H3C 无线网络工程配置案例

H3C 无线网络工程配置案例基本情况:一栋楼,总共6层,每一层都需要网络办公,并且需要有无线网络,拓扑图大概如下。在此就只写无线部分的配置了,当时用户要求,每一层楼的无线网

大家好,欢迎来到IT知识分享网。

H3C 无线网络工程配置案例

去年做的一个项目,涉及到交换和无线,在此把涉及到的技术及情况写写,也算是对自己所学到的知识,做一个总结吧!

基本情况:一栋楼,总共6层,每一层都需要网络办公,并且需要有无线网络,拓扑图大概如下。

H3C 无线网络工程配置案例

S58作为核心交换机,接入交换机使用S36序列,AC其实是S58控制器插卡,防火墙接入到互联网。在此就只写无线部分的配置了,当时用户要求,每一层楼的无线网段需要不同,现在以一楼为例,进行配置,现一楼无线网络网段为192.168.10.0/24,普通办公网段为192.168.21.0/24。设备基本配置如下:

S58配置如下:

dis cur

#

version 5.20, Release 1206

#

telnet server enable

#

ip ttl-expires enable

#

loopback-detection enable

#

vlan 19

description SW_guangli

#

vlan 20

description AP_guangli

#

vlan 21

description 1F

//1楼普通PC办公网段VLAN

#

vlan 10

description WLAN_Client

//1楼无线网段VLAN

#

vlan 4000

description To_SXF_FW

//连接到防火墙VLNA

#

dhcp server ip-pool 1F

network 192.168.21.0 mask 255.255.255.0

gateway-list 192.168.21.1

dns-list 192.168.22.5 202.98.192.67

//1楼普通办公 DHCP server

#

dhcp server ip-pool wclient_10

network 192.168.10.0 mask 255.255.255.0

gateway-list 192.168.10.1

dns-list 192.168.22.5 202.98.192.67

//1楼无线 DHCP server

#

interface Bridge-Aggregation1

port link-type trunk

port trunk permit vlan 10 to 31

//连接到58插卡

#

interface Bridge-Aggregation2

#

interface NULL0

#

interface Vlan-interface19

description louceng_switch_guangli

ip address 192.168.19.1 255.255.255.0

#

interface Vlan-interface20

description AP_guangli

ip address 192.168.20.1 255.255.255.0

#

interface Vlan-interface21

description 1f

ip address 192.168.21.1 255.255.255.0

#

interface Vlan-interface10

description WLAN_Client_1f

ip address 192.168.10.1 255.255.255.0

#

interface Vlan-interface4000

ip address 192.168.13.253 255.255.255.252

#

interface GigabitEthernet1/0/1

port link-mode bridge

description TO_1F_dan

port link-type trunk

port trunk permit vlan 1 10 19 to 21

loopback-detection enable

//接到一楼楼层交换机

#

interface GigabitEthernet1/0/2

port link-mode bridge

loopback-detection enable

#

interface GigabitEthernet1/0/3

port link-mode bridge

description TO_2F_Shuang

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/4

port link-mode bridge

description TO_2F_dan

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/5

port link-mode bridge

description TO_3F_SHUANG

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/6

port link-mode bridge

description TO_3f_dan

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/7

port link-mode bridge

loopback-detection enable

#

interface GigabitEthernet1/0/8

port link-mode bridge

description TO_4f_Dan

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/9

port link-mode bridge

description TO_1F_Shuang

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/10

port link-mode bridge

#

interface GigabitEthernet1/0/11

port link-mode bridge

#

interface GigabitEthernet1/0/12

port link-mode bridge

#

interface GigabitEthernet1/0/13

port link-mode bridge

#

interface GigabitEthernet1/0/14

port link-mode bridge

#

interface GigabitEthernet1/0/15

port link-mode bridge

description TO_5F_dan

port link-type trunk

loopback-detection enable

#

interface GigabitEthernet1/0/16

port link-mode bridge

#

interface GigabitEthernet1/0/17

port link-mode bridge

description TO_4f_shuang

port link-type trunk

#

…………………………….

#

interface GigabitEthernet1/1/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 10 to 31

port link-aggregation group 1

#

interface GigabitEthernet1/1/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 10 to 31

port link-aggregation group 1

#

dhcp-snooping

#

ip route-static 0.0.0.0 0.0.0.0 192.168.11.2

//连接到防火墙

#

dhcp server forbidden-ip 192.168.20.1

dhcp server forbidden-ip 192.168.21.1

dhcp server forbidden-ip 192.168.20.254

dhcp server forbidden-ip 192.168.21.2

dhcp server forbidden-ip 192.168.10.1

……

#

dhcp enable

#

load xml-configuration

#

user-interface aux 0

user-interface vty 0 15

authentication-mode scheme

user privilege level 3

AC(S58插卡)配置如下:

dis cur

#

version 5.20, Release 3111P07

#

sysname NDC_OA_AC

#

domain default enable system

#

telnet server enable

#

port-security enable

#

portal trap server-down

#

vlan 20

description WLAN_Manager

#

vlan 10

description Wclient_1f

#

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

#

user-group system

#

wlan rrm

dot11a mandatory-rate 6 12 24

dot11a supported-rate 9 18 36 48 54

dot11b mandatory-rate 1 2

dot11b supported-rate 5.5 11

dot11g mandatory-rate 1 2 5.5 11

dot11g supported-rate 6 9 12 18 24 36 48 54

#

wlan service-template 1 crypto

ssid ceshi1f

bind WLAN-ESS 1

cipher-suite tkip

security-ie wpa

service-template enable

//配置SSID

#

wlan service-template 2 crypto

ssid ceshi4f

bind WLAN-ESS 2

cipher-suite tkip

security-ie wpa

service-template enable

#

wlan service-template 3 crypto

ssid ceshi56f

bind WLAN-ESS 3

cipher-suite tkip

security-ie wpa

service-template enable

#

interface Bridge-Aggregation1

port link-type trunk

port trunk permit vlan 1 10 to 31

#

interface NULL0

#

interface Vlan-interface1

#

interface Vlan-interface20

ip address 192.168.20.254 255.255.255.0

#

interface Vlan-interface10

ip address 192.168.10.2 255.255.255.0

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 10 to 31

port link-aggregation group 1

#

interface GigabitEthernet1/0/2

port link-type trunk

port trunk permit vlan 1 10 to 31

port link-aggregation group 1

#

interface M-Ethernet1/0/0

#

interface WLAN-ESS1

port access vlan 10

port-security port-mode psk

port-security tx-key-type 11key

port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==

//配置无线虚接口 1楼

#

interface WLAN-ESS2

port access vlan 30

port-security port-mode psk

port-security tx-key-type 11key

port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==

#

interface WLAN-ESS3

port access vlan 31

port-security port-mode psk

port-security tx-key-type 11key

port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==

#

wlan ap 1f_101 model WA2220-AG id 1

serial-id 210235A42WC10B001746

radio 1

radio 2

channel 1

service-template 1

radio enable

//配置AP

#

wlan ap 1f_117 model WA2220-AG id 2

serial-id 210235A42WC10B001740

radio 1

radio 2

channel 11

service-template 1

radio enable

//配置AP

#

wlan ap 1f_121 model WA2220-AG id 3

serial-id 210235A42WC10B001514

radio 1

radio 2

channel 6

service-template 1

radio enable

//配置AP

#

……………………………………….

#

ip route-static 0.0.0.0 0.0.0.0 192.168.20.1

//配置缺省网关

#

load xml-configuration

#

user-interface con 0

user-interface aux 0

authentication-mode none

user privilege level 3

user-interface vty 0 4

authentication-mode scheme

user privilege level 3

楼层交换机配置如下:

display current-configuration

#

radius scheme system

#

domain system

#

vlan 19

description guangli

#

vlan 20

description WLAN_Manager

#

vlan 21

description 1f

#

vlan 10

description WLAN_Client1F

#

interface Vlan-interface19

ip address 192.168.19.20 255.255.255.0

#

interface Aux1/0/0

#

interface Ethernet1/0/1

port access vlan 21

#

interface Ethernet1/0/2

port access vlan 21

#

……………………….

#

interface Ethernet1/0/21

port access vlan 20

//接入AP

#

interface Ethernet1/0/22

port access vlan 20

//接入AP

#

interface Ethernet1/0/23

port access vlan 20

//接入AP

#

interface Ethernet1/0/21

port access vlan 20

//接入AP

#

interface GigabitEthernet1/1/1

#

interface GigabitEthernet1/1/2

#

interface GigabitEthernet1/1/3

port link-type trunk

port trunk permit vlan 1 10 to 31

//接入S58

#

interface GigabitEthernet1/1/4

port link-type trunk

port trunk permit vlan 1 10 to 31

#

ip route-static 0.0.0.0 0.0.0.0 192.168.19.1 preference 60

//缺省路由

#

user-interface aux 0 7

user-interface vty 0 4

authentication-mode scheme

完工!有不正确的地方,还望指点!

免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/50163.html

(0)

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

关注微信