华为中小企业网络综合实验-WLAN
实验要求:1-WLAN部署AC旁挂式,每个AP两个SSID,一个开放式,另一个需要验证
2-无线设备和内网PC互通
3-内网PC和无线设备NAPT访问外网
4-内网NAT服务器,供外网访问
一:如图网络规划设置好IP (省略)
二:有线部分网络设置
R上设置:
acl number 3000
rule 5 permit ip source 192.168.101.0 0.0.0.255
rule 10 permit ip source 192.168.102.0 0.0.0.255
rule 15 permit ip source 192.168.103.0 0.0.0.255
interface GigabitEthernet0/0/1
nat server protocol tcp global current-interface 8080 inside 192.168.10.2 www
nat server protocol tcp global current-interface 2121 inside 192.168.10.2 ftp
nat outbound 3000
ip route-static 0.0.0.0 0.0.0.0 202.100.1.2
ip route-static 192.168.0.0 255.255.0.0 192.168.1.1
Core 上设置:
vlan batch 50 100 to 103
interface Vlanif1
ip address 192.168.1.1 255.255.255.252
interface Vlanif50
ip address 192.168.10.1 255.255.255.0
interface GigabitEthernet0/0/5
port link-type access
port default vlan 50
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select interface
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
interface Vlanif101
ip address 192.168.101.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2
#
interface Vlanif102
ip address 192.168.102.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2
#
interface Vlanif103
ip address 192.168.103.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
AC上设置:
vlan bat 100 to 101
interface Vlanif100
ip address 192.168.100.253 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
S1上配置:
vlan batch 100 to 103
interface Ethernet0/0/21
port link-type access
port default vlan 102
interface Ethernet0/0/22
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
S2上配置
interface Ethernet0/0/22
port link-type trunk
port trunk pvid vlan 100
interface Ethernet0/0/2
port link-type access
port default vlan 103
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
三:AC上设置
1-先设置AP上线
wlan
wlan ac source interface vlanif100
ap-auth-mode sn-auth
ap id 0 type-id 19 mac 00e0-fc60-5340 sn 2102354483109975991D
ap id 1 type-id 19 mac 00e0-fca8-5940 sn 210235448310EA6A8212
检查一下是否成功上线
-------------------------------
----------------------------------
2个AP都已成功上线!
最麻烦的部分来了,直接上配置
wmm-profile name Ap0 id 0
traffic-profile name AP-0 id 0
security-profile name open id 0
security-profile name pre-authen id 1
security-policy wpa2
wpa2 authentication-method psk pass-phrase simple 1234567890 encryption-method ccmp
service-set name open id 0
wlan-ess 101
ssid Guest
traffic-profile id 0
security-profile id 0
service-vlan 101
service-set name intrenet id 1
wlan-ess 101
ssid intrenet
traffic-profile id 0
security-profile id 1
service-vlan 101
radio-profile name 2.4G id 0
wmm-profile id 0
radio-profile name 5G id 1
radio-type 80211an
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 0 radio 1
radio-profile id 1
service-set id 1 wlan 1
commit ap 0
ap 1 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 1 radio 1
radio-profile id 1
service-set id 1 wlan 1
commit ap 1
很快地漂亮的大圆已经出现,业务已经下发!
每个AP两个SSID。第一个open直接连,第二个需要输入配置里的密码!
四:验证部分
无线上网设备两个SSID都可正常获取IP地址,可上网并可与内网PC互通
内网PC可自动获取地址并可以访问外网,
