H3C 无线网络工程配置案例

        去年做的一个项目，涉及到交换和无线，在此把涉及到的技术及情况写写，也算是对自己所学到的知识，做一个总结吧！

         基本情况：一栋楼，总共6层，每一层都需要网络办公，并且需要有无线网络，拓扑图大概如下。

         

S58作为核心交换机，接入交换机使用S36序列，AC其实是S58控制器插卡，防火墙接入到互联网。在此就只写无线部分的配置了，当时用户要求，每一层楼的无线网段需要不同，现在以一楼为例，进行配置，现一楼无线网络网段为192.168.10.0/24，普通办公网段为192.168.21.0/24。设备基本配置如下：

         S58配置如下：

dis cur
#
 version 5.20, Release 1206
#
 
 telnet server enable
#
 ip ttl-expires enable
#
 loopback-detection enable
#
vlan 19
 description SW_guangli
#
vlan 20
 description AP_guangli
#
vlan 21
 description 1F
//1楼普通PC办公网段VLAN
#
vlan 10
 description WLAN_Client
//1楼无线网段VLAN
#
vlan 4000
 description To_SXF_FW
//连接到防火墙VLNA
#
dhcp server ip-pool 1F
 network 192.168.21.0 mask 255.255.255.0
 gateway-list 192.168.21.1
 dns-list 192.168.22.5 202.98.192.67
//1楼普通办公 DHCP server
#
dhcp server ip-pool wclient_10
 network 192.168.10.0 mask 255.255.255.0
 gateway-list 192.168.10.1
 dns-list 192.168.22.5 202.98.192.67
//1楼无线 DHCP server
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan  10 to 31
//连接到58插卡
#
interface Bridge-Aggregation2
#
interface NULL0
#
interface Vlan-interface19
 description louceng_switch_guangli
 ip address 192.168.19.1 255.255.255.0
#
interface Vlan-interface20
 description AP_guangli
 ip address 192.168.20.1 255.255.255.0
#
interface Vlan-interface21
 description 1f
 ip address 192.168.21.1 255.255.255.0
 #
interface Vlan-interface10
 description WLAN_Client_1f
 ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface4000
 ip address 192.168.13.253 255.255.255.252
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 description TO_1F_dan
 port link-type trunk
 port trunk permit vlan 1 10 19 to 21
 loopback-detection enable
//接到一楼楼层交换机
#              
interface GigabitEthernet1/0/2
 port link-mode bridge
 loopback-detection enable
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 description TO_2F_Shuang
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 description TO_2F_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 description TO_3F_SHUANG
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 description TO_3f_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 loopback-detection enable
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 description TO_4f_Dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 description TO_1F_Shuang
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/10
 port link-mode bridge
#
interface GigabitEthernet1/0/11
 port link-mode bridge
#
interface GigabitEthernet1/0/12
 port link-mode bridge

#
interface GigabitEthernet1/0/13
 port link-mode bridge
#
interface GigabitEthernet1/0/14
 port link-mode bridge
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 description TO_5F_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/16
 port link-mode bridge
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 description TO_4f_shuang
 port link-type trunk
#
..................................
#
interface GigabitEthernet1/1/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#              
interface GigabitEthernet1/1/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
dhcp-snooping
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.11.2
//连接到防火墙
#
 dhcp server forbidden-ip 192.168.20.1
 dhcp server forbidden-ip 192.168.21.1
 dhcp server forbidden-ip 192.168.20.254
 dhcp server forbidden-ip 192.168.21.2
 dhcp server forbidden-ip 192.168.10.1
 ......
#
 dhcp enable
#

 load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
 authentication-mode scheme
 user privilege level 3

AC（S58插卡）配置如下：

dis cur
#
 version 5.20, Release 3111P07
#
 sysname NDC_OA_AC
#
 domain default enable system
#
 telnet server enable
#
 port-security enable
#
 portal trap server-down
#

vlan 20
 description WLAN_Manager
#
vlan 10
 description Wclient_1f
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
wlan rrm
 dot11a mandatory-rate 6 12 24
 dot11a supported-rate 9 18 36 48 54
 dot11b mandatory-rate 1 2
 dot11b supported-rate 5.5 11
 dot11g mandatory-rate 1 2 5.5 11
 dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
 ssid ceshi1f
 bind WLAN-ESS 1
 cipher-suite tkip
 security-ie wpa
 service-template enable
//配置SSID
#
wlan service-template 2 crypto
 ssid ceshi4f
 bind WLAN-ESS 2
 cipher-suite tkip
 security-ie wpa
 service-template enable
#
wlan service-template 3 crypto
 ssid ceshi56f
 bind WLAN-ESS 3
 cipher-suite tkip
 security-ie wpa
 service-template enable
#              
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan 1 10 to 31
#
interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface20
 ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface10
 ip address 192.168.10.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
interface M-Ethernet1/0/0
#
interface WLAN-ESS1
 port access vlan 10
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
//配置无线虚接口 1楼
#
interface WLAN-ESS2
 port access vlan 30
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
interface WLAN-ESS3
 port access vlan 31
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
wlan ap 1f_101 model WA2220-AG id 1
 serial-id 210235A42WC10B001746
 radio 1
 radio 2
  channel 1
  service-template 1
  radio enable
//配置AP
#
wlan ap 1f_117 model WA2220-AG id 2
 serial-id 210235A42WC10B001740
 radio 1
 radio 2
  channel 11
  service-template 1
  radio enable
//配置AP
#
wlan ap 1f_121 model WA2220-AG id 3
 serial-id 210235A42WC10B001514
 radio 1       
 radio 2
  channel 6
  service-template 1
  radio enable
//配置AP
#
..............................................
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.20.1
//配置缺省网关
#
 load xml-configuration
#              
user-interface con 0
user-interface aux 0
 authentication-mode none
 user privilege level 3
user-interface vty 0 4
 authentication-mode scheme
 user privilege level 3

楼层交换机配置如下：

display current-configuration
#
 radius scheme system
#
domain system
#
vlan 19
 description guangli
#
vlan 20

description WLAN_Manager
#
vlan 21
 description 1f
#
vlan 10
 description WLAN_Client1F
#                                        
interface Vlan-interface19
 ip address 192.168.19.20 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
 port access vlan 21
#
interface Ethernet1/0/2
 port access vlan 21
#
............................
#
interface Ethernet1/0/21
 port access vlan 20
//接入AP
#
interface Ethernet1/0/22
 port access vlan 20
//接入AP
#
interface Ethernet1/0/23                 
 port access vlan 20
//接入AP
#
interface Ethernet1/0/21
 port access vlan 20
//接入AP
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
 port link-type trunk
 port trunk permit vlan 1 10 to 31
//接入S58
#
interface GigabitEthernet1/1/4
 port link-type trunk
 port trunk permit vlan 1 10 to 31
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.19.1 preference 60

//缺省路由
#
 user-interface aux 0 7
user-interface vty 0 4
 authentication-mode scheme

完工！有不正确的地方，还望指点！

转载于:https://blog.51cto.com/muyun/880911