网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
生前何必久睡,死后定当长眠。
文章目录
高校的监控、有线、无线网络业务如何跑起来?
简单概述
项目简单复盘,简单总结一下必要的知识,这是本人的之前做的项目。
业务规划如下表所示:
| vlan | 描述 | 网段 | 网关 | 登录方式 | 用户名 | 密码 | 备注 |
|---|---|---|---|---|---|---|---|
| 1 | 监控 | 10.40.0.0/23 | 10.40.1.254/23 | ||||
| 20 | 无线 | 10.20.61.0/24 | 10.20.61.254/24 | ||||
| 30 | 有线 | 10.30.61.0/24 | 10.30.61.254/24 | ||||
| 40 | 管理 | 10.7.90.0/24 | telnet | admin | 1008611 | ||
| 50 | AP | 192.168.60.0/24 | 192.168.60.254/24 | ||||
| 60 | 预留 |
不同的业务划分不同的VLAN,因为网关不一样。
有线接入交换机,后期有其他业务需求,所以接傻瓜式交换机也能正常上网(傻瓜式交换机不需要配置,能实现即插即用;可在核心交换机上配置DHCP服务器,实现自动下发IP地址,下联口配置ACCSESS端口模式,上行口配置TRUNK的端口模式)
监控的接入交换机,需要是POE交换机,因为POE能提供电,开启POE功能,配置好上下联接口即可,这配置比较简单,直接使用默认VLAN 1就行,后期如果需要再添加摄像头的话,接口插在监控交换机上的下联口即可。
无线的AP需要正常上线,用户连接到的WIFI能正常上网,需要给SSID设备密码,并要有一定的安全系数。配置AC本地转发模式,因为配置本地转发模式之后数据转发的时候不需要走AC,用户数量很多的话,也推荐使用本地转发模式,这样也起到了减轻AC的负担效果。
GW到核心可以配置接口或者是配置单臂路由。
高校的网络业务,全部跑起来。
框架拓扑
只简单体现部分网络业务与部分设备
监控部分
无线部分
有线部分
基本配置
只简单描述部分网络业务的设备配置
核心
sysname HX
#
telnet server enable
#
......
#
dhcp enable
dhcp server forbidden-ip 172.30.61.253 172.30.61.254
#
.......
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan30
description guanli
#
vlan 40
#
dhcp server ip-pool user-1
gateway-list 10.20.61.254
network 10.20.61.0 mask 255.255.255.0
dns-list 114.114.114.114
#
dhcp server ip-pool yx
gateway-list 10.30.61.254
network 10.30.61.0 mask 255.255.255.0
dns-list 114.114.114.114
#
interface Vlan-interface1
description jiankong
ip address 10.40.1.254 255.255.254.0
#
interface Vlan-interface10
description wuxian
ip address 10.20.61.252 255.255.255.0
#
interface Vlan-interface20
description wangluo
ip address 10.30.61.253 255.255.255.0
#
interface Vlan-interface30
description guanli
ip address 10.7.90.50 255.255.255.0
#
interface Vlan-interface40
ip address 192.168.60.253 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/4
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/5
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/6
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
......
#
interface Ten-GigabitEthernet1/0/50
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/51
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/52
port link-type trunk
port trunk permit vlan all
#
......
#
line vty 0 4
authentication-mode scheme
user-role level-15
user-role network-operator
set authentication password hash $h$6$r7o4J69wjD75yJp+$PmI5fGsZgevnjzyD4eNbTkArqyidaUk1lytB0up5HNjjE+Xw2SPQj0v54rdvPXUcQFuAYA9iigrGe1Gr00Of0w==
#
.....
#
local-user admin class manage
password hash $h$6$g9622q3nQgTUANrR$fKvMW5PujY4IYfsJm9IRRExXViubtxsSAclR/5yChOtbfcXrWeCP7yuygu7WdPB+IKHlqg2eCBRlYBzUlwywfQ==
service-type telnet
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
......
无线控制器
sysname AC
#
telnet server enable
#
dhcp enable
#
vlan 1
#
vlan 10
#
vlan 30
description guanli
#
vlan 40
name AP-GuanLi
#
dhcp server ip-pool ap
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
#
wlan service-template 1
ssid LXXX-1
client forwarding-location ap
akm mode psk
preshared-key pass-phrase cipher 1008611
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
#
interface Vlan-interface30
ip address 10.7.90.254 255.255.255.0
#
interface Vlan-interface40
ip address 192.168.60.40 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
description To-hx
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 30 40
#
ip route-static 0.0.0.0 0 10.7.90.50
#
.....
#
local-user admin class manage
password hash $h$6$Q8fCpjF7Q/Dx2e15$mnHpb4R9v3+rOsyOkEFk5kmCsGGOo/RZ13tDbRAAfNBbD689sl3Y5ycseJ53gUcKrA1oNob1YU53Dg/VSCfUBA==
service-type telnet http https
authorization-attribute user-role network-admin
#
app-group xxxx-xxxx-xxxx
description "User-defined application group"
#
......
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan ap-group bel
vlan 1
ap-model WA6320-C
map-configuration flash:/apconfig.txt
radio 1
radio enable
service-template 1 vlan 10
radio 2
radio enable
service-template 1 vlan 10
gigabitethernet 1
#
........
#
wlan ap-group default-group
vlan 1
ap-model WA6320-C
map-configuration flash:/apconfig.txt
radio 1
radio enable
service-template 1 vlan 10
radio 2
radio enable
service-template 1 vlan 10
gigabitethernet 1
#
wlan ap 0c3a-fa3e-f940 model WA6320-C
serial-id 219801A2BS820BE004WL
vlan 1
radio 1
radio 2
gigabitethernet 1
#
......
监控
sysname JK
#
telnet server enable
#
......
#
vlan 1
description jiankong
#
vlan 30
description guanli
#
interface Vlan-interface30
ip address 10.7.90.30 255.255.255.0
#
interface GigabitEthernet1/0/1
stp edged-port
poe enable
#
interface GigabitEthernet1/0/2
stp edged-port
poe enable
#
interface GigabitEthernet1/0/3
stp edged-port
poe enable
#
interface GigabitEthernet1/0/4
stp edged-port
poe enable
#
interface GigabitEthernet1/0/5
stp edged-port
poe enable
#
interface GigabitEthernet1/0/6
stp edged-port
poe enable
#
......
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
poe enable
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
poe enable
#
ip route-static 0.0.0.0 0 10.7.90.50
#
## 写在最后
**在结束之际,我想重申的是,学习并非如攀登险峻高峰,而是如滴水穿石般的持久累积。尤其当我们步入工作岗位之后,持之以恒的学习变得愈发不易,如同在茫茫大海中独自划舟,稍有松懈便可能被巨浪吞噬。然而,对于我们程序员而言,学习是生存之本,是我们在激烈市场竞争中立于不败之地的关键。一旦停止学习,我们便如同逆水行舟,不进则退,终将被时代的洪流所淘汰。因此,不断汲取新知识,不仅是对自己的提升,更是对自己的一份珍贵投资。让我们不断磨砺自己,与时代共同进步,书写属于我们的辉煌篇章。**
需要完整版PDF学习资源私我
**网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。**
**[需要这份系统化资料的朋友,可以点击这里获取](https://bbs.csdn.net/forums/4f45ff00ff254613a03fab5e56a57acb)**
**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**
256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
