一、实验背景

1.1 实验设备

使用一台核心交换机RG-3760-24、一台无线控制器H3C WX3024E、一台POE 交换机RG-2928G-24P、一台放装AP WA4320i-ACN和一台面板AP 4320H-CAN组网,实现无线功能。

1.2 实验目标

       (1)一个普通放装AP和一个面板AP通过 dhcp option43 注册上线
       (2)配置两个ssid,办公ssidoffice并设置密码:12344321,访客:guest
       (3)面板AP下联有线口配置单独有线地址段
       (4)调整放装AP和面板 AP 2.4GHZ 射频口的功率为10
       (5)面板AP两个射频口限制接入终端数为各1
       (6)配置无线用户二层隔离。

1.3 实验拓扑

华三无线网搭建实验 H3C WLAN_第1张图片

二、实验过程

2.1 配置核心交换机

1.  远程telnet登陆核心交换机远程管理地址: 192.168.9.99,输入账号密码,开始配置核心交换机。

2.  在核心上创建有线(17)、office(19)、guest(24)和无线管理(150)的vlan并描述。

3.  配置下联口,放通相应vlan。

2.2 配置AC的交换部分

1.  telnet登陆AC的管理地址: 192.168.100.250,输入用户名和密码,使用oap con slot0,进入AC的交换部分开始配置。

2.  配置上联口和下联口。

3.  放通相应vlan。

2.3 配置POE交换机

1.  telnet POE交换机的管理地址: 192.168.100.1,开始配置。

2.  配置上联口和下联口。

3.  放通相应vlan。

2.4 配置AC

1.telnet登陆AC的管理地址: 192.168.100.250,输入用户名和密码,开始配置AC。

2. 配置上联口和下联口。

3.放通相应vlan。

4.配置两个ssid(office和guest)的服务模板和虚拟接口。

2.5配置面板AP

配置面板ap的上联口和vlan等配置。

 

三、实验结果

3.1 有线部分结果

有线部分可以自动获取到IP地址,如下图所示。

华三无线网搭建实验 H3C WLAN_第2张图片

3.2 无线部分结果

无限部分分为officeguest两个ssid,均已正常上线,如下图所示。

华三无线网搭建实验 H3C WLAN_第3张图片

四、故障解决

在实验中出现了两次错误。

1. 裁剪了poe交换机上的所有vlan,导致无法远程telnet配置poe交换机。

解决方法:重启poe交换机

2. 配置完成后,AP并未上线。

解决方法:逐个排查配置,最终发现出错在poe交换机的配置上,没有在poe交换机上放通相应vlan,修改配置后,ap正常上线。

五、实验总结

  通过这次实验,我对简单的无线组网有了相应的了解,学到了其基本配置规划和方法,为以后的由小及大打下了基础。同时在实验中所犯的低级错误有了一定认识,以后在学习和工作中将会注意避免这些失误和错误,以便能更好的完成工作任务。

六、附件

附各部分配置文件

6.1 核心配置日志

HX#show run

Building configuration...

Current configuration : 3242 bytes

version RGOS 10.4(2) Release(75955)(Mon Jan 25 19:01:04 CST 2010 -ngcf34)

hostname HX

nfpp

vlan 1

vlan 9

 name yuancheng_guanli

vlan 17

 name youxian-17

vlan 19

 name wlan-office-19

vlan 24

 name wlan-guest-24

vlan 100

 name neiwang_guanli

vlan 150

 name ap-guanl

username admin password admin123

no service password-encryption

service dhcp

ip ssh version 2

ip dhcp snooping

ip dhcp excluded-address 192.168.150.254

ip dhcp excluded-address 172.16.17.254

ip dhcp excluded-address 172.17.19.254

ip dhcp excluded-address 172.17.24.254

ip dhcp pool youxian-10

 network 172.16.17.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.16.17.254

ip dhcp pool wlan-office-19

 network 172.17.19.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.17.19.254

ip dhcp pool wlan-guest-24

 network 172.17.24.0 255.255.255.0

 dns-server 202.102.192.68 223.5.5.5

 default-router 172.17.24.254

ip dhcp pool ap-guanl

 option 43 hex 8007.0000.01c0.a864.fa

 network 192.168.150.0 255.255.255.0

 default-router 192.168.150.254

enable password admin123

enable service ssh-server

spanning-tree

interface FastEthernet 0/1

interface FastEthernet 0/2

interface FastEthernet 0/3

interface FastEthernet 0/4

interface FastEthernet 0/5

interface FastEthernet 0/6

interface FastEthernet 0/7

interface FastEthernet 0/8

interface FastEthernet 0/9

interface FastEthernet 0/10

interface FastEthernet 0/11

interface FastEthernet 0/12

interface FastEthernet 0/13

interface FastEthernet 0/14

interface FastEthernet 0/15

interface FastEthernet 0/16

interface FastEthernet 0/17

interface FastEthernet 0/18

interface FastEthernet 0/19

interface FastEthernet 0/20

interface FastEthernet 0/21

interface FastEthernet 0/22        

interface FastEthernet 0/23

interface FastEthernet 0/24

interface GigabitEthernet 0/25

 switchport mode trunk

 switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

 description To-POE_G0/24

interface GigabitEthernet 0/26

 switchport mode trunk

 switchport trunk allowed vlan remove 1-18,20-23,25-99,101-4094

 description To-AC_G1/0/1

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

 switchport access vlan 9

interface VLAN 9

 no ip proxy-arp

 ip address 192.168.9.99 255.255.255.0

interface VLAN 17

 no ip proxy-arp

 ip address 172.16.17.254 255.255.255.0

 description youxian_17

interface VLAN 19

 no ip proxy-arp

 ip address 172.17.19.254 255.255.255.0

 description wlan-office-19

interface VLAN 24

 no ip proxy-arp

 ip address 172.17.24.254 255.255.255.0

 description wlan-guest-24

interface VLAN 100

 no ip proxy-arp

 ip address 192.168.100.254 255.255.255.0

 description neiwang_guanli        

interface VLAN 150

 no ip proxy-arp

 ip address 192.168.150.254 255.255.255.0

 description AP_Guanl-_Gatway

ip route 0.0.0.0 0.0.0.0 192.168.9.254

line con 0

line vty 0 4

 transport input ssh

 login local

 password admin123

end

HX#

6.2 POE交换机配置日志

POE(config)#show run

Building configuration...

Current configuration : 2432 bytes

version RGOS 10.4(2b12)p6 Release(196987)(Fri Jan 22 09:33:36 CST 2016 -ngcf61)

hostname POE

nfpp

vlan 1

vlan 17

 name youxian-17

vlan 100

 name neiwang-guanli

vlan 150

 name ap-guanli

username admin password admin123

no service password-encryption

ip dhcp relay information manage-vlan 1

ip dhcp snooping

poe class-lldp enable

enable password admin123

spanning-tree

interface GigabitEthernet 0/1

 switchport access vlan 150

 poe enable

 rldp port loop-detect shutdown-port

 description To-wa4320i-acn-g1/0/1

interface GigabitEthernet 0/2

 switchport mode trunk

 switchport trunk native vlan 150

 switchport trunk allowed vlan remove 1-16,18-149,151-4094

 poe enable

 rldp port loop-detect shutdown-port

 description To-wa4320h-acn-g1/0/1

interface GigabitEthernet 0/3

 poe enable

interface GigabitEthernet 0/4

 poe enable

interface GigabitEthernet 0/5

 poe enable

interface GigabitEthernet 0/6

 poe enable

interface GigabitEthernet 0/7

 poe enable

interface GigabitEthernet 0/8

 poe enable

interface GigabitEthernet 0/9

 poe enable

interface GigabitEthernet 0/10

 poe enable

interface GigabitEthernet 0/11

 poe enable

interface GigabitEthernet 0/12

 poe enable

interface GigabitEthernet 0/13

 poe enable

interface GigabitEthernet 0/14

 poe enable

interface GigabitEthernet 0/15

 poe enable

interface GigabitEthernet 0/16

 poe enable

interface GigabitEthernet 0/17

 poe enable

interface GigabitEthernet 0/18

 poe enable

interface GigabitEthernet 0/19

 poe enable

interface GigabitEthernet 0/20

 poe enable

interface GigabitEthernet 0/21

 poe enable

interface GigabitEthernet 0/22

 poe enable

interface GigabitEthernet 0/23

 poe enable

interface GigabitEthernet 0/24

 switchport mode trunk

 switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

 ip dhcp snooping trust

 poe enable

 description To-HX_G0/25

interface GigabitEthernet 0/25

interface GigabitEthernet 0/26

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

interface VLAN 100

 no ip proxy-arp

 ip address 192.168.100.1 255.255.255.0

 description neiwang-guanli

ip route 0.0.0.0 0.0.0.0 192.168.100.254

line con 0

line vty 0 4

 transport input telnet

 login

 password admin123

end

6.3 AC交换部分配置日志

dis cur

 version 5.20, Release 3507P29

 sysname SW

 domain default enable system

 telnet server enable

 oap management-ip 192.168.0.100 slot 1

 password-recovery enable

vlan 1

vlan 19

 description wlan-office-19

vlan 24

 description vlan-guest-24

vlan 100

 description neiwang-guanli

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

local-user admin

 password cipher $c$3$P/ORfzpiCs861ClqeyqsA+HPPBUmcFPK

 authorization-attribute level 3

 service-type telnet

interface Bridge-Aggregation1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

 ip address 192.168.0.101 255.255.255.0

interface GigabitEthernet1/0/1

 description To-HX_G0/26

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface GigabitEthernet1/0/2

 poe enable

interface GigabitEthernet1/0/3

 poe enable

interface GigabitEthernet1/0/4

 poe enable

interface GigabitEthernet1/0/5

 poe enable

interface GigabitEthernet1/0/6

 poe enable

interface GigabitEthernet1/0/7

 poe enable

interface GigabitEthernet1/0/8

 poe enable

interface GigabitEthernet1/0/9

 poe enable

interface GigabitEthernet1/0/10

 poe enable

interface GigabitEthernet1/0/11

 poe enable

interface GigabitEthernet1/0/12

 poe enable

interface GigabitEthernet1/0/13

 poe enable

interface GigabitEthernet1/0/14

 poe enable

interface GigabitEthernet1/0/15

 poe enable

interface GigabitEthernet1/0/16

 poe enable

interface GigabitEthernet1/0/17

 poe enable

interface GigabitEthernet1/0/18

 poe enable

interface GigabitEthernet1/0/19

 poe enable

interface GigabitEthernet1/0/20

 poe enable

interface GigabitEthernet1/0/21

 poe enable

interface GigabitEthernet1/0/22

 poe enable            

interface GigabitEthernet1/0/23

 poe enable

interface GigabitEthernet1/0/24

 poe enable

interface GigabitEthernet1/0/25

 shutdown

interface GigabitEthernet1/0/26

 shutdown

interface GigabitEthernet1/0/27

 shutdown

interface GigabitEthernet1/0/28

 shutdown

interface GigabitEthernet1/0/29

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface GigabitEthernet1/0/30

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

user-interface aux 0

user-interface vty 0 4

 authentication-mode scheme

user-interface vty 5 15

return

 

6.4 AC配置日志

version 5.20, Release 3509P61

sysname AC

domain default enable system

telnet server enable

user-isolation vlan 19 enable

 user-isolation vlan 19 permit-mac 001a-a91e-558b

 user-isolation vlan 24 enable

 user-isolation vlan 24 permit-mac 001a-a91e-558b

port-security enable

oap management-ip 192.168.0.101 slot 0

password-recovery enable

vlan 1

vlan 19

 description wlan-office-19

vlan 24

 description wlan-guest-24

vlan 100

 description neiwang-guanli

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

 group-attribute allow-guest

local-user admin

 password cipher $c$3$FtQTL8kMVOFaxlTNuonpP0DdnOgycATK280O

 authorization-attribute level 3

 service-type telnet

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

wlan radio-policy 1

 client max-count 1

wlan service-template 1 crypto

 ssid office

 bind WLAN-ESS 1

 cipher-suite ccmp

 security-ie rsn

 service-template enable

wlan service-template 2 clear

 ssid guest

 bind WLAN-ESS 2

 service-template enable

wlan ap-group default_group

 ap mb-tsg-209 

 ap fz-tsg-2f-01

interface Bridge-Aggregation1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

 ip address 192.168.0.100 255.255.255.0

interface Vlan-interface100

 description neiwang-guanli

 ip address 192.168.100.250 255.255.255.0

interface GigabitEthernet1/0/1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface GigabitEthernet1/0/2

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 19 24 100

 port link-aggregation group 1

interface WLAN-ESS1

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 19 untagged

 port hybrid pvid vlan 20

 mac-vlan enable

 port-security port-mode psk

 port-security tx-key-type 11key

 port-security preshared-key pass-phrase cipher $c$3$4Nxvyh3vTsZQNZcM1lWUnve6VJ2eoXAyUJCP

interface WLAN-ESS2

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 24 untagged

 port hybrid pvid vlan 24

 mac-vlan enable

wlan ap fz-tsg-2f-01 model WA4320i-ACN id 1

 serial-id 210235A1GQC149000908

 radio 1

  service-template 1

  service-template 2

  radio enable

 radio 2

  max-power 10

  service-template 1

  service-template 2

  radio enable

wlan ap mb-tsg-209 model WA4320H-ACN id 2

 serial-id 219801A0P79149G00146

 radio 1

  channel 36

  radio-policy 1

  service-template 1

  service-template 2

  channel band-width 20

  radio enable

 radio 2

  channel 1

  max-power 10 

  radio-policy 1

  service-template 1

  service-template 2

  radio enable

wlan ips

 malformed-detect-policy default

 signature deauth_flood signature-id 1

 signature broadcast_deauth_flood signature-id 2

 signature disassoc_flood signature-id 3

 signature broadcast_disassoc_flood signature-id 4

 signature eapol_logoff_flood signature-id 5

 signature eap_success_flood signature-id 6

 signature eap_failure_flood signature-id 7

 signature pspoll_flood signature-id 8

 signature cts_flood signature-id 9

 signature rts_flood signature-id 10

 signature addba_req_flood signature-id 11

 signature-policy default

 countermeasure-policy default

 attack-detect-policy default

 virtual-security-domain default

  attack-detect-policy default

  malformed-detect-policy default

  signature-policy default

  countermeasure-policy default

ip route-static 0.0.0.0 0.0.0.0 192.168.100.254

ssh server enable

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

 user privilege level 3

 protocol inbound telnet

return

6.1 AP配置日志

dis cur

version 5.20, Release 1508P11

sysname mb-tsg-209

domain default enable system

ipv6

telnet server enable

password-recovery enable

undo attack-defense tcp fragment enable

vlan 1

vlan 17

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

user-group system

 group-attribute allow-guest

interface NULL0

interface Vlan-interface1

 ipv6 address auto

 ip address dhcp-alloc client-identifier mac Vlan-interface1

 ipv6 address dhcp-alloc

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 17

interface GigabitEthernet1/0/2

 port access vlan 17

interface GigabitEthernet1/0/3

 port access vlan 17

interface GigabitEthernet1/0/4

 port access vlan 17

interface WLAN-Radio1/0/1

interface WLAN-Radio1/0/2

info-center source LWPC channel 4

undo gratuitous-arp-learning enable

user-interface con 0

user-interface vty 0 4

 authentication-mode none

 user privilege level 3

 set authentication password cipher c$3$mghba7P6AkOvP3w8hSiqRxoVtmJR8Yg3Jop6RbA=

return