去年做的一个项目,涉及到交换和无线,在此把涉及到的技术及情况写写,也算是对自己所学到的知识,做一个总结吧!
基本情况:一栋楼,总共6层,每一层都需要网络办公,并且需要有无线网络,拓扑图大概如下。
S58作为核心交换机,接入交换机使用S36序列,AC其实是S58控制器插卡,防火墙接入到互联网。在此就只写无线部分的配置了,当时用户要求,每一层楼的无线网段需要不同,现在以一楼为例,进行配置,现一楼无线网络网段为192.168.10.0/24,普通办公网段为192.168.21.0/24。设备基本配置如下:
S58配置如下:
dis cur
# version 5.20, Release 1206 # telnet server enable # ip ttl-expires enable # loopback-detection enable # vlan 19 description SW_guangli # vlan 20 description AP_guangli # vlan 21 description 1F //1楼普通PC办公网段VLAN # vlan 10 description WLAN_Client //1楼无线网段VLAN # vlan 4000 description To_SXF_FW //连接到防火墙VLNA # dhcp server ip-pool 1F network 192.168.21.0 mask 255.255.255.0 gateway-list 192.168.21.1 dns-list 192.168.22.5 202.98.192.67 //1楼普通办公 DHCP server # dhcp server ip-pool wclient_10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 192.168.22.5 202.98.192.67 //1楼无线 DHCP server # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan 10 to 31 //连接到58插卡 # interface Bridge-Aggregation2 # interface NULL0 # interface Vlan-interface19 description louceng_switch_guangli ip address 192.168.19.1 255.255.255.0 # interface Vlan-interface20 description AP_guangli ip address 192.168.20.1 255.255.255.0 # interface Vlan-interface21 description 1f ip address 192.168.21.1 255.255.255.0 # interface Vlan-interface10 description WLAN_Client_1f ip address 192.168.10.1 255.255.255.0 # interface Vlan-interface4000 ip address 192.168.13.253 255.255.255.252 # interface GigabitEthernet1/0/1 port link-mode bridge description TO_1F_dan port link-type trunk port trunk permit vlan 1 10 19 to 21 loopback-detection enable //接到一楼楼层交换机 # interface GigabitEthernet1/0/2 port link-mode bridge loopback-detection enable # interface GigabitEthernet1/0/3 port link-mode bridge description TO_2F_Shuang port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/4 port link-mode bridge description TO_2F_dan port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/5 port link-mode bridge description TO_3F_SHUANG port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/6 port link-mode bridge description TO_3f_dan port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/7 port link-mode bridge loopback-detection enable # interface GigabitEthernet1/0/8 port link-mode bridge description TO_4f_Dan port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/9 port link-mode bridge description TO_1F_Shuang port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/10 port link-mode bridge # interface GigabitEthernet1/0/11 port link-mode bridge # interface GigabitEthernet1/0/12 port link-mode bridge#
interface GigabitEthernet1/0/13 port link-mode bridge # interface GigabitEthernet1/0/14 port link-mode bridge # interface GigabitEthernet1/0/15 port link-mode bridge description TO_5F_dan port link-type trunk loopback-detection enable # interface GigabitEthernet1/0/16 port link-mode bridge # interface GigabitEthernet1/0/17 port link-mode bridge description TO_4f_shuang port link-type trunk # .................................. # interface GigabitEthernet1/1/1 port link-mode bridge port link-type trunk port trunk permit vlan 1 10 to 31 port link-aggregation group 1 # interface GigabitEthernet1/1/2 port link-mode bridge port link-type trunk port trunk permit vlan 1 10 to 31 port link-aggregation group 1 # dhcp-snooping # ip route-static 0.0.0.0 0.0.0.0 192.168.11.2 //连接到防火墙 # dhcp server forbidden-ip 192.168.20.1 dhcp server forbidden-ip 192.168.21.1 dhcp server forbidden-ip 192.168.20.254 dhcp server forbidden-ip 192.168.21.2 dhcp server forbidden-ip 192.168.10.1 ...... # dhcp enable #load xml-configuration
# user-interface aux 0 user-interface vty 0 15 authentication-mode scheme user privilege level 3AC(S58插卡)配置如下:
dis cur
# version 5.20, Release 3111P07 # sysname NDC_OA_AC # domain default enable system # telnet server enable # port-security enable # portal trap server-down #vlan 20
description WLAN_Manager # vlan 10 description Wclient_1f # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 crypto ssid ceshi1f bind WLAN-ESS 1 cipher-suite tkip security-ie wpa service-template enable //配置SSID # wlan service-template 2 crypto ssid ceshi4f bind WLAN-ESS 2 cipher-suite tkip security-ie wpa service-template enable # wlan service-template 3 crypto ssid ceshi56f bind WLAN-ESS 3 cipher-suite tkip security-ie wpa service-template enable # interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan 1 10 to 31 # interface NULL0 # interface Vlan-interface1 # interface Vlan-interface20 ip address 192.168.20.254 255.255.255.0 # interface Vlan-interface10 ip address 192.168.10.2 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan 1 10 to 31 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan 1 10 to 31 port link-aggregation group 1 # interface M-Ethernet1/0/0 # interface WLAN-ESS1 port access vlan 10 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw== //配置无线虚接口 1楼 # interface WLAN-ESS2 port access vlan 30 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw== # interface WLAN-ESS3 port access vlan 31 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw== # wlan ap 1f_101 model WA2220-AG id 1 serial-id 210235A42WC10B001746 radio 1 radio 2 channel 1 service-template 1 radio enable //配置AP # wlan ap 1f_117 model WA2220-AG id 2 serial-id 210235A42WC10B001740 radio 1 radio 2 channel 11 service-template 1 radio enable //配置AP # wlan ap 1f_121 model WA2220-AG id 3 serial-id 210235A42WC10B001514 radio 1 radio 2 channel 6 service-template 1 radio enable //配置AP # .............................................. # ip route-static 0.0.0.0 0.0.0.0 192.168.20.1 //配置缺省网关 # load xml-configuration # user-interface con 0 user-interface aux 0 authentication-mode none user privilege level 3 user-interface vty 0 4 authentication-mode scheme user privilege level 3楼层交换机配置如下:
display current-configuration
# radius scheme system # domain system # vlan 19 description guangli # vlan 20description WLAN_Manager
# vlan 21 description 1f # vlan 10 description WLAN_Client1F # interface Vlan-interface19 ip address 192.168.19.20 255.255.255.0 # interface Aux1/0/0 # interface Ethernet1/0/1 port access vlan 21 # interface Ethernet1/0/2 port access vlan 21 # ............................ # interface Ethernet1/0/21 port access vlan 20 //接入AP # interface Ethernet1/0/22 port access vlan 20 //接入AP # interface Ethernet1/0/23 port access vlan 20 //接入AP # interface Ethernet1/0/21 port access vlan 20 //接入AP # interface GigabitEthernet1/1/1 # interface GigabitEthernet1/1/2 # interface GigabitEthernet1/1/3 port link-type trunk port trunk permit vlan 1 10 to 31 //接入S58 # interface GigabitEthernet1/1/4 port link-type trunk port trunk permit vlan 1 10 to 31 # ip route-static 0.0.0.0 0.0.0.0 192.168.19.1 preference 60//缺省路由
# user-interface aux 0 7 user-interface vty 0 4 authentication-mode scheme完工!有不正确的地方,还望指点!