我管理着一个由 50 个 Aironet 1130AG 接入点组成的无线网络，这些接入点分布在 8 个 Catalyst 交换机上。这运行非常顺利，直到我不得不使用 VLAN 标记。现在有无密码默认 (1) 和带有 WPA2 的新 VLAN (300)。

除 VLAN 300 路由器所在的网关端口外，交换机之间的交换机端口均设置为中继模式。

在这个动作之后，整个网络都慢下来了。我缺乏管理 VLAN 的经验，所以我希望有人能给我一些可能导致性能下降的建议。

-- 接入点配置 --

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SSH-WL01
!
enable secret 5 ****
!
no aaa new-model
no ip igmp snooping
ip domain name SSH
!
!
no dot11 igmp snooping-helper
dot11 vlan-name Otrum vlan 300
dot11 vlan-name default vlan 1
!
dot11 ssid OpenNet
   vlan 1
   authentication open
   guest-mode
   mbssid guest-mode
   infrastructure-ssid optional
!
dot11 ssid otrum
   vlan 300
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 ****
!
dot11 network-map
power inline negotiation prestandard source
!
!
username admin privilege 15 secret 5 ****
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 300 mode ciphers aes-ccm tkip
 !
 ssid OpenNet
 !
 ssid otrum
 !
 mbssid
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.300
 encapsulation dot1Q 300
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 300 mode ciphers aes-ccm tkip
 !
 ssid OpenNet
 !
 ssid otrum
 !
 no dfs band block
 mbssid
 speed  basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 basic-54.0
 channel dfs
 station-role root
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.300
 encapsulation dot1Q 300
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.300
 encapsulation dot1Q 300
 no ip route-cache
 bridge-group 255
 no bridge-group 255 source-learning
 bridge-group 255 spanning-disabled
!
interface BVI1
 ip address 172.16.0.1 255.255.0.0
 no ip route-cache
!
ip default-gateway 172.16.254.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community SSH RO
snmp-server location Badehuset
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!

end

-- 切换配置 --

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ssh-sw01
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****
enable password ****
!
username admin privilege 15 secret 5 ****
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
ip domain-name ssh.local
cluster enable Cluster1 0
!
!
crypto pki trustpoint TP-self-signed-4237220096
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4237220096
 revocation-check none
 rsakeypair TP-self-signed-4237220096
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/3
 switchport mode trunk
!
interface FastEthernet0/4
 switchport mode trunk
!
interface FastEthernet0/5
 switchport mode trunk
!
interface FastEthernet0/6
 switchport mode trunk
!
interface FastEthernet0/7
 switchport mode trunk
!
interface FastEthernet0/8
 switchport mode trunk
!
interface FastEthernet0/9
 switchport mode trunk
!
interface FastEthernet0/10
 switchport mode trunk
!
interface FastEthernet0/11
 switchport mode trunk
!
interface FastEthernet0/12
 switchport mode trunk
!
interface FastEthernet0/13
 switchport mode trunk
!
interface FastEthernet0/14
 switchport mode trunk
!
interface FastEthernet0/15
 switchport mode trunk
!
interface FastEthernet0/16
 switchport mode trunk
!
interface FastEthernet0/17
 switchport mode trunk
!
interface FastEthernet0/18
 switchport mode trunk
!
interface FastEthernet0/19
 switchport mode trunk
!
interface FastEthernet0/20
 switchport mode trunk
!
interface FastEthernet0/21
 switchport mode trunk
!
interface FastEthernet0/22
 switchport mode trunk
!
interface FastEthernet0/23
 switchport mode access
!
interface FastEthernet0/24
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/2
 switchport mode trunk
!
interface Vlan1
 ip address 172.16.1.1 255.255.0.0
 no ip route-cache
!
interface Vlan10
 ip address 172.17.1.1 255.255.0.0
 no ip route-cache
!
interface Vlan300
 ip address 172.19.1.1 255.255.0.0
 no ip route-cache
!
ip http server
ip http secure-server
!
snmp-server community public RO
snmp-server community public@es0 RO
!
control-plane
!
line con 0
line vty 0 4
 password ****
 login local
 transport input ssh
line vty 5 15
 password ****
 login
!
end