需求:
对于小型局域网中,对于接入设备的需求,需要在局域网中部署无线网络,通过无线控制器 AC 管理网络中所有的无线 AP 设备,下发无线配置信息。无线网络发布 2.4G 和 5G 信号,满足不同设备的连接使用。
拓扑描述:
防火墙连接外网网卡地址为 192.168.174.2/24,路由器与核心交换机通联地址为 192.168.2.0/24。防火墙安全规则只允许网络中无线网络中的地址可以访问外网。配置路由器与防火墙之间连接地址为 192.168.5.0/24 网段,配置与交换机互联地址为 192.168.2.2/24。核心交换机配置 vlan3 为连接无线网络设备,网关地址为 172.16.3.1/24,配置 vlan1002 为连接路由器,IP地址为 192.168.2.1/24。AC控制器管理地址为 192.168.3.1/24,设置 vlan1003 为 AC 和 AP 之间管理 VLAN,配置 DHCP 地址池,使AP可以自动获取管理地址。
网络拓扑:
防火墙使用 USG5500,路由器使用 AR2220。
(1)配置Cloud1
(2)配置SW2
<Huawei>sys
[Huawei]sysname SW2
[SW2]vlan batch 3 1003
[SW2]inter GigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk pvid vlan 1003
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 3 1003
[SW2-GigabitEthernet0/0/2]quit
[SW2]inter GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3]port link-type trunk
[SW2-GigabitEthernet0/0/3]port trunk pvid vlan 1003
[SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 3 1003
[SW2-GigabitEthernet0/0/3]quit
[SW2]inter GigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
(3)配置SW1
<Huawei>sys
[Huawei]sysname SW1
[SW1]vlan batch 3 1002 1003
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
[SW1-GigabitEthernet0/0/1]quit
[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type trunk
[SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan 3 1003
[SW1-GigabitEthernet0/0/4]quit
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 1002
[SW1-GigabitEthernet0/0/3]quit
[SW1]dhcp enable
[SW1]interface Vlanif 3
[SW1-Vlanif3]ip address 172.16.3.1 24
[SW1-Vlanif3]dhcp select interface
[SW1-Vlanif3]dhcp server dns-list 114.114.114.114 223.5.5.5
[SW1-Vlanif3]quit
[SW1]inter Vlanif 1002
[SW1-Vlanif1002]ip address 192.168.2.1 24
[SW1-Vlanif1002]quit
[SW1]ip route-static 0.0.0.0 0 192.168.2.2
(4)配置R1
<Huawei>sys
[Huawei]sysname R1
[R1]inter GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.2.2 24
[R1-GigabitEthernet0/0/1]quit
[R1]inter GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.5.2 24
[R1-GigabitEthernet0/0/2]quit
[R1]ip route-static 0.0.0.0 0 192.168.5.1
[R1]ip route-static 172.16.3.0 255.255.255.0 192.168.2.1
(5)配置FW1
<SRG>sys
[SRG]sysname FW1
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet 0/0/2
[FW1-zone-trust]quit
[FW1]firewall zone untrust
[FW1-zone-untrust]add inter GigabitEthernet 0/0/1
[FW1-zone-untrust]quit
[FW1]interface GigabitEthernet 0/0/2
[FW1-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[FW1-GigabitEthernet0/0/2]quit
[FW1]interface GigabitEthernet 0/0/1
[FW1-GigabitEthernet0/0/1]ip address 192.168.174.2 24
[FW1-GigabitEthernet0/0/1]quit
[FW1]ip route-static 0.0.0.0 0 192.168.5.2
[FW1]policy interzone trust untrust outbound
[FW1-policy-interzone-trust-untrust-outbound]policy 0
[FW1-policy-interzone-trust-untrust-outbound-0]action permit
[FW1-policy-interzone-trust-untrust-outbound-0]policy source 172.16.3.0 0.0.0.255
[FW1-policy-interzone-trust-untrust-outbound-0]quit
[FW1-policy-interzone-trust-untrust-outbound]quit
[FW1]nat-policy interzone trust untrust outbound
[FW1-nat-policy-interzone-trust-untrust-outbound]policy 1
[FW1-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[FW1-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.3.0 0.0.0.255
[FW1-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
(6)配置AC1
<AC6005>sys
[AC6005]sysname AC1
[AC1]vlan batch 3 1003
[AC1]inter GigabitEthernet 0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 3 1003
[AC1-GigabitEthernet0/0/1]quit
[AC1]dhcp enable
[AC1]inter Vlanif 1003
[AC1-Vlanif1003]ip address 192.168.3.1 24
[AC1-Vlanif1003]dhcp select interface
[AC1-Vlanif1003]quit
[AC1]wlan
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC1-wlan-ap-group-ap-group1]quit
[AC1-wlan-view]quit
[AC1]capwap source interface Vlanif 1003
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fca0-16a0
[AC1-wlan-ap-0]ap-name area_1
[AC1-wlan-ap-0]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC1-wlan-ap-0]quit
[AC1-wlan-view]ap-id 1 ap-mac 00e0-fc4f-46e0
[AC1-wlan-ap-1]ap-name area_2
[AC1-wlan-ap-1]ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y
[AC1-wlan-ap-1]quit
[AC1-wlan-view]display ap all
Info: This operation may take a few seconds. Please wait for a moment.done.
Total AP information:
nor : normal [2]
----------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Upt
ime
----------------------------------------------------------------------------------------------
0 00e0-fca0-16a0 area_1 ap-group1 192.168.3.133 AP2050DN nor 0 3M:37S
1 00e0-fc4f-46e0 area_2 ap-group1 192.168.3.124 AP2050DN nor 0 12S
----------------------------------------------------------------------------------------------
Total: 2
[AC1-wlan-view]security-profile name template
[AC1-wlan-sec-prof-template]security wpa-wpa2 psk pass-phrase 12345678 aes
Warning: The current password is too simple. For the sake of security, you are advised to set a password containing at least two of the following: lowercase letters a to z, uppercase letters A to Z, digits, and special characters. Continue? [Y/N]:y
[AC1-wlan-sec-prof-template]quit
[AC1-wlan-view]ssid-profile name template
[AC1-wlan-ssid-prof-template]ssid wifi
[AC1-wlan-ssid-prof-template]quit
[AC1-wlan-view]vap-profile name template
[AC1-wlan-vap-prof-template]forward-mode direct-forward
[AC1-wlan-vap-prof-template]service-vlan vlan-id 3
[AC1-wlan-vap-prof-template]security-profile template
[AC1-wlan-vap-prof-template]ssid-profile template
[AC1-wlan-vap-prof-template]quit
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]vap-profile template wlan 1 radio 0
[AC1-wlan-ap-group-ap-group1]vap-profile template wlan 1 radio 1
(7)查看AP是否发射无线网络信号
(8)STA1连接2.4G信号并测试
(9)STA2连接5G信号并测试
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
