使用ensp配置无线网络

最新推荐文章于 2024-07-15 20:09:19 发布

l_s_k

最新推荐文章于 2024-07-15 20:09:19 发布

阅读量1w

点赞数 13

本文链接：https://blog.csdn.net/l_s_k/article/details/105682100

版权

拓扑图
在这里插入图片描述

防火墙连接外网地址为192.168.12.9/24，路由器与核心交换机通联地址为192.168.2.0/24。
防火墙安全规则只允许网络中无线网络中地址可以访问外网。
配置路由器与防火墙之间连接地址为192.168.5.0/24网段，配置与交换机胡同地址为192.168.2.2/24。
核心交换机配置vlan3为连接无线网络设备，网关地址为172.16.3.1/24，配置vlan1002为连接路由器，ip地址为192.168.2.1/24。
AC控制器管理地址为192.168.3.1/24，设置vlan1003为AC和AP之间管理VLAN，配置DHCP地址池，使AP可以自动获取管理地址。

防火墙使用USG5500,路由器使用AR2220，AC使用AC6005，AP使用AP2050

配置S2

<Huawei>system-view 
[Huawei]sysname S2
[Huawei]vlan batch 3 1003
[S2]interface GigabitEthernet 0/0/3
[S2-GigabitEthernet0/0/3]port link-type trunk 
[S2-GigabitEthernet0/0/3]port trunk pvid vlan 1003	
[S2-GigabitEthernet0/0/3]port trunk allow-pass vlan 3 1003
[S2-GigabitEthernet0/0/3]qu
[S2]interface GigabitEthernet 0/0/4
[S2-GigabitEthernet0/0/4]port link-type trunk 
[S2-GigabitEthernet0/0/4]port trunk pvid vlan 1003
[S2-GigabitEthernet0/0/4]port trunk allow-pass vlan 3 1003
[S2-GigabitEthernet0/0/4]qu
[S2]interface GigabitEthernet 0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk 	
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003

S1配置

<Huawei>system-view 
[Huawei]sysname S1
[S1]vlan batch 3 1002 1003
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk 
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
[S1-GigabitEthernet0/0/1]qu
[S1]interface GigabitEthernet 0/0/4
[S1-GigabitEthernet0/0/4]port link-type trunk 
[S1-GigabitEthernet0/0/4]port trunk allow-pass vlan 3 1003
[S1-GigabitEthernet0/0/4]qu
[S1]interface GigabitEthernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type access 
[S1-GigabitEthernet0/0/3]port default vlan 1002
[S1-GigabitEthernet0/0/3]qu
[S1]dhcp enable 
[S1]interface Vlanif 3
[S1-Vlanif3]ip address 172.16.3.1 24
[S1-Vlanif3]dhcp select interface 
[S1-Vlanif3]dhcp server dns-list 114.114.114.114 223.5.5.5
[S1-Vlanif3]qu
[S1]interface Vlanif 1002
[S1-Vlanif1002]ip address 192.168.2.1 24
[S1-Vlanif1002]qu
[S1]ip route-static 0.0.0.0 0 192.168.2.2

R1配置

<Huawei>system-view 
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.2.2 24
[R1-GigabitEthernet0/0/1]qu
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.5.2 24
[R1-GigabitEthernet0/0/2]qu
[R1]ip route-static 0.0.0.0 0 192.168.5.1
[R1]ip route-static 172.16.3.0 255.255.255.0 192.168.2.1

FW1配置

<SRG>system-view 
[SRG]firewall zone trust 
[SRG-zone-trust]add interface GigabitEthernet 0/0/2
[SRG-zone-trust]qu
[SRG]firewall zone untrust 	
[SRG-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG-zone-untrust]qu	
[SRG]interface GigabitEthernet 0/0/2
[SRG-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[SRG-GigabitEthernet0/0/2]qu
[SRG]interface GigabitEthernet 0/0/1
[SRG-GigabitEthernet0/0/1]ip address 192.168.12.9 24
[SRG-GigabitEthernet0/0/1]qu
[SRG]ip route-static 0.0.0.0 0 192.168.12.1
[SRG]ip route-static 172.16.3.0 24 192.168.5.2
[SRG]policy interzone trust untrust outbound 	
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit 
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.3.0 0.0.0.25
5
[SRG-policy-interzone-trust-untrust-outbound-0]qu
[SRG-policy-interzone-trust-untrust-outbound]qu
[SRG]nat-policy interzone trust untrust outbound 
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat 
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.3.0 0.0.
0.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1

AC配置（mac地址分别在AP1和AP2中输入dis arp 查询）

<AC6005>system-view 
[AC6005]sysname AC
[AC]vlan batch 3 1003
[AC]interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1]port link-type trunk 
[AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
[AC-GigabitEthernet0/0/1]qu
[AC]dhcp enable 
[AC]interface Vlanif 1003
[AC-Vlanif1003]ip address 192.168.3.1 24
[AC-Vlanif1003]dhcp select interface 
[AC-Vlanif1003]qu
[AC]wlan 
[AC-wlan-view]ap-group name ap-group1	
[AC-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:y
[AC-wlan-ap-group-ap-group1]qu
[AC-wlan-view]qu
[AC]capwap source interface Vlanif 1003
[AC]wlan 
[AC-wlan-view]ap auth-mode mac-auth 
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc1a-66a0
[AC-wlan-ap-0]ap-name area_1
[AC-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-0]qu
[AC-wlan-view]ap-id 1 ap-mac 00e0-fc24-1280
[AC-wlan-ap-1]ap-name area_2
[AC-wlan-ap-1]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
 clear channel, power and antenna gain configurations of the radio, Whether to c
ontinue? [Y/N]:y
[AC-wlan-ap-1]qu
[AC-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor  : normal          [2]
--------------------------------------------------------------------------------
--------------
ID   MAC            Name   Group     IP            Type            State STA Upt
ime
--------------------------------------------------------------------------------
--------------
0    00e0-fc1a-66a0 area_1 ap-group1 192.168.3.113 AP2050DN        nor   0   3M:
48S
1    00e0-fc24-1280 area_2 ap-group1 192.168.3.62  AP2050DN        nor   0   2M:
38S
--------------------------------------------------------------------------------
--------------
Total: 2
[AC-wlan-view]security-profile name ssid_name	
[AC-wlan-sec-prof-ssid_name]security wpa-wpa2 psk pass-phrase a1234567 aes
[AC-wlan-sec-prof-ssid_name]qu
[AC-wlan-view]ssid-profile name ssid_name
[AC-wlan-ssid-prof-ssid_name]ssid ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-ssid-prof-ssid_name]qu
[AC-wlan-view]vap-profile name ssid_name
[AC-wlan-vap-prof-ssid_name]forward-mode direct-forward 
[AC-wlan-vap-prof-ssid_name]service-vlan vlan-id 3
Info: This operation may take a few seconds, please wait.done.	
[AC-wlan-vap-prof-ssid_name]security-profile ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-ssid_name]ssid-profile ssid_name
Info: This operation may take a few seconds, please wait.done.
[AC-wlan-vap-prof-ssid_name]qu
[AC-wlan-view]ap-group name ap-group1	
[AC-wlan-ap-group-ap-group1]vap-profile ssid_name wlan 1 radio 0
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]vap-profile ssid_name wlan 1 radio 1
Info: This operation may take a few seconds, please wait...done.
[AC-wlan-ap-group-ap-group1]qu

完成后查看拓扑图，圆圈为无线覆盖的范围
在这里插入图片描述
使用STA1连接AP1,STA2连接AP2
连接时输入在AC上设置的密码a1234567(两台密码一样)

测试能否ping通外网
防火墙拒绝R1通过

pc连接成功

l_s_k

关注

13
点赞
踩
103

收藏

觉得还不错? 一键收藏
1
评论
使用ensp配置无线网络

拓扑图配置S2<Huawei>system-view [Huawei]sysname S2[Huawei]vlan batch 3 1003[S2]interface GigabitEthernet 0/0/3[S2-GigabitEthernet0/0/3]port link-type trunk [S2-GigabitEthernet0/0/3]port trunk...
复制链接

扫一扫