相关配置：

核心路由器

vlan batch 100 200 300 400

#设置Http管理允许所有端口访问
http secure-server server-source -i all

#创建Vlan
vlan 100
 description BanGong
vlan 200
 description Manager
vlan 300
 description JianKong
vlan 400
 description Guest_Wifi

#创建Vlan接口地址
interface Vlanif1
 ip address 192.168.0.1 255.255.255.0
 dhcp select interface
 dhcp server dns-list 192.168.0.1 
#
interface Vlanif100
 ip address 10.2.42.1 255.255.255.0
 dhcp select interface
 dhcp server excluded-ip-address 10.2.42.16 
 dhcp server dns-list 114.114.114.114 202.103.224.68 
#
interface Vlanif200
 ip address 192.168.10.1 255.255.255.0
 dhcp select interface
 dhcp server excluded-ip-address 192.168.10.2 192.168.10.7 
#
interface Vlanif300
 ip address 192.168.20.1 255.255.255.0
#
interface Vlanif400
 ip address 192.168.100.1 255.255.255.0
 dhcp select interface
 dhcp server dns-list 114.114.114.114 202.103.224.68 

#设置接口信息
interface GigabitEthernet0/0/1
 description To:AC_KongZhiQi
 port link-type trunk
 port trunk allow-pass vlan 100 200 300 400

interface GigabitEthernet0/0/2
 description To:JianKong
 port link-type access
 port default vlan 300

interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 100

interface GigabitEthernet0/0/6
 port link-type access
 port default vlan 100

interface GigabitEthernet0/0/8
 description To:JieRuJiaoHuanJi
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 100 200 300 400

interface GigabitEthernet0/0/9
 description Zhuanxian
 ip address 10.2.0.165 255.255.255.0

interface GigabitEthernet0/0/10
 description Internet
 nat outbound 2999 
 ip address dhcp-alloc

#设置对应的出口路由
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/10 192.168.1.1 description Internet
ip route-static 10.0.0.0 255.0.0.0 GigabitEthernet0/0/9 10.2.0.166 description ZhuanXian

接入交换机

vlan batch 100 200 300 400

#设置Http管理允许所有端口访问
http secure-server server-source -i all

#创建管理Vlan，并设置地址
interface Vlanif200
 ip address 192.168.10.2 255.255.255.0

#设置端口
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 100

#设置上联端口为Trunk
interface GigabitEthernet0/0/47
 port link-type trunk
 port trunk allow-pass vlan 100 200 300 400

#回程路由
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1

AP交换机

vlan batch 100 200 300 400

#设置Http管理允许所有端口访问
http secure-server server-source -i all

#设置管理Vlan及地址
interface Vlanif200
 ip address 192.168.10.7 255.255.255.0

#设置端口为trunk，放行多个Vlan，同时设置默认Vlan
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 200
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 100 200 400

#设置上联端口为Trunk
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 100 200 400

#回程路由
ip route-static 0.0.0.0 0.0.0.0 192.168.10.1

AC控制器

vlan batch 100 200 300 400

#设置Http管理允许所有端口访问
http secure-server server-source -i all

#设置管理Vlan及地址
interface Vlanif200
 ip address 192.168.10.6 255.255.255.0

#上联口设置Trunk
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 100 200 300 400
interface XGigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200 300 400

#设置ap的通讯Vlan及密码
capwap source interface vlanif200
capwap dtls psk xxxxx
capwap dtls inter-controller psk xxxxxx
capwap dtls no-auth enable