H3C 無線網絡工程配置案例

        去年作的一個項目，涉及到交換和無線，在此把涉及到的技術及狀況寫寫，也算是對本身所學到的知識，作一個總結吧！

         基本狀況：一棟樓，總共6層，每一層都須要網絡辦公，而且須要有無線網絡，拓撲圖大概以下。

         

S58做爲核心交換機，接入交換機使用S36序列，AC實際上是S58控制器插卡，防火牆接入到互聯網。在此就只寫無線部分的配置了，當時用戶要求，每一層樓的無線網段須要不一樣，如今以一樓爲例，進行配置，現一樓無線網絡網段爲192.168.10.0/24，普通辦公網段爲192.168.21.0/24。設備基本配置以下：

         S58配置以下：

dis cur
#
 version 5.20, Release 1206
#
 
 telnet server enable
#
 ip ttl-expires enable
#
 loopback-detection enable
#
vlan 19
 description SW_guangli
#
vlan 20
 description AP_guangli
#
vlan 21
 description 1F
//1樓普通PC辦公網段VLAN
#
vlan 10
 description WLAN_Client
//1樓無線網段VLAN
#
vlan 4000
 description To_SXF_FW
//鏈接到防火牆VLNA
#
dhcp server ip-pool 1F
 network 192.168.21.0 mask 255.255.255.0
 gateway-list 192.168.21.1
 dns-list 192.168.22.5 202.98.192.67
//1樓普通辦公 DHCP server
#
dhcp server ip-pool wclient_10
 network 192.168.10.0 mask 255.255.255.0
 gateway-list 192.168.10.1
 dns-list 192.168.22.5 202.98.192.67
//1樓無線 DHCP server
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan  10 to 31
//鏈接到58插卡
#
interface Bridge-Aggregation2
#
interface NULL0
#
interface Vlan-interface19
 description louceng_switch_guangli
 ip address 192.168.19.1 255.255.255.0
#
interface Vlan-interface20
 description AP_guangli
 ip address 192.168.20.1 255.255.255.0
#
interface Vlan-interface21
 description 1f
 ip address 192.168.21.1 255.255.255.0
 #
interface Vlan-interface10
 description WLAN_Client_1f
 ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface4000
 ip address 192.168.13.253 255.255.255.252
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 description TO_1F_dan
 port link-type trunk
 port trunk permit vlan 1 10 19 to 21
 loopback-detection enable
//接到一樓樓層交換機
#              
interface GigabitEthernet1/0/2
 port link-mode bridge
 loopback-detection enable
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 description TO_2F_Shuang
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 description TO_2F_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 description TO_3F_SHUANG
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 description TO_3f_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 loopback-detection enable
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 description TO_4f_Dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 description TO_1F_Shuang
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/10
 port link-mode bridge
#
interface GigabitEthernet1/0/11
 port link-mode bridge
#
interface GigabitEthernet1/0/12
 port link-mode bridge

#
interface GigabitEthernet1/0/13
 port link-mode bridge
#
interface GigabitEthernet1/0/14
 port link-mode bridge
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 description TO_5F_dan
 port link-type trunk
 loopback-detection enable
#
interface GigabitEthernet1/0/16
 port link-mode bridge
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 description TO_4f_shuang
 port link-type trunk
#
..................................
#
interface GigabitEthernet1/1/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#              
interface GigabitEthernet1/1/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
dhcp-snooping
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.11.2
//鏈接到防火牆
#
 dhcp server forbidden-ip 192.168.20.1
 dhcp server forbidden-ip 192.168.21.1
 dhcp server forbidden-ip 192.168.20.254
 dhcp server forbidden-ip 192.168.21.2
 dhcp server forbidden-ip 192.168.10.1
 ......
#
 dhcp enable
#

 load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
 authentication-mode scheme
 user privilege level 3

AC（S58插卡）配置以下：

dis cur
#
 version 5.20, Release 3111P07
#
 sysname NDC_OA_AC
#
 domain default enable system
#
 telnet server enable
#
 port-security enable
#
 portal trap server-down
#

vlan 20
 description WLAN_Manager
#
vlan 10
 description Wclient_1f
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
wlan rrm
 dot11a mandatory-rate 6 12 24
 dot11a supported-rate 9 18 36 48 54
 dot11b mandatory-rate 1 2
 dot11b supported-rate 5.5 11
 dot11g mandatory-rate 1 2 5.5 11
 dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
 ssid ceshi1f
 bind WLAN-ESS 1
 cipher-suite tkip
 security-ie wpa
 service-template enable
//配置SSID
#
wlan service-template 2 crypto
 ssid ceshi4f
 bind WLAN-ESS 2
 cipher-suite tkip
 security-ie wpa
 service-template enable
#
wlan service-template 3 crypto
 ssid ceshi56f
 bind WLAN-ESS 3
 cipher-suite tkip
 security-ie wpa
 service-template enable
#              
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan 1 10 to 31
#
interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface20
 ip address 192.168.20.254 255.255.255.0
#
interface Vlan-interface10
 ip address 192.168.10.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk permit vlan 1 10 to 31
 port link-aggregation group 1
#
interface M-Ethernet1/0/0
#
interface WLAN-ESS1
 port access vlan 10
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
//配置無線虛接口 1樓
#
interface WLAN-ESS2
 port access vlan 30
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
interface WLAN-ESS3
 port access vlan 31
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher LED7ZJnejDxAvXlAUDpnaw==
#
wlan ap 1f_101 model WA2220-AG id 1
 serial-id 210235A42WC10B001746
 radio 1
 radio 2
  channel 1
  service-template 1
  radio enable
//配置AP
#
wlan ap 1f_117 model WA2220-AG id 2
 serial-id 210235A42WC10B001740
 radio 1
 radio 2
  channel 11
  service-template 1
  radio enable
//配置AP
#
wlan ap 1f_121 model WA2220-AG id 3
 serial-id 210235A42WC10B001514
 radio 1       
 radio 2
  channel 6
  service-template 1
  radio enable
//配置AP
#
..............................................
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.20.1
//配置缺省網關
#
 load xml-configuration
#              
user-interface con 0
user-interface aux 0
 authentication-mode none
 user privilege level 3
user-interface vty 0 4
 authentication-mode scheme
 user privilege level 3

樓層交換機配置以下：

display current-configuration
#
 radius scheme system
#
domain system
#
vlan 19
 description guangli
#
vlan 20

description WLAN_Manager
#
vlan 21
 description 1f
#
vlan 10
 description WLAN_Client1F
#                                        
interface Vlan-interface19
 ip address 192.168.19.20 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
 port access vlan 21
#
interface Ethernet1/0/2
 port access vlan 21
#
............................
#
interface Ethernet1/0/21
 port access vlan 20
//接入AP
#
interface Ethernet1/0/22
 port access vlan 20
//接入AP
#
interface Ethernet1/0/23                 
 port access vlan 20
//接入AP
#
interface Ethernet1/0/21
 port access vlan 20
//接入AP
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/1/2
#
interface GigabitEthernet1/1/3
 port link-type trunk
 port trunk permit vlan 1 10 to 31
//接入S58
#
interface GigabitEthernet1/1/4
 port link-type trunk
 port trunk permit vlan 1 10 to 31
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.19.1 preference 60

//缺省路由
#
 user-interface aux 0 7
user-interface vty 0 4
 authentication-mode scheme

完工！有不正確的地方，還望指點！