大家好,欢迎来到IT知识分享网。
去年做的一个项目,涉及到交换和无线,在此把涉及到的技术及情况写写,也算是对自己所学到的知识,做一个总结吧!
基本情况:一栋楼,总共6层,每一层都需要网络办公,并且需要有无线网络,拓扑图大概如下。
S58作为核心交换机,接入交换机使用S36序列,AC其实是S58控制器插卡,防火墙接入到互联网。在此就只写无线部分的配置了,当时用户要求,每一层楼的无线网段需要不同,现在以一楼为例,进行配置,现一楼无线网络网段为192.168.10.0/24,普通办公网段为192.168.21.0/24。设备基本配置如下:
S58配置如下:
dis cur
#
version 5.20, Release 1206
#
telnet server enable
#
ip ttl-expires enable
#
loopback-detection enable
#
vlan 19
description SW_guangli
#
vlan 20
description AP_guangli
#
vlan 21
description 1F
//1楼普通PC办公网段VLAN
#
vlan 10
description WLAN_Client
//1楼无线网段VLAN
#
vlan 4000
description To_SXF_FW
//连接到防火墙VLNA
#
dhcp server ip-pool 1F
network 192.168.21.0 mask 255.255.255.0
gateway-list 192.168.21.1
dns-list 192.168.22.5 202.98.192.67
//1楼普通办公 DHCP server
#
dhcp server ip-pool wclient_10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 192.168.22.5 202.98.192.67
//1楼无线 DHCP server
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 10 to 31
//连接到58插卡
#
interface Bridge-Aggregation2
#
interface NULL0
#
interface Vlan-interface19
description louceng_switch_guangli
ip address 192.168.19.1 255.255.255.0
#
interface Vlan-interface20
description AP_guangli
ip address 192.168.20.1 255.255.255.0
#
interface Vlan-interface21
description 1f
ip address 192.168.21.1 255.255.255.0
#
interface Vlan-interface10
description WLAN_Client_1f
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface4000
ip address 192.168.13.253 255.255.255.252
#
interface GigabitEthernet1/0/1
port link-mode bridge
description TO_1F_dan
port link-type trunk
port trunk permit vlan 1 10 19 to 21
loopback-detection enable
//接到一楼楼层交换机
#
interface GigabitEthernet1/0/2
port link-mode bridge
loopback-detection enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
description TO_2F_Shuang
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/4
port link-mode bridge
description TO_2F_dan
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/5
port link-mode bridge
description TO_3F_SHUANG
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/6
port link-mode bridge
description TO_3f_dan
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/7
port link-mode bridge
loopback-detection enable
#
interface GigabitEthernet1/0/8
port link-mode bridge
description TO_4f_Dan
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/9
port link-mode bridge
description TO_1F_Shuang
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/10
port link-mode bridge
#
interface GigabitEthernet1/0/11
port link-mode bridge
#
interface GigabitEthernet1/0/12
port link-mode bridge
#
interface GigabitEthernet1/0/13
port link-mode bridge
#
interface GigabitEthernet1/0/14
port link-mode bridge
#
interface GigabitEthernet1/0/15
port link-mode bridge
description TO_5F_dan
port link-type trunk
loopback-detection enable
#
interface GigabitEthernet1/0/16
port link-mode bridge
#
interface GigabitEthernet1/0/17
port link-mode bridge
description TO_4f_shuang
port link-type trunk
#
…………………………….
#
interface GigabitEthernet1/1/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 to 31
port link-aggregation group 1
#
interface GigabitEthernet1/1/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 10 to 31
port link-aggregation group 1
#
dhcp-snooping
#
ip route-static 0.0.0.0 0.0.0.0 192.168.11.2
//连接到防火墙
#
dhcp server forbidden-ip 192.168.20.1
dhcp server forbidden-ip 192.168.21.1
dhcp server forbidden-ip 192.168.20.254
dhcp server forbidden-ip 192.168.21.2
dhcp server forbidden-ip 192.168.10.1
……
#
dhcp enable
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
authentication-mode scheme
user privilege level 3
AC(S58插卡)配置如下:
dis cur
#
version 5.20, Release 3111P07
#
sysname NDC_OA_AC
#
domain default enable system
#
telnet server enable
#
port-security enable
#
portal trap server-down
#
vlan 20
description WLAN_Manager
#
vlan 10
description Wclient_1f
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid ceshi1f
bind WLAN-ESS 1
cipher-suite tkip
security-ie wpa
service-template enable
//配置SSID
#
wlan service-template 2 crypto
ssid ceshi4f
bind WLAN-ESS 2
cipher-suite tkip
security-ie wpa
service-template enable
#
wlan service-template 3 crypto
ssid ceshi56f
bind WLAN-ESS 3
cipher-suite tkip
security-ie wpa
service-template enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 1 10 to 31
#
interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface20
ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface10
ip address 192.168.10.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 10 to 31
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 10 to 31
port link-aggregation group 1
#
interface M-Ethernet1/0/0
#
interface WLAN-ESS1
port access vlan 10
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
//配置无线虚接口 1楼
#
interface WLAN-ESS2
port access vlan 30
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
interface WLAN-ESS3
port access vlan 31
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
wlan ap 1f_101 model WA2220-AG id 1
serial-id 210235A42WC10B001746
radio 1
radio 2
channel 1
service-template 1
radio enable
//配置AP
#
wlan ap 1f_117 model WA2220-AG id 2
serial-id 210235A42WC10B001740
radio 1
radio 2
channel 11
service-template 1
radio enable
//配置AP
#
wlan ap 1f_121 model WA2220-AG id 3
serial-id 210235A42WC10B001514
radio 1
radio 2
channel 6
service-template 1
radio enable
//配置AP
#
……………………………………….
#
ip route-static 0.0.0.0 0.0.0.0 192.168.20.1
//配置缺省网关
#
load xml-configuration
#
user-interface con 0
user-interface aux 0
authentication-mode none
user privilege level 3
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
楼层交换机配置如下:
display current-configuration
#
radius scheme system
#
domain system
#
vlan 19
description guangli
#
vlan 20
description WLAN_Manager
#
vlan 21
description 1f
#
vlan 10
description WLAN_Client1F
#
interface Vlan-interface19
ip address 192.168.19.20 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port access vlan 21
#
interface Ethernet1/0/2
port access vlan 21
#
……………………….
#
interface Ethernet1/0/21
port access vlan 20
//接入AP
#
interface Ethernet1/0/22
port access vlan 20
//接入AP
#
interface Ethernet1/0/23
port access vlan 20
//接入AP
#
interface Ethernet1/0/21
port access vlan 20
//接入AP
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan 1 10 to 31
//接入S58
#
interface GigabitEthernet1/1/4
port link-type trunk
port trunk permit vlan 1 10 to 31
#
ip route-static 0.0.0.0 0.0.0.0 192.168.19.1 preference 60
//缺省路由
#
user-interface aux 0 7
user-interface vty 0 4
authentication-mode scheme
完工!有不正确的地方,还望指点!
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/50163.html
