the interface
#VLAN ID 115 — VLAN number for transmitting managementtraffic from trafficusers
#disable the STP protocol
#specify the network IP address of the management subnetfor users
#disable the firewall
#enable the bridge

By default, the factory configuration assumes the use of tunnels. However, since this article describes switching with VLAN, the following settings must be removed:

1.  In the DHCP server settings, suboption 12 is not used. This suboption is applied to indicate to the AP that SoftGRE tunneling must be used, as well as to define the tunnel address on the controller side.

Блок кода
languagebash
titleRemoving suboption 12
wlc-30# configure 
wlc-30(config)# ip dhcp-server pool ap-pool 
wlc-30(config-dhcp-server)# vendor-specific 
wlc-30(config-dhcp-server-vendor-specific)# no suboption 12

2. In the ap-location settings, the mode tunnel is not specified, and there is no need to configure tunnel softgre or softgre-controller.

Блок кода
languagebash
titleDisabling mode tunnel in ap-location
wlc-30(config)# wlc
wlc-30(config-wlc)# ap-location default-location 
wlc-30(config-wlc-ap-location)# no mode tunnel
Блок кода
titleDisabling softgre-controller
wlc-30(config)# no tunnel softgre 1
wlc-30(config)# no softgre-controller
Предупреждение

All changes made to the configuration must be saved in the non-volatile memory of the device.


wlc-30# commit

Configuration has been successfully applied and saved to flash. Commit timer started, changes will be reverted in 600 seconds. #changes are saved and the timer is started

wlc-30# confirm 

Configuration has been confirmed. Commit timer canceled. #changes are confirmed and applied

Local switching

Local switching — is a VAP mode for Eltex access points. It works only in a diagram with GRE tunneling and allows client traffic from a separate SSID to be released into a VLAN directly from the access point, without a tunnel. It is not used in a diagram without GRE.

With such a configuration, client traffic from some SSIDs will be sent in a SoftGRE tunnel to the controller, while traffic from other SSIDs (configured in Local Switching mode) will be processed locally: depending on the switching settings.

This mode is used when it is necessary to improve fault tolerance for critical SSIDs without using controller redundancy. If the controller becomes unavailable, clients will continue to operate. When using external DHCP and RADIUS servers, it also remains possible to connect new clients.

 Configuring switch

Блок кода
languagebash
titlePort configuration towards the AP
MES2324P#configure 
MES2324P(config)#interface GigabitEthernet 1/0/3
MES2324P(config-if)#switchport mode trunk 
MES2324P(config-if)#switchport trunk allowed vlan add 115
MES2324P(config-if)#switchport trunk native vlan 110
Блок кода
titleCommand description
#go to interface configuration to which the access point is connected
#specify the port mode, in our case — trunk
#set 115 — VLAN for transmitting user traffic, which will then be routed (or switched) according to the network topology.
#set 110 — VLAN for access point management
Примечание

On some devices, the configuration will be different, for example, on MES2424x series switches:

Блок кода
languagebash
MES2424P(config-if)#switchport mode general  
MES2424P(config-if)#switchport general allowed vlan add 115 tagged 
MES2424P(config-if)#switchport general allowed vlan add 110 untagged
MES2424P(config-if)#switchport  general pvid 110

 Configuring WLC

 Configuring physical interface

Блок кода
languagebash
titleConfiguring physical port towards MES
wlc-30(config)# interface gigabitethernet 1/0/1
wlc-30(config-if-gi)# switchport mode trunk 
wlc-30(config-if-gi)# switchport trunk allowed vlan add 110
MES2324P(config-if)#exit
Блок кода
titleCommand description
#switch to the interface configuration towards MES
#specify the port mode, in our case — trunk
#set 110 — VLAN for access point management

 Configuring bridge

Блок кода
languagebash
titleInterface parameters for access points
wlc(config)# bridge 10
wlc(config)# description MNGT_AP
wlc(config-bridge)# vlan 110                           
wlc(config-bridge)# no spanning-tree                    
wlc(config-bridge)# ip address 192.168.1.1/24          
wlc(config-bridge)# ip firewall disable                
wlc(config-bridge)# enable                              
wlc(config-bridge)# exit
Блок кода
titleCommand description
#create a bridge named "10" 
#for easier reading and navigation through the configuration, add a short description of the interface
#VLAN ID 110 — VLAN number for transmitting management traffic
#disable the STP protocol
#specify the IP address of the management subnet
#disable the firewall
#enable the bridge

It is necessary to specify the tunneling mode in the ap-location settings:

Примечание

This is required only when configuring “from scratch,” since in factory-config this setting is already present. 

Блок кода
languagebash
titleEnabling tunneling in ap-location
wlc-30(config-wlc-ap-location)# mode tunnel   

Detailed description of configuration with SoftGRE: Configuring SoftGRE tunnels (large office network diagram).

In the SSID-profile settings, for SSIDs that must release traffic locally, you need to specify the corresponding mode and client VLAN:

Блок кода
languagebash
titleНастройка SSID-profile
wlc-30(config-wlc-ssid-profile)# local-switching
wlc-30(config-wlc-ssid-profile)# vlan 115
Примечание

Using the Local Switching command, you can apply a scenario where traffic is released locally into a VLAN for a specific SSID, even if tunneling is enabled for the entire location.

Предупреждение

All changes made to the configuration must be saved in the non-volatile memory of the device.


wlc-30# commit

Configuration has been successfully applied and saved to flash. Commit timer started, changes will be reverted in 600 seconds. #changes are saved and the timer is started

wlc-30# confirm 

Configuration has been confirmed. Commit timer canceled. #changes are confirmed and applied