1、Radius服务器使用ENSP中的云朵连接虚拟vm server
2、华为S5700交换机作为核心交换,配置DHCP服务为有线终端与PC分配ip地址
3、华为AC6605无线接入控制器,用于对所有无线AP管理,并给AP的管理网络分配ip地址,及给无线终端用户手机或笔记本STA分配ip地址,配置无线2.4Ghz与5Ghz的发射频率、信道、加密、SSID等。
4、华为AP6050共3个,用于模拟3个不同网段的无线终端接入
5、笔记本电脑STA与手机各3台,分别接入到3个AP发射的WIFI
6、华为AR2220路由器2台,用于模拟企业边界路由器与ISP路由器的网络
1、有线网络使用vlan10与vlan20这2个不同的网段,分别ip段为:
192.168.10.0/24,网关192.168.10.254/24
192.168.20.0/24,网关192.168.20.254/24
2、无线网络使用vlan30、vlan40、vlan50,分别ip段为:
业务网络:192.168.30.0/24 网关192.168.30.254/24,管理网络:192.168.30.253/24
业务网络:192.168.40.0/24 网关192.168.40.254/24,管理网络:192.168.40.253/24
业务网络:192.168.50.0/24 网关192.168.50.254/24,管理网络:192.168.50.253/24
3、无线网络vlan159用于对所有无线AP分配管理ip地址,ip网段为:
192.168.159.0/24,用于AP连接到AC控制器上线
4、DHCP服务器分2个进行,S5700的DHCP服务用于给有线网络用户分配ip地址,基于vlan接口的DHCP配置;AC控制器的DHCP服务采用中继技术,用于给无线AP分配192.168.159.0/24的ip地址,并给接入到不同区域AP的用户分配业务网络ip,使不同业务区域的无线用户获取到对应的业务网络ip地址,即:AP1区域的用户获取192.168.30.0/24的ip地址,AP2区域的用户获取192.168.40.0/24的ip地址,AP3区域的用户获取192.168.50.0/24的ip地址。
5、与云朵、边界链路的网络采用三层网络模式,采用ospf动态路由协议与主机路由打通网络
6、与用户终端的有线与无线接入采用二层网络模式
7、本文先完成网络二层、三层、有线、无线的打通,云朵中的vm server配置后续文章再介绍
1、LSW1(S5700)的配置指令,如下:
undo terminal monitor
system-view
vlan batch 10 20 30 40 50 159 172
dhcp enable
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select interface
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select interface
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.159.253
interface Vlanif40
ip address 192.168.40.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.159.253
interface Vlanif50
ip address 192.168.50.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.159.253
interface Vlanif159
ip address 192.168.159.254 255.255.255.0
dhcp select relay
dhcp relay server-ip 192.168.159.253
interface Vlanif172
ip address 172.16.0.2 255.255.255.0
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 50 159 172
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30 40 50 159
interface GigabitEthernet0/0/3
port link-type access
port default vlan 172
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 30 40 159 172
interface GigabitEthernet0/0/5
port link-type access
port default vlan 158
2、LSW2(S1700)输入配置指令如下:
undo terminal monitor
system-view
vlan batch 10 20 50 159 172
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 50 159 172
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 159
port trunk allow-pass vlan 50 159
port-isolate enable group 1
3、LSW3(S1700)输入配置指令如下:3
undo terminal monitor
system-view
vlan batch 30 40 159 172
interface Ethernet0/0/1
port link-type trunk
port trunk pvid vlan 159
port trunk allow-pass vlan 30 159 172
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 159
port trunk allow-pass vlan 40 159
port-isolate enable group 1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30 40 159 172
undo terminal monitor
system-view
vlan batch 30 40 50 159
dhcp enable
ip pool ap
gateway-list 192.168.159.254
network 192.168.159.0 mask 255.255.255.0
excluded-ip-address 192.168.159.253
ip pool vlan30
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
excluded-ip-address 192.168.30.253
ip pool vlan40
gateway-list 192.168.40.254
network 192.168.40.0 mask 255.255.255.0
excluded-ip-address 192.168.40.253
ip pool vlan50
gateway-list 192.168.50.254
network 192.168.50.0 mask 255.255.255.0
excluded-ip-address 192.168.50.253
interface Vlanif30
ip address 192.168.30.253 255.255.255.0
dhcp select global
interface Vlanif40
ip address 192.168.40.253 255.255.255.0
dhcp select global
interface Vlanif50
ip address 192.168.50.253 255.255.255.0
dhcp select global
interface Vlanif159
ip address 192.168.159.253 255.255.255.0
dhcp select global
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30 40 50 159
1、LSW1(S5700)输入以下配置指令:
undo terminal monitor
system-view
ospf 1
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.0.0 0.0.0.255
network 192.168.159.0 0.0.0.255
network 192.168.50.0 0.0.0.255
2、无线AC控制器输入以下配置指令:
undo terminal monitor
system-view
ospf 1
area 0.0.0.0
network 192.168.30.0 0.0.0.255
network 192.168.40.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 192.168.159.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 192.168.159.254
3、边界路由器输入以下配置指令:
undo terminal monitor
system-view
interface GigabitEthernet0/0/1
ip address 172.16.0.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 10.0.0.2 255.255.255.0
interface NULL0
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
network 172.16.0.0 0.0.0.255
4、ISP路由器输入以下配置指令:
undo terminal monitor
system-view
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.255
5、在LSW1上查看ospf邻居与邻接状态
6、在边界路由器上查看ospf邻居与邻接状态
通过邻居状态可以看出,三层网络通过ospf协议建立了相互之间的邻居关系,并已经进入到邻接状态。
undo terminal monitor
system-view
wlan
security-profile name vlan30
security wpa-wpa2 psk pass-phrase 12345678 aes
ssid-profile name vlan30
ssid vlan30
vap-profile name vlan30
service-vlan vlan-id 30
ssid-profile vlan30
security-profile vlan30
rrm-profile name default
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
ap-group name vlan30
radio 0
vap-profile vlan30 wlan 1
radio 1
vap-profile vlan30 wlan 1
ap-id 1 ap-mac 00e0-fce5-0ce0
ap-name vlan30
ap-group vlan30
radio 0
channel 20mhz 1
eirp 127
radio 1
channel 40mhz-minus 40
eirp 127
wlan
security-profile name vlan40
security wpa-wpa2 psk pass-phrase 12345678 aes
ssid-profile name vlan40
ssid vlan40
vap-profile name vlan40
service-vlan vlan-id 40
ssid-profile vlan40
security-profile vlan40
rrm-profile name default
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
ap-group name vlan40
radio 0
vap-profile vlan40 wlan 1
radio 1
vap-profile vlan40 wlan 1
ap-id 2 ap-mac 00e0-fcd5-2000
ap-name vlan40
ap-group vlan40
radio 0
channel 20mhz 6
eirp 126
radio 1
channel 40mhz-minus 48
eirp 126
wlan
security-profile name vlan50
security wpa-wpa2 psk pass-phrase 12345678 aes
ssid-profile name vlan50
ssid vlan50
vap-profile name vlan50
service-vlan vlan-id 50
ssid-profile vlan50
security-profile vlan50
rrm-profile name default
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
ap-group name vlan50
radio 0
vap-profile vlan50 wlan 1
radio 1
vap-profile vlan50 wlan 1
ap-id 3 ap-mac 00e0-fc8a-5db0
ap-name vlan50
ap-group vlan50
radio 0
channel 20mhz 11
eirp 125
radio 1
channel 40mhz-minus 56
eirp 125
1、查看已经上线的无线AP,共3台无线AP,均已上线,如下图:
2、查看AP发射出来的无线WIFI,如下图:
3、查看已经连接上的无线终端设备,6个终端设备分别连接了2.4Ghz与5Ghz各3台,如下图:
1、无线终端使用DHCP连接,如下图:
2、无线AP上线后,接收到无线AC控制器的下发的配置,从而AP发射出无线WIFI信号,如下图:
3、无线终端连接AP时,输入WIFI密码(前面的AC控制器配置时,有安全配置信息含有密码)
4、无线终端输入WIFI密码后,从AC控制器获取ip地址的过程,如下图:
交叉覆盖的无线区域,终端上会显示如下:
5、无线终端正常连接WIFI之后,如下图:
6、查看STA2获取到的ip地址,与事先规划的vlan匹配,如下图:
1、有线用户使用DHCP连接,如下图:
2、查看PC1获取的ip地址,与事先规划的ip网段匹配,如下图:
1、无线终端用户与云朵(vm server)、ISP路由器的连通性查看,如下图:
2、有线终端与云朵(vm server)、ISP路由器的连通性测试及解决方法,如下图:
(1)测试结果不通,如下图:
(2)很明显,从有线网络到vm server不通,检查主机路由如下图:
(3)可以看出pc的vm server端只有192.168.30.0/24网段的主机路由,并没有192.168.20.0/24网段的主机路由,所以,配置如下:
(4)说明我们要以管理员身份运行cmd后,再执行该命令,如下图:
(5)以管理员身份执行命令,如下图:
(6)查看添加的主机路由,如下图:
(7)再次从ENSP的有线PC2网络验证连通性,正常接通,如下图:
3、测试有线网络与ISP路由器的连通性,如下图:
致此,图中所有的有线网络、无线网络、DHCP服务、DHCP中继、无线管理网络、无线业务网络、无线WIFI发射、无线加密、射频、信道配置均完成!敬请批评指正。
因时间关系 ,本文中的配置指令未作具体详细的注释。