IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第1张图片

 由于这个是之前做的实验配置,那我就不过多备注了,直接就发各个交换机的配置了

LSW1:

sysname SW1

undo info-center enable

vlan batch 2 4 6

interface Ethernet0/0/2
 port link-type access
 port default vlan 6

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 4

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

LSW2:

sysname SW2

undo info-center enable

vlan batch 2 4 6

interface Ethernet0/0/1
 port link-type access
 port default vlan 6

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

LSW3:

sysname SW3

undo info-center enable

vlan batch 2 4 6

interface Ethernet0/0/1
 port link-type access
 port default vlan 6

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 4

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

LSW4:

sysname SW4

undo info-center enable

vlan batch 3 5 7

interface Ethernet0/0/1
 port link-type access
 port default vlan 7

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 3 5

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 3 5 7

LSW5:

sysname SW5

undo info-center enable

vlan batch 3 5 7

interface Ethernet0/0/1
 port link-type access
 port default vlan 7

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 3 5

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 3 5 7

LSW6:

sysname SW6

undo info-center enable

vlan batch 8 to 10

interface Eth-Trunk3
 port link-type trunk
 port trunk allow-pass vlan 8 to 10
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 8

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 9

interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10

LSW7:

sysname SW7

undo info-center enable

vlan batch 2 4 6 11

dhcp enable

interface Vlanif2
 ip address 192.1.2.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif4
 ip address 192.1.4.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif6
 ip address 192.1.6.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif11
 ip address 192.1.11.254 255.255.255.0 

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 4 11
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 4 6

interface GigabitEthernet0/0/4
 eth-trunk 1

interface GigabitEthernet0/0/5
 eth-trunk 1

ospf 1 
 area 0.0.0.1 
  network 192.1.2.0 0.0.0.255 
  network 192.1.4.0 0.0.0.255 
  network 192.1.6.0 0.0.0.255 
  network 192.1.11.0 0.0.0.255 

LSW8:

sysname SW8

undo info-center enable

vlan batch 3 5 7 12
dhcp enable

interface Vlanif3
 ip address 192.1.3.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif5
 ip address 192.1.5.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif7
 ip address 192.1.7.254 255.255.255.0 
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface Vlanif12
 ip address 192.1.12.254 255.255.255.0 

interface Eth-Trunk2
 port link-type trunk
 port trunk allow-pass vlan 3 5 7 12
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 3 5 7 

interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 3 5 7 

interface GigabitEthernet0/0/3
 eth-trunk 2

interface GigabitEthernet0/0/4
 eth-trunk 2

ospf 1 
 area 0.0.0.1 
  network 192.1.3.0 0.0.0.255 
  network 192.1.5.0 0.0.0.255 
  network 192.1.7.0 0.0.0.255 
  network 192.1.12.0 0.0.0.255 

LSW9:

sysname SW9

undo info-center enable

vlan batch 2 to 5 8 to 12

dhcp enable

interface Vlanif1
 ip address 192.1.1.254 255.255.255.0 
 dhcp select relay
 dhcp relay server-ip 192.1.1.253

interface Vlanif8
 ip address 192.1.8.254 255.255.255.0 

interface Vlanif9
 ip address 192.1.9.254 255.255.255.0 

interface Vlanif10
 ip address 192.1.10.254 255.255.255.0 

interface Vlanif11
 ip address 192.1.11.254 255.255.255.0 

interface Vlanif12
 ip address 192.1.12.254 255.255.255.0 

inteface MEth0/0/1

interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 2 4 11
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface Eth-Trunk2
 port link-type trunk
 port trunk allow-pass vlan 3 5 12
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface Eth-Trunk3
 port link-type trunk
 port trunk allow-pass vlan 8 to 10
 mode lacp-static
 load-balance src-dst-mac
 max active-linknumber 2

interface GigabitEthernet0/0/1
 eth-trunk 1

interface GigabitEthernet0/0/2
 eth-trunk 1

interface GigabitEthernet0/0/3
 eth-trunk 2

interface GigabitEthernet0/0/4
 eth-trunk 2

interface GigabitEthernet0/0/5
 eth-trunk 3

interface GigabitEthernet0/0/6
 eth-trunk 3

interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 2 to 5

ospf 1 
 area 0.0.0.1 
  network 192.1.1.0 0.0.0.255 
  network 192.1.8.0 0.0.0.255 
  network 192.1.9.0 0.0.0.255 
  network 192.1.10.0 0.0.0.255 
  network 192.1.11.0 0.0.0.255 
  network 192.1.12.0 0.0.0.255 

 AC:

sysname AC

vlan batch 2 to 5

authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile

dhcp enable

pki realm default
 rsa local-key-pair default
 enrollment self-signed

ike proposal default
 encryption-algorithm aes-256 
 dh group14 
 authentication-algorithm sha2-256 
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256 
 prf hmac-sha2-256 

free-rule-template name default_free_rule

portal-access-profile name portal_access_profile

aaa
 authentication-scheme default
 authentication-scheme radius
  authentication-mode radius
 authorization-scheme default
 accounting-scheme default
 domain default
  authentication-scheme radius
  radius-server default
 domain default_admin
  authentication-scheme default
 local-user admin password irreversible-cipher 123456
 local-user admin privilege level 15
 local-user admin service-type http

interface Vlanif1
 ip address 192.1.1.253 255.255.255.0
 dhcp select interface
 dhcp server dns-list 192.1.10.1 

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 5

interface GigabitEthernet0/0/21
 undo negotiation auto
 duplex half

interface GigabitEthernet0/0/22
 undo negotiation auto
 duplex half

interface GigabitEthernet0/0/23
 undo negotiation auto
 duplex half

interface GigabitEthernet0/0/24
 undo negotiation auto
 duplex half

 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 

ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1

capwap source interface vlanif1

user-interface con 0
 authentication-mode password
user-interface vty 0 4
 protocol inbound all
user-interface vty 16 20
 protocol inbound all

wlan
 traffic-profile name default
 security-profile name xiaoze1
  security wpa2 psk pass-phrase 123456 aes
 security-profile name xiaoze2
  security wpa2 psk pass-phrase 123456 aes
 ssid-profile name ssid1
  ssid xiaoze1
 ssid-profile name ssid2
  ssid xiaoze2
 ssid-profile name ssid3
  ssid xiaoze3
 ssid-profile name ssid4
  ssid xiaoze4
 ssid-profile name default
 vap-profile name vap1
  forward-mode tunnel
  service-vlan vlan-id 2
  ssid-profile ssid1
  security-profile xiaoze1
 vap-profile name vap2
  forward-mode tunnel
  service-vlan vlan-id 4
  ssid-profile ssid2
  security-profile xiaoze2
 vap-profile name vap3
  forward-mode tunnel
  service-vlan vlan-id 3
  ssid-profile ssid3
  security-profile xiaoze1
 vap-profile name vap4
  forward-mode tunnel
  service-vlan vlan-id 5
  ssid-profile ssid4
  security-profile xiaoze2
 vap-profile name default
 wds-profile name default
 mesh-handover-profile name default
 mesh-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default
 wireless-access-specification
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 serial-profile name preset-enjoyor-toeap 
 ap-group name apzu1
  radio 0
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
  radio 1
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
 ap-group name apzu2
  radio 0
   vap-profile vap3 wlan 3
   vap-profile vap4 wlan 4
  radio 1
   vap-profile vap3 wlan 3
   vap-profile vap4 wlan 4
 ap-group name default
 ap-id 1 type-id 61 ap-mac 00e0-fc22-6350 ap-sn 210235448310D73D370B
  ap-name AP1
  ap-group apzu1
 ap-id 2 type-id 61 ap-mac 00e0-fca3-28d0 ap-sn 210235448310BE27A030
  ap-name AP2
  ap-group apzu1
 ap-id 3 type-id 61 ap-mac 00e0-fc2e-48f0 ap-sn 210235448310B7605154
  ap-name AP3
  ap-group apzu1
 ap-id 4 type-id 61 ap-mac 00e0-fc79-03f0 ap-sn 2102354483103E328202
  ap-name AP4
  ap-group apzu2
 ap-id 5 type-id 61 ap-mac 00e0-fccc-3100 ap-sn 2102354483103B09A541
  ap-name AP5
  ap-group apzu2
 provision-ap

dot1x-access-profile name dot1x_access_profile

mac-access-profile name mac_access_profile

以下为无线的联通测试还有无线网络的IP获取

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第2张图片

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第3张图片

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第4张图片

 IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第5张图片

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第6张图片 IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第7张图片

登录ftp

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第8张图片

访问web

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第9张图片

无线设备ping web

IP级AC、AP配置实验案例(包含链路聚合、VLAN、DHCP、中继等内容)_第10张图片

可以适当添加策略

acl 3010

rule 10 deny tcp source 192.1.2.0 0.0.0.255 destination 192.1.9.1 0

rule 20 deny tcp source 192.1.3.0 0.0.0.255 destination 192.1.9.1 0

 rule 30 permit tcp source 192.1.4.0 0.0.0.255 destination 192.1.9.1 0

 rule 40 permit tcp source 192.1.5.0 0.0.0.255 destination 192.1.9.1 0

 rule 50 permit tcp source 192.1.6.0 0.0.0.255 destination 192.1.9.1 0

 rule 60 permit tcp source 192.1.7.0 0.0.0.255 destination 192.1.9.1 0

acl 3020

rule 10 permit tcp source any destination 192.1.8.1 0

traffic-filter vlan 9 inbound acl 3010

traffic-filter vlan 8 inbound acl 3020

你可能感兴趣的:(AP,AC组网,tcp/ip,网络,网络协议)