Wlan组网成功,可以ping通接入层交换机,但AP不能上线

发布时间:  2015-03-30 浏览次数:  381 下载次数:  0
问题描述


基本组网和配置已完成,如图AC6605作网关,划3个vlan,vlan101为业务,vlan1000为AP管理,vlan1001为所有网络设备所在vlan。 AC6605同时作为DHCP服务器,为业务vlan提供服务。 组网完成后,从AC6605可以ping通接入层s2700交换机,但看不到有AP上线。

涉及主要配置如下:

AC6605:

#
vlan batch 101 1000 to 1001

#

vlan 101

description YeWu

vlan 1000

description apguanli

vlan 1001

description jiaohuanjiguanli

#

ip pool yewu
gateway-list x.x.x.x 
network x.x.x.x mask 255.255.224.0
lease day 0 hour 4 minute 0
dns-list x.x.x.x

#
interface Vlanif101
description YeWu
ip address X.X.X.X 255.255.224.0
web-auth-server portal layer3
dhcp select global                      
#
interface Vlanif1000
description to apguanli
ip address X.X.X.X 255.255.254.0
dhcp select interface
dhcp server lease day 4 hour 0 minute 0
dhcp server dns-list X.X.X.X
#
interface Vlanif1001
description to jiaohuanjiguanli
ip address X.X.X.X 255.255.255.0

#

interface GigabitEthernet0/0/1 (下联S5703汇聚层交换机)
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/24(上联物联网接口)
ip address x.x.x.x x.x.x.x
combo-port fiber

#

wlan

service-set name XXXX id 0
  forward-mode tunnel(设置为隧道转发)
  wlan-ess 0
  ssid xxxx                            
  user-isolate
  traffic-profile id 1
  security-profile id 1
  service-vlan 101

S5703交换机:

所有接口均为trunk,允许vlan 101 1000 1001 通过,在vlan1001配置一个管理地址。

S2700poe交换机:

!Software Version V100R006C05
#
vlan batch 101 1000 to 1001
#
vlan 104
description AP business
vlan 1000
description AP manage
vlan 1001
description Switch manage
#                                        
interface Vlanif1
#
interface Vlanif1001
description Switch manage
ip address X.X.X.X 255.255.255.0
#
interface Ethernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1       
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/4
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/5
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/6
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#                                        
interface Ethernet0/0/7
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1
#
interface Ethernet0/0/8
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 101 1000
port-isolate enable group 1

#

interface GigabitEthernet0/0/1            

port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094


告警信息

无AP上线,不能进行管理。业务不能正常使用。

处理过程

为与AP相连的e0/0/1 to e0/0/8 的接口配置pvid 1000 命令为:port trunk pvid vlan 1000  

interface Ethernet0/0/1

 port link-type trunk

 port trunk pvid vlan 1000

 undo port trunk allow-pass vlan 1

 port trunk allow-pass vlan 101 1000

 port-isolate enable group 1

g0/0/1口和汇聚层交换机相连,不需要配置。

根因

经排查,从AC6605ping接入层S2700交换机均正常。 实际原因为,由于AP管理vlan为1000,不是默认的vlan1,所以需要在接入层交换机和AP相连的接口上,配置pvid,案例中需要配置为pvid vlan 1000

解决方案

在配置接入层交换机与AP相连接的接口时,要注意AP的管理vlan,若没有使用vlan1,则必须加上PVID。

END