1.1 實驗設備
使用一臺核心交換機RG-3760-24、一臺無線控制器H3C WX3024E、一臺POE 交換機RG-2928G-24P、一臺放裝AP WA4320i-ACN和一臺面板AP 4320H-CAN組網,實現無線功能。
1.2 實驗目標
(1)一個普通放裝AP和一個面板AP通過 dhcp option43 註冊上線
(2)配置兩個ssid,辦公ssid:office並設置密碼:12344321,訪客:guest
(3)面板AP下聯有線口配置單獨有線地址段
(4)調整放裝AP和麪板 AP 2.4GHZ 射頻口的功率爲10
(5)面板AP兩個射頻口限制接入終端數爲各1個
(6)配置無線用戶二層隔離。
1.3 實驗拓撲
二、實驗過程
2.1 配置核心交換機
1. 遠程telnet登陸核心交換機遠程管理地址: 192.168.9.99,輸入賬號密碼,開始配置核心交換機。
2. 在覈心上創建有線(17)、office(19)、guest(24)和無線管理(150)的vlan並描述。
3. 配置下聯口,放通相應vlan。
2.2 配置AC的交換部分
1. telnet登陸AC的管理地址: 192.168.100.250,輸入用戶名和密碼,使用oap con slot0,進入AC的交換部分開始配置。
2. 配置上聯口和下聯口。
3. 放通相應vlan。
2.3 配置POE交換機
1. telnet POE交換機的管理地址: 192.168.100.1,開始配置。
2. 配置上聯口和下聯口。
3. 放通相應vlan。
2.4 配置AC。
1.telnet登陸AC的管理地址: 192.168.100.250,輸入用戶名和密碼,開始配置AC。
2. 配置上聯口和下聯口。
3.放通相應vlan。
4.配置兩個ssid(office和guest)的服務模板和虛擬接口。
2.5配置面板AP
配置面板ap的上聯口和vlan等配置。
三、實驗結果
3.1 有線部分結果
有線部分可以自動獲取到IP地址,如下圖所示。
3.2 無線部分結果
無限部分分爲office和guest兩個ssid,均已正常上線,如下圖所示。
四、故障解決
在實驗中出現了兩次錯誤。
1. 裁剪了poe交換機上的所有vlan,導致無法遠程telnet配置poe交換機。
解決方法:重啓poe交換機
2. 配置完成後,AP並未上線。
解決方法:逐個排查配置,最終發現出錯在poe交換機的配置上,沒有在poe交換機上放通相應vlan,修改配置後,ap正常上線。
五、實驗總結
通過這次實驗,我對簡單的無線組網有了相應的瞭解,學到了其基本配置規劃和方法,爲以後的由小及大打下了基礎。同時在實驗中所犯的低級錯誤有了一定認識,以後在學習和工作中將會注意避免這些失誤和錯誤,以便能更好的完成工作任務。
六、附件
附各部分配置文件
6.1 核心配置日誌
HX#show run
Building configuration...
Current configuration : 3242 bytes
version RGOS 10.4(2) Release(75955)(Mon Jan 25 19:01:04 CST 2010 -ngcf34)
hostname HX
nfpp
vlan 1
vlan 9
name yuancheng_guanli
vlan 17
name youxian-17
vlan 19
name wlan-office-19
vlan 24
name wlan-guest-24
vlan 100
name neiwang_guanli
vlan 150
name ap-guanl
username admin password admin123
no service password-encryption
service dhcp
ip ssh version 2
ip dhcp snooping
ip dhcp excluded-address 192.168.150.254
ip dhcp excluded-address 172.16.17.254
ip dhcp excluded-address 172.17.19.254
ip dhcp excluded-address 172.17.24.254
ip dhcp pool youxian-10
network 172.16.17.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.16.17.254
ip dhcp pool wlan-office-19
network 172.17.19.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.17.19.254
ip dhcp pool wlan-guest-24
network 172.17.24.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.17.24.254
ip dhcp pool ap-guanl
option 43 hex 8007.0000.01c0.a864.fa
network 192.168.150.0 255.255.255.0
default-router 192.168.150.254
enable password admin123
enable service ssh-server
spanning-tree
interface FastEthernet 0/1
interface FastEthernet 0/2
interface FastEthernet 0/3
interface FastEthernet 0/4
interface FastEthernet 0/5
interface FastEthernet 0/6
interface FastEthernet 0/7
interface FastEthernet 0/8
interface FastEthernet 0/9
interface FastEthernet 0/10
interface FastEthernet 0/11
interface FastEthernet 0/12
interface FastEthernet 0/13
interface FastEthernet 0/14
interface FastEthernet 0/15
interface FastEthernet 0/16
interface FastEthernet 0/17
interface FastEthernet 0/18
interface FastEthernet 0/19
interface FastEthernet 0/20
interface FastEthernet 0/21
interface FastEthernet 0/22
interface FastEthernet 0/23
interface FastEthernet 0/24
interface GigabitEthernet 0/25
switchport mode trunk
switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094
description To-POE_G0/24
interface GigabitEthernet 0/26
switchport mode trunk
switchport trunk allowed vlan remove 1-18,20-23,25-99,101-4094
description To-AC_G1/0/1
interface GigabitEthernet 0/27
interface GigabitEthernet 0/28
switchport access vlan 9
interface VLAN 9
no ip proxy-arp
ip address 192.168.9.99 255.255.255.0
interface VLAN 17
no ip proxy-arp
ip address 172.16.17.254 255.255.255.0
description youxian_17
interface VLAN 19
no ip proxy-arp
ip address 172.17.19.254 255.255.255.0
description wlan-office-19
interface VLAN 24
no ip proxy-arp
ip address 172.17.24.254 255.255.255.0
description wlan-guest-24
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.254 255.255.255.0
description neiwang_guanli
interface VLAN 150
no ip proxy-arp
ip address 192.168.150.254 255.255.255.0
description AP_Guanl-_Gatway
ip route 0.0.0.0 0.0.0.0 192.168.9.254
line con 0
line vty 0 4
transport input ssh
login local
password admin123
end
HX#
6.2 POE交換機配置日誌
POE(config)#show run
Building configuration...
Current configuration : 2432 bytes
version RGOS 10.4(2b12)p6 Release(196987)(Fri Jan 22 09:33:36 CST 2016 -ngcf61)
hostname POE
nfpp
vlan 1
vlan 17
name youxian-17
vlan 100
name neiwang-guanli
vlan 150
name ap-guanli
username admin password admin123
no service password-encryption
ip dhcp relay information manage-vlan 1
ip dhcp snooping
poe class-lldp enable
enable password admin123
spanning-tree
interface GigabitEthernet 0/1
switchport access vlan 150
poe enable
rldp port loop-detect shutdown-port
description To-wa4320i-acn-g1/0/1
interface GigabitEthernet 0/2
switchport mode trunk
switchport trunk native vlan 150
switchport trunk allowed vlan remove 1-16,18-149,151-4094
poe enable
rldp port loop-detect shutdown-port
description To-wa4320h-acn-g1/0/1
interface GigabitEthernet 0/3
poe enable
interface GigabitEthernet 0/4
poe enable
interface GigabitEthernet 0/5
poe enable
interface GigabitEthernet 0/6
poe enable
interface GigabitEthernet 0/7
poe enable
interface GigabitEthernet 0/8
poe enable
interface GigabitEthernet 0/9
poe enable
interface GigabitEthernet 0/10
poe enable
interface GigabitEthernet 0/11
poe enable
interface GigabitEthernet 0/12
poe enable
interface GigabitEthernet 0/13
poe enable
interface GigabitEthernet 0/14
poe enable
interface GigabitEthernet 0/15
poe enable
interface GigabitEthernet 0/16
poe enable
interface GigabitEthernet 0/17
poe enable
interface GigabitEthernet 0/18
poe enable
interface GigabitEthernet 0/19
poe enable
interface GigabitEthernet 0/20
poe enable
interface GigabitEthernet 0/21
poe enable
interface GigabitEthernet 0/22
poe enable
interface GigabitEthernet 0/23
poe enable
interface GigabitEthernet 0/24
switchport mode trunk
switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094
ip dhcp snooping trust
poe enable
description To-HX_G0/25
interface GigabitEthernet 0/25
interface GigabitEthernet 0/26
interface GigabitEthernet 0/27
interface GigabitEthernet 0/28
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.1 255.255.255.0
description neiwang-guanli
ip route 0.0.0.0 0.0.0.0 192.168.100.254
line con 0
line vty 0 4
transport input telnet
login
password admin123
end
6.3 AC交換部分配置日誌
<SW>dis cur
version 5.20, Release 3507P29
sysname SW
domain default enable system
telnet server enable
oap management-ip 192.168.0.100 slot 1
password-recovery enable
vlan 1
vlan 19
description wlan-office-19
vlan 24
description vlan-guest-24
vlan 100
description neiwang-guanli
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
local-user admin
password cipher $c$3$P/ORfzpiCs861ClqeyqsA+HPPBUmcFPK
authorization-attribute level 3
service-type telnet
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface NULL0
interface Vlan-interface1
ip address 192.168.0.101 255.255.255.0
interface GigabitEthernet1/0/1
description To-HX_G0/26
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface GigabitEthernet1/0/2
poe enable
interface GigabitEthernet1/0/3
poe enable
interface GigabitEthernet1/0/4
poe enable
interface GigabitEthernet1/0/5
poe enable
interface GigabitEthernet1/0/6
poe enable
interface GigabitEthernet1/0/7
poe enable
interface GigabitEthernet1/0/8
poe enable
interface GigabitEthernet1/0/9
poe enable
interface GigabitEthernet1/0/10
poe enable
interface GigabitEthernet1/0/11
poe enable
interface GigabitEthernet1/0/12
poe enable
interface GigabitEthernet1/0/13
poe enable
interface GigabitEthernet1/0/14
poe enable
interface GigabitEthernet1/0/15
poe enable
interface GigabitEthernet1/0/16
poe enable
interface GigabitEthernet1/0/17
poe enable
interface GigabitEthernet1/0/18
poe enable
interface GigabitEthernet1/0/19
poe enable
interface GigabitEthernet1/0/20
poe enable
interface GigabitEthernet1/0/21
poe enable
interface GigabitEthernet1/0/22
poe enable
interface GigabitEthernet1/0/23
poe enable
interface GigabitEthernet1/0/24
poe enable
interface GigabitEthernet1/0/25
shutdown
interface GigabitEthernet1/0/26
shutdown
interface GigabitEthernet1/0/27
shutdown
interface GigabitEthernet1/0/28
shutdown
interface GigabitEthernet1/0/29
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface GigabitEthernet1/0/30
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user-interface vty 5 15
return
6.4 AC配置日誌
version 5.20, Release 3509P61
sysname AC
domain default enable system
telnet server enable
user-isolation vlan 19 enable
user-isolation vlan 19 permit-mac 001a-a91e-558b
user-isolation vlan 24 enable
user-isolation vlan 24 permit-mac 001a-a91e-558b
port-security enable
oap management-ip 192.168.0.101 slot 0
password-recovery enable
vlan 1
vlan 19
description wlan-office-19
vlan 24
description wlan-guest-24
vlan 100
description neiwang-guanli
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
group-attribute allow-guest
local-user admin
password cipher $c$3$FtQTL8kMVOFaxlTNuonpP0DdnOgycATK280O
authorization-attribute level 3
service-type telnet
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
wlan radio-policy 1
client max-count 1
wlan service-template 1 crypto
ssid office
bind WLAN-ESS 1
cipher-suite ccmp
security-ie rsn
service-template enable
wlan service-template 2 clear
ssid guest
bind WLAN-ESS 2
service-template enable
wlan ap-group default_group
ap mb-tsg-209
ap fz-tsg-2f-01
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface NULL0
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
interface Vlan-interface100
description neiwang-guanli
ip address 192.168.100.250 255.255.255.0
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 19 untagged
port hybrid pvid vlan 20
mac-vlan enable
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$4Nxvyh3vTsZQNZcM1lWUnve6VJ2eoXAyUJCP
interface WLAN-ESS2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 24 untagged
port hybrid pvid vlan 24
mac-vlan enable
wlan ap fz-tsg-2f-01 model WA4320i-ACN id 1
serial-id 210235A1GQC149000908
radio 1
service-template 1
service-template 2
radio enable
radio 2
max-power 10
service-template 1
service-template 2
radio enable
wlan ap mb-tsg-209 model WA4320H-ACN id 2
serial-id 219801A0P79149G00146
radio 1
channel 36
radio-policy 1
service-template 1
service-template 2
channel band-width 20
radio enable
radio 2
channel 1
max-power 10
radio-policy 1
service-template 1
service-template 2
radio enable
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
ssh server enable
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
protocol inbound telnet
return
6.1 AP配置日誌
<mb-tsg-209>dis cur
version 5.20, Release 1508P11
sysname mb-tsg-209
domain default enable system
ipv6
telnet server enable
password-recovery enable
undo attack-defense tcp fragment enable
vlan 1
vlan 17
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
group-attribute allow-guest
interface NULL0
interface Vlan-interface1
ipv6 address auto
ip address dhcp-alloc client-identifier mac Vlan-interface1
ipv6 address dhcp-alloc
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 17
interface GigabitEthernet1/0/2
port access vlan 17
interface GigabitEthernet1/0/3
port access vlan 17
interface GigabitEthernet1/0/4
port access vlan 17
interface WLAN-Radio1/0/1
interface WLAN-Radio1/0/2
info-center source LWPC channel 4
undo gratuitous-arp-learning enable
user-interface con 0
user-interface vty 0 4
authentication-mode none
user privilege level 3
set authentication password cipher c$3$mghba7P6AkOvP3w8hSiqRxoVtmJR8Yg3Jop6RbA=
return