网络工程 - 尝试使用 mbssid 在 cisco AP 内提供 dhcp - 吾爱随笔录

我一直在遵循几个在线指南来设置 Cisco Aironet 1602I。该 AP 有 2 个无线电天线，并且能够通过 mbssid cisco 配置生成多个 SSID。我的目标是在同一个无线电上有 2 个不同的 SSID，并让它们成为单独的网络，特别是，我希望第二个被隔离。

为此，我遵循了使用 VLAN 设置不同的多个 SSID 的指南。在 VLAN1 上，我将所有数据传递到不同的路由器以提供 DHCP 并路由到其他网络（这部分实际上没有问题）；对于 VLAN2，我想直接从 AP 本身提供 DHCP。

我已经做了足够多的工作，用自己的网络配置 SSID，将它们中的每一个分配给 VLAN1 和 VLAN2，并且客户端能够看到它们。客户端只能连接到 VLAN1。

VLAN1 正常工作。客户端从主路由器（而不是 AP）获取 DHCP 并 ping 其他网络等。尽管 VLAN2 似乎正在丢弃所有到达它的数据包并且不提供 DHCP 地址，即使我们已经为其配置了 dhcp 池.

我没有想法，因为我发现的所有指南似乎都服务于不直接从 AP 提供 DHCP 的 SSID 配置。

我也可能在解释问题方面做得不好，因此对任何令人困惑的部分表示歉意。

以下指南之一，尽管大多数在线指南的步骤总体相同： http ://www.cisco.com/c/en/us/support/docs/wireless-mobility/service-set-identifier-ssid/ 116118-configure-ap-ssid-ios.html

当前配置：

ap1#sh ru
Building configuration...

version 15.3
hostname ap1
!
!
no aaa new-model
no ip source-route
no ip cef
ip domain name example.com
ip dhcp excluded-address 172.16.0.1 172.16.0.20
!
ip dhcp pool guest-wifi
 import all
 network 172.16.0.0 255.255.255.0
 default-router 172.16.0.1 
 dns-server 4.2.2.2 
!
!
!
dot11 vlan-name GUEST vlan 2
dot11 vlan-name MAIN vlan 1
!
dot11 ssid TestNetwork
   vlan MAIN
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 123456789
!
dot11 ssid TestNetwork 5GHz
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 123456789
!
dot11 ssid TestingWiFi
   vlan GUEST
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 123456789
!
!
bridge irb
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 encryption vlan GUEST mode ciphers aes-ccm 
 !
 encryption vlan MAIN mode ciphers aes-ccm 
 !
 broadcast-key change 300
 !
 !        
 ssid TestNetwork
 !
 ssid TestingWiFi
 !
 antenna gain 0
 stbc
 beamform ofdm
 mbssid
 station-role root
 rts threshold 512
 rts retries 128
 no dot11 extension aironet
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding

interface Dot11Radio0.2
 encapsulation dot1Q 2
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 broadcast-key change 300
 !
 !
 ssid TestNetwork 5GHz
 !
 antenna gain 0
 peakdetect
 no dfs band block
 stbc
 beamform ofdm
 channel dfs
 station-role root
 rts threshold 512
 rts retries 128
 no dot11 extension aironet
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 bridge-group 2
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
!         
interface BVI1
 mac-address xxxx.xxxx.xxxx
 ip address 192.168.1.30 255.255.255.128
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
interface BVI2
 mac-address xxxx.xxxx.xxxx
 ip address 172.16.0.30 255.255.255.0
 ip information-reply
 history PPS
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
bridge 1 priority 1
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 priority 10
bridge 2 protocol ieee
bridge 2 route ip