華三無線網搭建實驗 H3C WLAN

一、實驗背景

1.1 實驗設備

使用一臺核心交換機RG-3760-24、一臺無線控制器H3C WX3024E、一臺POE 交換機RG-2928G-24P、一臺放裝AP WA4320i-ACN和一臺面板AP 4320H-CAN組網，實現無線功能。

1.2 實驗目標

       （1）一個普通放裝AP和一個面板AP通過 dhcp option43 註冊上線
       （2）配置兩個ssid，辦公ssid：office並設置密碼：12344321，訪客：guest
       （3）面板AP下聯有線口配置單獨有線地址段
       （4）調整放裝AP和麪板 AP 2.4GHZ 射頻口的功率爲10
       （5）面板AP兩個射頻口限制接入終端數爲各1個
       （6）配置無線用戶二層隔離。

1.3 實驗拓撲

二、實驗過程

2.1 配置核心交換機

1.  遠程telnet登陸核心交換機遠程管理地址： 192.168.9.99，輸入賬號密碼，開始配置核心交換機。

2.  在覈心上創建有線（17）、office（19）、guest（24）和無線管理（150）的vlan並描述。

3.  配置下聯口，放通相應vlan。

2.2 配置AC的交換部分

1.  telnet登陸AC的管理地址： 192.168.100.250，輸入用戶名和密碼，使用oap con slot0，進入AC的交換部分開始配置。

2.  配置上聯口和下聯口。

3.  放通相應vlan。

2.3 配置POE交換機

1.  telnet POE交換機的管理地址： 192.168.100.1，開始配置。

2.  配置上聯口和下聯口。

3.  放通相應vlan。

2.4 配置AC。

1.telnet登陸AC的管理地址： 192.168.100.250，輸入用戶名和密碼，開始配置AC。

2. 配置上聯口和下聯口。

3.放通相應vlan。

4.配置兩個ssid（office和guest）的服務模板和虛擬接口。

2.5配置面板AP

配置面板ap的上聯口和vlan等配置。

 

三、實驗結果

3.1 有線部分結果

有線部分可以自動獲取到IP地址，如下圖所示。

3.2 無線部分結果

無限部分分爲office和guest兩個ssid，均已正常上線,如下圖所示。

四、故障解決

在實驗中出現了兩次錯誤。

1. 裁剪了poe交換機上的所有vlan，導致無法遠程telnet配置poe交換機。

解決方法：重啓poe交換機

2. 配置完成後，AP並未上線。

解決方法：逐個排查配置，最終發現出錯在poe交換機的配置上，沒有在poe交換機上放通相應vlan，修改配置後，ap正常上線。

五、實驗總結

  通過這次實驗，我對簡單的無線組網有了相應的瞭解，學到了其基本配置規劃和方法，爲以後的由小及大打下了基礎。同時在實驗中所犯的低級錯誤有了一定認識，以後在學習和工作中將會注意避免這些失誤和錯誤，以便能更好的完成工作任務。

六、附件

附各部分配置文件

6.1 核心配置日誌

HX#show run

Building configuration...

Current configuration : 3242 bytes

version RGOS 10.4(2) Release(75955)(Mon Jan 25 19:01:04 CST 2010 -ngcf34)

hostname HX

nfpp

vlan 1

vlan 9

 name yuancheng_guanli

vlan 17

 name youxian-17

vlan 19

 name wlan-office-19

vlan 24

 name wlan-guest-24

vlan 100

 name neiwang_guanli

vlan 150

 name ap-guanl

username admin password admin123

no service password-encryption

service dhcp

ip ssh version 2

ip dhcp snooping

ip dhcp excluded-address 192.168.150.254

ip dhcp excluded-address 172.16.17.254

ip dhcp excluded-address 172.17.19.254

ip dhcp excluded-address 172.17.24.254

ip dhcp pool youxian-10

 network 172.16.17.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.16.17.254

ip dhcp pool wlan-office-19

 network 172.17.19.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.17.19.254

ip dhcp pool wlan-guest-24

 network 172.17.24.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.17.24.254

ip dhcp pool ap-guanl

 option 43 hex 8007.0000.01c0.a864.fa

 network 192.168.150.0 255.255.255.0

 default-router 192.168.150.254

enable password admin123

enable service ssh-server

spanning-tree

interface FastEthernet 0/1

interface FastEthernet 0/2

interface FastEthernet 0/3

interface FastEthernet 0/4

interface FastEthernet 0/5

interface FastEthernet 0/6

interface FastEthernet 0/7

interface FastEthernet 0/8

interface FastEthernet 0/9

interface FastEthernet 0/10

interface FastEthernet 0/11

interface FastEthernet 0/12

interface FastEthernet 0/13

interface FastEthernet 0/14

interface FastEthernet 0/15

interface FastEthernet 0/16

interface FastEthernet 0/17

interface FastEthernet 0/18

interface FastEthernet 0/19

interface FastEthernet 0/20

interface FastEthernet 0/21

interface FastEthernet 0/22        

interface FastEthernet 0/23

interface FastEthernet 0/24

interface GigabitEthernet 0/25

 switchport mode trunk

 switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

 description To-POE_G0/24

interface GigabitEthernet 0/26

 switchport mode trunk

 switchport trunk allowed vlan remove 1-18,20-23,25-99,101-4094

 description To-AC_G1/0/1

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

 switchport access vlan 9

interface VLAN 9

 no ip proxy-arp

 ip address 192.168.9.99 255.255.255.0

interface VLAN 17

 no ip proxy-arp

 ip address 172.16.17.254 255.255.255.0

 description youxian_17

interface VLAN 19

 no ip proxy-arp

 ip address 172.17.19.254 255.255.255.0

 description wlan-office-19

interface VLAN 24

 no ip proxy-arp

 ip address 172.17.24.254 255.255.255.0

 description wlan-guest-24

interface VLAN 100

 no ip proxy-arp

 ip address 192.168.100.254 255.255.255.0

 description neiwang_guanli        

interface VLAN 150

 no ip proxy-arp

 ip address 192.168.150.254 255.255.255.0

 description AP_Guanl-_Gatway

ip route 0.0.0.0 0.0.0.0 192.168.9.254

line con 0

line vty 0 4

 transport input ssh

 login local

 password admin123

end

HX#

6.2 POE交換機配置日誌

POE(config)#show run

Building configuration...

Current configuration : 2432 bytes

version RGOS 10.4(2b12)p6 Release(196987)(Fri Jan 22 09:33:36 CST 2016 -ngcf61)

hostname POE

nfpp

vlan 1

vlan 17

 name youxian-17

vlan 100

 name neiwang-guanli

vlan 150

 name ap-guanli

username admin password admin123

no service password-encryption

ip dhcp relay information manage-vlan 1

ip dhcp snooping

poe class-lldp enable

enable password admin123

spanning-tree

interface GigabitEthernet 0/1

 switchport access vlan 150

 poe enable

 rldp port loop-detect shutdown-port

 description To-wa4320i-acn-g1/0/1

interface GigabitEthernet 0/2

 switchport mode trunk

 switchport trunk native vlan 150

 switchport trunk allowed vlan remove 1-16,18-149,151-4094

 poe enable

 rldp port loop-detect shutdown-port

 description To-wa4320h-acn-g1/0/1

interface GigabitEthernet 0/3

 poe enable

interface GigabitEthernet 0/4

 poe enable

interface GigabitEthernet 0/5

 poe enable

interface GigabitEthernet 0/6

 poe enable

interface GigabitEthernet 0/7

 poe enable

interface GigabitEthernet 0/8

 poe enable

interface GigabitEthernet 0/9

 poe enable

interface GigabitEthernet 0/10

 poe enable

interface GigabitEthernet 0/11

 poe enable

interface GigabitEthernet 0/12

 poe enable

interface GigabitEthernet 0/13

 poe enable

interface GigabitEthernet 0/14

 poe enable

interface GigabitEthernet 0/15

 poe enable

interface GigabitEthernet 0/16

 poe enable

interface GigabitEthernet 0/17

 poe enable

interface GigabitEthernet 0/18

 poe enable

interface GigabitEthernet 0/19

 poe enable

interface GigabitEthernet 0/20

 poe enable

interface GigabitEthernet 0/21

 poe enable

interface GigabitEthernet 0/22

 poe enable

interface GigabitEthernet 0/23

 poe enable

interface GigabitEthernet 0/24

 switchport mode trunk

 switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

 ip dhcp snooping trust

 poe enable

 description To-HX_G0/25

interface GigabitEthernet 0/25

interface GigabitEthernet 0/26

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

interface VLAN 100

 no ip proxy-arp

 ip address 192.168.100.1 255.255.255.0

 description neiwang-guanli

ip route 0.0.0.0 0.0.0.0 192.168.100.254

line con 0

line vty 0 4

 transport input telnet

 login

 password admin123

end

6.3 AC交換部分配置日誌

<SW>dis cur

 version 5.20, Release 3507P29

 sysname SW

 domain default enable system

 telnet server enable

 oap management-ip 192.168.0.100 slot 1

 password-recovery enable

vlan 1

vlan 19

 description wlan-office-19

vlan 24

 description vlan-guest-24

vlan 100

 description neiwang-guanli

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

local-user admin

 password cipher $c$3$P/ORfzpiCs861ClqeyqsA+HPPBUmcFPK

 authorization-attribute level 3

 service-type telnet

interface Bridge-Aggregation1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

 ip address 192.168.0.101 255.255.255.0

interface GigabitEthernet1/0/1

 description To-HX_G0/26

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface GigabitEthernet1/0/2

 poe enable

interface GigabitEthernet1/0/3

 poe enable

interface GigabitEthernet1/0/4

 poe enable

interface GigabitEthernet1/0/5

 poe enable

interface GigabitEthernet1/0/6

 poe enable

interface GigabitEthernet1/0/7

 poe enable

interface GigabitEthernet1/0/8

 poe enable

interface GigabitEthernet1/0/9

 poe enable

interface GigabitEthernet1/0/10

 poe enable

interface GigabitEthernet1/0/11

 poe enable

interface GigabitEthernet1/0/12

 poe enable

interface GigabitEthernet1/0/13

 poe enable

interface GigabitEthernet1/0/14

 poe enable

interface GigabitEthernet1/0/15

 poe enable

interface GigabitEthernet1/0/16

 poe enable

interface GigabitEthernet1/0/17

 poe enable

interface GigabitEthernet1/0/18

 poe enable

interface GigabitEthernet1/0/19

 poe enable

interface GigabitEthernet1/0/20

 poe enable

interface GigabitEthernet1/0/21

 poe enable

interface GigabitEthernet1/0/22

 poe enable            

interface GigabitEthernet1/0/23

 poe enable

interface GigabitEthernet1/0/24

 poe enable

interface GigabitEthernet1/0/25

 shutdown

interface GigabitEthernet1/0/26

 shutdown

interface GigabitEthernet1/0/27

 shutdown

interface GigabitEthernet1/0/28

 shutdown

interface GigabitEthernet1/0/29

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface GigabitEthernet1/0/30

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

user-interface aux 0

user-interface vty 0 4

 authentication-mode scheme

user-interface vty 5 15

return

 

6.4 AC配置日誌

version 5.20, Release 3509P61

sysname AC

domain default enable system

telnet server enable

user-isolation vlan 19 enable

 user-isolation vlan 19 permit-mac 001a-a91e-558b

 user-isolation vlan 24 enable

 user-isolation vlan 24 permit-mac 001a-a91e-558b

port-security enable

oap management-ip 192.168.0.101 slot 0

password-recovery enable

vlan 1

vlan 19

 description wlan-office-19

vlan 24

 description wlan-guest-24

vlan 100

 description neiwang-guanli

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

 group-attribute allow-guest

local-user admin

 password cipher $c$3$FtQTL8kMVOFaxlTNuonpP0DdnOgycATK280O

 authorization-attribute level 3

 service-type telnet

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

wlan radio-policy 1

 client max-count 1

wlan service-template 1 crypto

 ssid office

 bind WLAN-ESS 1

 cipher-suite ccmp

 security-ie rsn

 service-template enable

wlan service-template 2 clear

 ssid guest

 bind WLAN-ESS 2

 service-template enable

wlan ap-group default_group

 ap mb-tsg-209 

 ap fz-tsg-2f-01

interface Bridge-Aggregation1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

 ip address 192.168.0.100 255.255.255.0

interface Vlan-interface100

 description neiwang-guanli

 ip address 192.168.100.250 255.255.255.0

interface GigabitEthernet1/0/1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface GigabitEthernet1/0/2

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface WLAN-ESS1

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 19 untagged

 port hybrid pvid vlan 20

 mac-vlan enable

 port-security port-mode psk

 port-security tx-key-type 11key

 port-security preshared-key pass-phrase cipher $c$3$4Nxvyh3vTsZQNZcM1lWUnve6VJ2eoXAyUJCP

interface WLAN-ESS2

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 24 untagged

 port hybrid pvid vlan 24

 mac-vlan enable

wlan ap fz-tsg-2f-01 model WA4320i-ACN id 1

 serial-id 210235A1GQC149000908

 radio 1

  service-template 1

  service-template 2

  radio enable

 radio 2

  max-power 10

  service-template 1

  service-template 2

  radio enable

wlan ap mb-tsg-209 model WA4320H-ACN id 2

 serial-id 219801A0P79149G00146

 radio 1

  channel 36

  radio-policy 1

  service-template 1

  service-template 2

  channel band-width 20

  radio enable

 radio 2

  channel 1

  max-power 10 

  radio-policy 1

  service-template 1

  service-template 2

  radio enable

wlan ips

 malformed-detect-policy default

 signature deauth_flood signature-id 1

 signature broadcast_deauth_flood signature-id 2

 signature disassoc_flood signature-id 3

 signature broadcast_disassoc_flood signature-id 4

 signature eapol_logoff_flood signature-id 5

 signature eap_success_flood signature-id 6

 signature eap_failure_flood signature-id 7

 signature pspoll_flood signature-id 8

 signature cts_flood signature-id 9

 signature rts_flood signature-id 10

 signature addba_req_flood signature-id 11

 signature-policy default

 countermeasure-policy default

 attack-detect-policy default

 virtual-security-domain default

  attack-detect-policy default

  malformed-detect-policy default

  signature-policy default

  countermeasure-policy default

ip route-static 0.0.0.0 0.0.0.0 192.168.100.254

ssh server enable

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

 user privilege level 3

 protocol inbound telnet

return

6.1 AP配置日誌

<mb-tsg-209>dis cur

version 5.20, Release 1508P11

sysname mb-tsg-209

domain default enable system

ipv6

telnet server enable

password-recovery enable

undo attack-defense tcp fragment enable

vlan 1

vlan 17

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

 group-attribute allow-guest

interface NULL0

interface Vlan-interface1

 ipv6 address auto

 ip address dhcp-alloc client-identifier mac Vlan-interface1

 ipv6 address dhcp-alloc

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 17

interface GigabitEthernet1/0/2

 port access vlan 17

interface GigabitEthernet1/0/3

 port access vlan 17

interface GigabitEthernet1/0/4

 port access vlan 17

interface WLAN-Radio1/0/1

interface WLAN-Radio1/0/2

info-center source LWPC channel 4

undo gratuitous-arp-learning enable

user-interface con 0

user-interface vty 0 4

 authentication-mode none

 user privilege level 3

 set authentication password cipher c$3$mghba7P6AkOvP3w8hSiqRxoVtmJR8Yg3Jop6RbA=

return