一、实验背景
1.1 实验设备
使用一台核心交换机RG-3760-24、一台无线控制器H3C WX3024E、一台POE 交换机RG-2928G-24P、一台放装AP WA4320i-ACN和一台面板AP 4320H-CAN组网,实现无线功能。
1.2 实验目标
(1)一个普通放装AP和一个面板AP通过 dhcp option43 注册上线
(2)配置两个ssid,办公ssid:office并设置密码:12344321,访客:guest
(3)面板AP下联有线口配置单独有线地址段
(4)调整放装AP和面板 AP 2.4GHZ 射频口的功率为10
(5)面板AP两个射频口限制接入终端数为各1个
(6)配置无线用户二层隔离。
1.3 实验拓扑
二、实验过程
2.1 配置核心交换机
1. 远程telnet登陆核心交换机远程管理地址: 192.168.9.99,输入账号密码,开始配置核心交换机。
2. 在核心上创建有线(17)、office(19)、guest(24)和无线管理(150)的vlan并描述。
3. 配置下联口,放通相应vlan。
2.2 配置AC的交换部分
1. telnet登陆AC的管理地址: 192.168.100.250,输入用户名和密码,使用oap con slot0,进入AC的交换部分开始配置。
2. 配置上联口和下联口。
3. 放通相应vlan。
2.3 配置POE交换机
1. telnet POE交换机的管理地址: 192.168.100.1,开始配置。
2. 配置上联口和下联口。
3. 放通相应vlan。
2.4 配置AC。
1.telnet登陆AC的管理地址: 192.168.100.250,输入用户名和密码,开始配置AC。
2. 配置上联口和下联口。
3.放通相应vlan。
4.配置两个ssid(office和guest)的服务模板和虚拟接口。
2.5配置面板AP
配置面板ap的上联口和vlan等配置。
三、实验结果
3.1 有线部分结果
有线部分可以自动获取到IP地址,如下图所示。
3.2 无线部分结果
无限部分分为office和guest两个ssid,均已正常上线,如下图所示。
四、故障解决
在实验中出现了两次错误。
1. 裁剪了poe交换机上的所有vlan,导致无法远程telnet配置poe交换机。
解决方法:重启poe交换机
2. 配置完成后,AP并未上线。
解决方法:逐个排查配置,最终发现出错在poe交换机的配置上,没有在poe交换机上放通相应vlan,修改配置后,ap正常上线。
五、实验总结
通过这次实验,我对简单的无线组网有了相应的了解,学到了其基本配置规划和方法,为以后的由小及大打下了基础。同时在实验中所犯的低级错误有了一定认识,以后在学习和工作中将会注意避免这些失误和错误,以便能更好的完成工作任务。
六、附件
附各部分配置文件
6.1 核心配置日志
HX#show run
Building configuration...
Current configuration : 3242 bytes
version RGOS 10.4(2) Release(75955)(Mon Jan 25 19:01:04 CST 2010 -ngcf34)
hostname HX
nfpp
vlan 1
vlan 9
name yuancheng_guanli
vlan 17
name youxian-17
vlan 19
name wlan-office-19
vlan 24
name wlan-guest-24
vlan 100
name neiwang_guanli
vlan 150
name ap-guanl
username admin password admin123
no service password-encryption
service dhcp
ip ssh version 2
ip dhcp snooping
ip dhcp excluded-address 192.168.150.254
ip dhcp excluded-address 172.16.17.254
ip dhcp excluded-address 172.17.19.254
ip dhcp excluded-address 172.17.24.254
ip dhcp pool youxian-10
network 172.16.17.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.16.17.254
ip dhcp pool wlan-office-19
network 172.17.19.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.17.19.254
ip dhcp pool wlan-guest-24
network 172.17.24.0 255.255.255.0
dns-server 202.102.192.68 223.5.5.5
default-router 172.17.24.254
ip dhcp pool ap-guanl
option 43 hex 8007.0000.01c0.a864.fa
network 192.168.150.0 255.255.255.0
default-router 192.168.150.254
enable password admin123
enable service ssh-server
spanning-tree
interface FastEthernet 0/1
interface FastEthernet 0/2
interface FastEthernet 0/3
interface FastEthernet 0/4
interface FastEthernet 0/5
interface FastEthernet 0/6
interface FastEthernet 0/7
interface FastEthernet 0/8
interface FastEthernet 0/9
interface FastEthernet 0/10
interface FastEthernet 0/11
interface FastEthernet 0/12
interface FastEthernet 0/13
interface FastEthernet 0/14
interface FastEthernet 0/15
interface FastEthernet 0/16
interface FastEthernet 0/17
interface FastEthernet 0/18
interface FastEthernet 0/19
interface FastEthernet 0/20
interface FastEthernet 0/21
interface FastEthernet 0/22
interface FastEthernet 0/23
interface FastEthernet 0/24
interface GigabitEthernet 0/25
switchport mode trunk
switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094
description To-POE_G0/24
interface GigabitEthernet 0/26
switchport mode trunk
switchport trunk allowed vlan remove 1-18,20-23,25-99,101-4094
description To-AC_G1/0/1
interface GigabitEthernet 0/27
interface GigabitEthernet 0/28
switchport access vlan 9
interface VLAN 9
no ip proxy-arp
ip address 192.168.9.99 255.255.255.0
interface VLAN 17
no ip proxy-arp
ip address 172.16.17.254 255.255.255.0
description youxian_17
interface VLAN 19
no ip proxy-arp
ip address 172.17.19.254 255.255.255.0
description wlan-office-19
interface VLAN 24
no ip proxy-arp
ip address 172.17.24.254 255.255.255.0
description wlan-guest-24
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.254 255.255.255.0
description neiwang_guanli
interface VLAN 150
no ip proxy-arp
ip address 192.168.150.254 255.255.255.0
description AP_Guanl-_Gatway
ip route 0.0.0.0 0.0.0.0 192.168.9.254
line con 0
line vty 0 4
transport input ssh
login local
password admin123
end
HX#
6.2 POE交换机配置日志
POE(config)#show run
Building configuration...
Current configuration : 2432 bytes
version RGOS 10.4(2b12)p6 Release(196987)(Fri Jan 22 09:33:36 CST 2016 -ngcf61)
hostname POE
nfpp
vlan 1
vlan 17
name youxian-17
vlan 100
name neiwang-guanli
vlan 150
name ap-guanli
username admin password admin123
no service password-encryption
ip dhcp relay information manage-vlan 1
ip dhcp snooping
poe class-lldp enable
enable password admin123
spanning-tree
interface GigabitEthernet 0/1
switchport access vlan 150
poe enable
rldp port loop-detect shutdown-port
description To-wa4320i-acn-g1/0/1
interface GigabitEthernet 0/2
switchport mode trunk
switchport trunk native vlan 150
switchport trunk allowed vlan remove 1-16,18-149,151-4094
poe enable
rldp port loop-detect shutdown-port
description To-wa4320h-acn-g1/0/1
interface GigabitEthernet 0/3
poe enable
interface GigabitEthernet 0/4
poe enable
interface GigabitEthernet 0/5
poe enable
interface GigabitEthernet 0/6
poe enable
interface GigabitEthernet 0/7
poe enable
interface GigabitEthernet 0/8
poe enable
interface GigabitEthernet 0/9
poe enable
interface GigabitEthernet 0/10
poe enable
interface GigabitEthernet 0/11
poe enable
interface GigabitEthernet 0/12
poe enable
interface GigabitEthernet 0/13
poe enable
interface GigabitEthernet 0/14
poe enable
interface GigabitEthernet 0/15
poe enable
interface GigabitEthernet 0/16
poe enable
interface GigabitEthernet 0/17
poe enable
interface GigabitEthernet 0/18
poe enable
interface GigabitEthernet 0/19
poe enable
interface GigabitEthernet 0/20
poe enable
interface GigabitEthernet 0/21
poe enable
interface GigabitEthernet 0/22
poe enable
interface GigabitEthernet 0/23
poe enable
interface GigabitEthernet 0/24
switchport mode trunk
switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094
ip dhcp snooping trust
poe enable
description To-HX_G0/25
interface GigabitEthernet 0/25
interface GigabitEthernet 0/26
interface GigabitEthernet 0/27
interface GigabitEthernet 0/28
interface VLAN 100
no ip proxy-arp
ip address 192.168.100.1 255.255.255.0
description neiwang-guanli
ip route 0.0.0.0 0.0.0.0 192.168.100.254
line con 0
line vty 0 4
transport input telnet
login
password admin123
end
6.3 AC交换部分配置日志
version 5.20, Release 3507P29
sysname SW
domain default enable system
telnet server enable
oap management-ip 192.168.0.100 slot 1
password-recovery enable
vlan 1
vlan 19
description wlan-office-19
vlan 24
description vlan-guest-24
vlan 100
description neiwang-guanli
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
local-user admin
password cipher $c$3$P/ORfzpiCs861ClqeyqsA+HPPBUmcFPK
authorization-attribute level 3
service-type telnet
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface NULL0
interface Vlan-interface1
ip address 192.168.0.101 255.255.255.0
interface GigabitEthernet1/0/1
description To-HX_G0/26
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface GigabitEthernet1/0/2
poe enable
interface GigabitEthernet1/0/3
poe enable
interface GigabitEthernet1/0/4
poe enable
interface GigabitEthernet1/0/5
poe enable
interface GigabitEthernet1/0/6
poe enable
interface GigabitEthernet1/0/7
poe enable
interface GigabitEthernet1/0/8
poe enable
interface GigabitEthernet1/0/9
poe enable
interface GigabitEthernet1/0/10
poe enable
interface GigabitEthernet1/0/11
poe enable
interface GigabitEthernet1/0/12
poe enable
interface GigabitEthernet1/0/13
poe enable
interface GigabitEthernet1/0/14
poe enable
interface GigabitEthernet1/0/15
poe enable
interface GigabitEthernet1/0/16
poe enable
interface GigabitEthernet1/0/17
poe enable
interface GigabitEthernet1/0/18
poe enable
interface GigabitEthernet1/0/19
poe enable
interface GigabitEthernet1/0/20
poe enable
interface GigabitEthernet1/0/21
poe enable
interface GigabitEthernet1/0/22
poe enable
interface GigabitEthernet1/0/23
poe enable
interface GigabitEthernet1/0/24
poe enable
interface GigabitEthernet1/0/25
shutdown
interface GigabitEthernet1/0/26
shutdown
interface GigabitEthernet1/0/27
shutdown
interface GigabitEthernet1/0/28
shutdown
interface GigabitEthernet1/0/29
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface GigabitEthernet1/0/30
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user-interface vty 5 15
return
6.4 AC配置日志
version 5.20, Release 3509P61
sysname AC
domain default enable system
telnet server enable
user-isolation vlan 19 enable
user-isolation vlan 19 permit-mac 001a-a91e-558b
user-isolation vlan 24 enable
user-isolation vlan 24 permit-mac 001a-a91e-558b
port-security enable
oap management-ip 192.168.0.101 slot 0
password-recovery enable
vlan 1
vlan 19
description wlan-office-19
vlan 24
description wlan-guest-24
vlan 100
description neiwang-guanli
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
group-attribute allow-guest
local-user admin
password cipher $c$3$FtQTL8kMVOFaxlTNuonpP0DdnOgycATK280O
authorization-attribute level 3
service-type telnet
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
wlan radio-policy 1
client max-count 1
wlan service-template 1 crypto
ssid office
bind WLAN-ESS 1
cipher-suite ccmp
security-ie rsn
service-template enable
wlan service-template 2 clear
ssid guest
bind WLAN-ESS 2
service-template enable
wlan ap-group default_group
ap mb-tsg-209
ap fz-tsg-2f-01
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
interface NULL0
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
interface Vlan-interface100
description neiwang-guanli
ip address 192.168.100.250 255.255.255.0
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 19 24 100
port link-aggregation group 1
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 19 untagged
port hybrid pvid vlan 20
mac-vlan enable
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$4Nxvyh3vTsZQNZcM1lWUnve6VJ2eoXAyUJCP
interface WLAN-ESS2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 24 untagged
port hybrid pvid vlan 24
mac-vlan enable
wlan ap fz-tsg-2f-01 model WA4320i-ACN id 1
serial-id 210235A1GQC149000908
radio 1
service-template 1
service-template 2
radio enable
radio 2
max-power 10
service-template 1
service-template 2
radio enable
wlan ap mb-tsg-209 model WA4320H-ACN id 2
serial-id 219801A0P79149G00146
radio 1
channel 36
radio-policy 1
service-template 1
service-template 2
channel band-width 20
radio enable
radio 2
channel 1
max-power 10
radio-policy 1
service-template 1
service-template 2
radio enable
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
ssh server enable
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
protocol inbound telnet
return
6.1 AP配置日志
version 5.20, Release 1508P11
sysname mb-tsg-209
domain default enable system
ipv6
telnet server enable
password-recovery enable
undo attack-defense tcp fragment enable
vlan 1
vlan 17
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
user-group system
group-attribute allow-guest
interface NULL0
interface Vlan-interface1
ipv6 address auto
ip address dhcp-alloc client-identifier mac Vlan-interface1
ipv6 address dhcp-alloc
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 17
interface GigabitEthernet1/0/2
port access vlan 17
interface GigabitEthernet1/0/3
port access vlan 17
interface GigabitEthernet1/0/4
port access vlan 17
interface WLAN-Radio1/0/1
interface WLAN-Radio1/0/2
info-center source LWPC channel 4
undo gratuitous-arp-learning enable
user-interface con 0
user-interface vty 0 4
authentication-mode none
user privilege level 3
set authentication password cipher c$3$mghba7P6AkOvP3w8hSiqRxoVtmJR8Yg3Jop6RbA=
return