1.1 实验设备

使用一台核心交换机RG-3760-24、一台无线控制器H3C WX3024E、一台POE 交换机RG-2928G-24P、一台放装AP WA4320i-ACN和一台面板AP 4320H-CAN组网，实现无线功能。

   （1）一个普通放装AP和一个面板AP通过 dhcp option43 注册上线
   （2）配置两个ssid，办公ssid：office并设置密码：12344321，访客：guest
   （3）面板AP下联有线口配置单独有线地址段
   （4）调整放装AP和面板 AP 2.4GHZ 射频口的功率为10
   （5）面板AP两个射频口限制接入终端数为各1个
   （6）配置无线用户二层隔离。

1.3 实验拓扑

二、实验过程

2.1 配置核心交换机

1. 远程telnet登陆核心交换机远程管理地址： 192.168.9.99，输入账号密码，开始配置核心交换机。

2. 在核心上创建有线（17）、office（19）、guest（24）和无线管理（150）的vlan并描述。

3. 配置下联口，放通相应vlan。

2.2 配置AC的交换部分

1. telnet登陆AC的管理地址： 192.168.100.250，输入用户名和密码，使用oap con slot0，进入AC的交换部分开始配置。

2. 配置上联口和下联口。

3. 放通相应vlan。

2.3 配置POE交换机

1. telnet POE交换机的管理地址： 192.168.100.1，开始配置。

2. 配置上联口和下联口。

3. 放通相应vlan。

2.4 配置AC。

1.telnet登陆AC的管理地址： 192.168.100.250，输入用户名和密码，开始配置AC。

2. 配置上联口和下联口。

3.放通相应vlan。

4.配置两个ssid（office和guest）的服务模板和虚拟接口。

2.5配置面板AP

配置面板ap的上联口和vlan等配置。

三、实验结果

3.1 有线部分结果

有线部分可以自动获取到IP地址，如下图所示。

3.2 无线部分结果

无限部分分为office和guest两个ssid，均已正常上线。

四、故障解决

在实验中出现了两次错误。

1. 裁剪了poe交换机上的所有vlan，导致无法远程telnet配置poe交换机。

解决方法：重启poe交换机

2. 配置完成后，AP并未上线。

解决方法：逐个排查配置，最终发现出错在poe交换机的配置上，没有在poe交换机上放通相应vlan，修改配置后，ap正常上线。

五、实验总结

通过这次实验，我对简单的无线组网有了相应的了解，学到了其基本配置规划和方法，为以后的由小及大打下了基础。

六、附件

附各部分配置文件

6.1 核心配置日志

HX#show run

Building configuration...

Current configuration : 3242 bytes

version RGOS 10.4(2) Release(75955)(Mon Jan 25 19:01:04 CST 2010 -ngcf34)

hostname HX

nfpp

vlan 1

vlan 9

name yuancheng_guanli

vlan 17

name youxian-17

vlan 19

name wlan-office-19

vlan 24

name wlan-guest-24

vlan 100

name neiwang_guanli

vlan 150

name ap-guanl

username admin password admin123

no service password-encryption

service dhcp

ip ssh version 2

ip dhcp snooping

ip dhcp excluded-address 192.168.150.254

ip dhcp excluded-address 172.16.17.254

ip dhcp excluded-address 172.17.19.254

ip dhcp excluded-address 172.17.24.254

ip dhcp pool youxian-10

network 172.16.17.0 255.255.255.0

dns-server 202.102.192.68 223.5.5.5

default-router 172.16.17.254

ip dhcp pool wlan-office-19

network 172.17.19.0 255.255.255.0

dns-server 202.102.192.68 223.5.5.5

default-router 172.17.19.254

ip dhcp pool wlan-guest-24

network 172.17.24.0 255.255.255.0

dns-server 202.102.192.68 223.5.5.5

default-router 172.17.24.254

ip dhcp pool ap-guanl

option 43 hex 8007.0000.01c0.a864.fa

network 192.168.150.0 255.255.255.0

default-router 192.168.150.254

enable password admin123

enable service ssh-server

spanning-tree

interface FastEthernet 0/1

interface FastEthernet 0/2

interface FastEthernet 0/3

interface FastEthernet 0/4

interface FastEthernet 0/5

interface FastEthernet 0/6

interface FastEthernet 0/7

interface FastEthernet 0/8

interface FastEthernet 0/9

interface FastEthernet 0/10

interface FastEthernet 0/11

interface FastEthernet 0/12

interface FastEthernet 0/13

interface FastEthernet 0/14

interface FastEthernet 0/15

interface FastEthernet 0/16

interface FastEthernet 0/17

interface FastEthernet 0/18

interface FastEthernet 0/19

interface FastEthernet 0/20

interface FastEthernet 0/21

interface FastEthernet 0/22

interface FastEthernet 0/23

interface FastEthernet 0/24

interface GigabitEthernet 0/25

switchport mode trunk

switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

description To-POE_G0/24

interface GigabitEthernet 0/26

switchport mode trunk

switchport trunk allowed vlan remove 1-18,20-23,25-99,101-4094

description To-AC_G1/0/1

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

switchport access vlan 9

interface VLAN 9

no ip proxy-arp

ip address 192.168.9.99 255.255.255.0

interface VLAN 17

no ip proxy-arp

ip address 172.16.17.254 255.255.255.0

description youxian_17

interface VLAN 19

no ip proxy-arp

ip address 172.17.19.254 255.255.255.0

description wlan-office-19

interface VLAN 24

no ip proxy-arp

ip address 172.17.24.254 255.255.255.0

description wlan-guest-24

interface VLAN 100

no ip proxy-arp

ip address 192.168.100.254 255.255.255.0

description neiwang_guanli

interface VLAN 150

no ip proxy-arp

ip address 192.168.150.254 255.255.255.0

description AP_Guanl-_Gatway

ip route 0.0.0.0 0.0.0.0 192.168.9.254

line con 0

line vty 0 4

transport input ssh

password admin123

end

HX#

6.2 POE交换机配置日志

POE(config)#show run

Building configuration...

Current configuration : 2432 bytes

version RGOS 10.4(2b12)p6 Release(196987)(Fri Jan 22 09:33:36 CST 2016 -ngcf61)

hostname POE

nfpp

vlan 1

vlan 17

name youxian-17

vlan 100

name neiwang-guanli

vlan 150

name ap-guanli

username admin password admin123

no service password-encryption

ip dhcp relay information manage-vlan 1

ip dhcp snooping

poe class-lldp enable

enable password admin123

spanning-tree

interface GigabitEthernet 0/1

switchport access vlan 150

poe enable

rldp port loop-detect shutdown-port

description To-wa4320i-acn-g1/0/1

interface GigabitEthernet 0/2

switchport mode trunk

switchport trunk native vlan 150

switchport trunk allowed vlan remove 1-16,18-149,151-4094

poe enable

rldp port loop-detect shutdown-port

description To-wa4320h-acn-g1/0/1

interface GigabitEthernet 0/3

poe enable

interface GigabitEthernet 0/4

poe enable

interface GigabitEthernet 0/5

poe enable

interface GigabitEthernet 0/6

poe enable

interface GigabitEthernet 0/7

poe enable

interface GigabitEthernet 0/8

poe enable

interface GigabitEthernet 0/9

poe enable

interface GigabitEthernet 0/10

poe enable

interface GigabitEthernet 0/11

poe enable

interface GigabitEthernet 0/12

poe enable

interface GigabitEthernet 0/13

poe enable

interface GigabitEthernet 0/14

poe enable

interface GigabitEthernet 0/15

poe enable

interface GigabitEthernet 0/16

poe enable

interface GigabitEthernet 0/17

poe enable

interface GigabitEthernet 0/18

poe enable

interface GigabitEthernet 0/19

poe enable

interface GigabitEthernet 0/20

poe enable

interface GigabitEthernet 0/21

poe enable

interface GigabitEthernet 0/22

poe enable

interface GigabitEthernet 0/23

poe enable

interface GigabitEthernet 0/24

switchport mode trunk

switchport trunk allowed vlan remove 1-16,18-99,101-149,151-4094

ip dhcp snooping trust

poe enable

description To-HX_G0/25

interface GigabitEthernet 0/25

interface GigabitEthernet 0/26

interface GigabitEthernet 0/27

interface GigabitEthernet 0/28

interface VLAN 100

no ip proxy-arp

ip address 192.168.100.1 255.255.255.0

description neiwang-guanli

ip route 0.0.0.0 0.0.0.0 192.168.100.254

line con 0

line vty 0 4

transport input telnet

password admin123

end

6.3 AC交换部分配置日志

<SW>dis cur

version 5.20, Release 3507P29

sysname SW

domain default enable system

telnet server enable

oap management-ip 192.168.0.100 slot 1

password-recovery enable

vlan 1

vlan 19

description wlan-office-19

vlan 24

description vlan-guest-24

vlan 100

description neiwang-guanli

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

user-group system

local-user admin

password cipher $c$3$P/ORfzpiCs861ClqeyqsA+HPPBUmcFPK

authorization-attribute level 3

service-type telnet

interface Bridge-Aggregation1

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

ip address 192.168.0.101 255.255.255.0

interface GigabitEthernet1/0/1

description To-HX_G0/26

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

interface GigabitEthernet1/0/2

poe enable

interface GigabitEthernet1/0/3

poe enable

interface GigabitEthernet1/0/4

poe enable

interface GigabitEthernet1/0/5

poe enable

interface GigabitEthernet1/0/6

poe enable

interface GigabitEthernet1/0/7

poe enable

interface GigabitEthernet1/0/8

poe enable

interface GigabitEthernet1/0/9

poe enable

interface GigabitEthernet1/0/10

poe enable

interface GigabitEthernet1/0/11

poe enable

interface GigabitEthernet1/0/12

poe enable

interface GigabitEthernet1/0/13

poe enable

interface GigabitEthernet1/0/14

poe enable

interface GigabitEthernet1/0/15

poe enable

interface GigabitEthernet1/0/16

poe enable

interface GigabitEthernet1/0/17

poe enable

interface GigabitEthernet1/0/18

poe enable

interface GigabitEthernet1/0/19

poe enable

interface GigabitEthernet1/0/20

poe enable

interface GigabitEthernet1/0/21

poe enable

interface GigabitEthernet1/0/22

poe enable

interface GigabitEthernet1/0/23

poe enable

interface GigabitEthernet1/0/24

poe enable

interface GigabitEthernet1/0/25

shutdown

interface GigabitEthernet1/0/26

shutdown

interface GigabitEthernet1/0/27

shutdown

interface GigabitEthernet1/0/28

shutdown

interface GigabitEthernet1/0/29

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

port link-aggregation group 1

interface GigabitEthernet1/0/30

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

port link-aggregation group 1

user-interface aux 0

user-interface vty 0 4

authentication-mode scheme

user-interface vty 5 15

return

6.4 AC配置日志

version 5.20, Release 3509P61

sysname AC

domain default enable system

telnet server enable

user-isolation vlan 19 enable

user-isolation vlan 19 permit-mac 001a-a91e-558b

user-isolation vlan 24 enable

user-isolation vlan 24 permit-mac 001a-a91e-558b

port-security enable

oap management-ip 192.168.0.101 slot 0

password-recovery enable

vlan 1

vlan 19

description wlan-office-19

vlan 24

description wlan-guest-24

vlan 100

description neiwang-guanli

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

user-group system

group-attribute allow-guest

local-user admin

password cipher $c$3$FtQTL8kMVOFaxlTNuonpP0DdnOgycATK280O

authorization-attribute level 3

service-type telnet

wlan rrm

dot11a mandatory-rate 6 12 24

dot11a supported-rate 9 18 36 48 54

dot11b mandatory-rate 1 2

dot11b supported-rate 5.5 11

dot11g mandatory-rate 1 2 5.5 11

dot11g supported-rate 6 9 12 18 24 36 48 54

wlan radio-policy 1

client max-count 1

wlan service-template 1 crypto

ssid office

bind WLAN-ESS 1

cipher-suite ccmp

security-ie rsn

service-template enable

wlan service-template 2 clear

ssid guest

bind WLAN-ESS 2

service-template enable

wlan ap-group default_group

ap mb-tsg-209

ap fz-tsg-2f-01

interface Bridge-Aggregation1

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

interface NULL0

interface Vlan-interface1

ip address 192.168.0.100 255.255.255.0

interface Vlan-interface100

description neiwang-guanli

ip address 192.168.100.250 255.255.255.0

interface GigabitEthernet1/0/1

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

port link-aggregation group 1

interface GigabitEthernet1/0/2

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 19 24 100

port link-aggregation group 1

interface WLAN-ESS1

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 19 untagged

port hybrid pvid vlan 20

mac-vlan enable

port-security port-mode psk

port-security tx-key-type 11key

port-security preshared-key pass-phrase cipher $c$3$4Nxvyh3vTsZQNZcM1lWUnve6VJ2eoXAyUJCP

interface WLAN-ESS2

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 24 untagged

port hybrid pvid vlan 24

mac-vlan enable

wlan ap fz-tsg-2f-01 model WA4320i-ACN id 1

serial-id 210235A1GQC149000908

radio 1

service-template 1

service-template 2

radio enable

radio 2

max-power 10

service-template 1

service-template 2

radio enable

wlan ap mb-tsg-209 model WA4320H-ACN id 2

serial-id 219801A0P79149G00146

radio 1

channel 36

radio-policy 1

service-template 1

service-template 2

channel band-width 20

radio enable

radio 2

channel 1

max-power 10

radio-policy 1

service-template 1

service-template 2

radio enable

wlan ips

malformed-detect-policy default

signature deauth_flood signature-id 1

signature broadcast_deauth_flood signature-id 2

signature disassoc_flood signature-id 3

signature broadcast_disassoc_flood signature-id 4

signature eapol_logoff_flood signature-id 5

signature eap_success_flood signature-id 6

signature eap_failure_flood signature-id 7

signature pspoll_flood signature-id 8

signature cts_flood signature-id 9

signature rts_flood signature-id 10

signature addba_req_flood signature-id 11

signature-policy default

countermeasure-policy default

attack-detect-policy default

virtual-security-domain default

attack-detect-policy default

malformed-detect-policy default

signature-policy default

countermeasure-policy default

ip route-static 0.0.0.0 0.0.0.0 192.168.100.254

ssh server enable

user-interface con 0

user-interface vty 0 4

authentication-mode scheme

user privilege level 3

protocol inbound telnet

return

6.1 AP配置日志

<mb-tsg-209>dis cur

version 5.20, Release 1508P11

sysname mb-tsg-209

domain default enable system

ipv6

telnet server enable

password-recovery enable

undo attack-defense tcp fragment enable

vlan 1

vlan 17

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

user-group system

group-attribute allow-guest

interface NULL0

interface Vlan-interface1

ipv6 address auto

ip address dhcp-alloc client-identifier mac Vlan-interface1

ipv6 address dhcp-alloc

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 17

interface GigabitEthernet1/0/2

port access vlan 17

interface GigabitEthernet1/0/3

port access vlan 17

interface GigabitEthernet1/0/4

port access vlan 17

interface WLAN-Radio1/0/1

interface WLAN-Radio1/0/2

info-center source LWPC channel 4

undo gratuitous-arp-learning enable

user-interface con 0

user-interface vty 0 4

authentication-mode none

user privilege level 3

set authentication password cipher c$3$mghba7P6AkOvP3w8hSiqRxoVtmJR8Yg3Jop6RbA=

return

华三WLAN实验报告

1.1 实验设备

1.2 实验目标

1.3 实验拓扑

二、实验过程

2.1 配置核心交换机

2.2 配置AC的交换部分

2.3 配置POE交换机

2.4 配置AC。

2.5配置面板AP

三、实验结果

3.1 有线部分结果

3.2 无线部分结果

四、故障解决

五、实验总结

六、附件

6.1 核心配置日志

6.2 POE交换机配置日志

6.3 AC交换部分配置日志

6.4 AC配置日志

6.1 AP配置日志

猜你喜欢