0
点赞
收藏
分享

微信扫一扫

WLAN DHCP中继代理实验组网

1、网络拓扑图

WLAN DHCP中继代理实验组网_ci

2、核心配置

2.1 DHCP 中继配置

1)dhcp server配置

ip pool ***

network 网段 mask 子网掩码

gateway-list 网关地址

dhs-list DNS服务器地址

lease day 8 租期

2)出接口配置

int g0/0/1

dhcp select global

3)中继接口

int vlanif xx

dhcp select relay

dhcp relay server-ip xxx//指定DHCP服务器的地址

2.2 AC配置

capwap source interface vlanif20 #指定AC与AP建立 CAPWAP 隧道的源接口

wlan #进入 WLAN 的配置模式

security-profile name Huawei-AP3030 #创建并进入 安全模板视图

security wpa2 psk pass-phrase P@ssw0rd aes-tkip #指定加密使用的方式及密钥

ssid-profile name Huawei-AP3030 # 创 建 并 进 入 SSID模板视图

ssid Huawei-AP3030 #指定SSID的名称

vap-profile name Huawei-AP3030 # 创 建 并 进 入 VAP模板视图

service-vlan vlan-id 666 # 配 置 VAP 的 业 务 VLAN 为 VLAN 666

ssid-profile Huawei-AP3030 #绑定SSID模板

security-profile Huawei-AP3030 #绑定安全模板

ap-group name Huawei-AP3030 #创建并进入AP组

radio 0 #指定射频ID

vap-profile Huawei-AP3030 wlan 1 # 将 VAP 与 WLAN配置做绑定

ap-id 1 type-id 45 ap-mac 00E0-FC48-4D40 #配置第 一台AP的ID值,类型值,以及AP的MAC地址

ap-name AP1 #为第一台AP命名

ap-group Huawei-AP3030 #将AP加入进AP组

3、具体配置

3.1DHCP server配置

<RTA>display current-configuration  

[V200R003C00]

#

sysname RTA

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

dhcp enable

#

ip pool vlan100

gateway-list 192.168.100.254  

network 192.168.100.0 mask 255.255.255.0  

lease day 8 hour 0 minute 0  

dns-list 8.8.8.8  

option 43 sub-option 2 ip-address 192.168.2.1  

#

ip pool vlan666

gateway-list 172.16.1.1  

network 172.16.1.0 mask 255.255.255.0  

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface Ethernet0/0/0

#

interface Ethernet0/0/1

#

interface Ethernet0/0/2

#

interface Ethernet0/0/3

#

interface Ethernet0/0/4

#

interface Ethernet0/0/5

#

interface Ethernet0/0/6

#

interface Ethernet0/0/7

#

interface GigabitEthernet0/0/0

ip address 192.168.1.1 255.255.255.0  

dhcp select global

#

interface GigabitEthernet0/0/1

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 192.168.1.2

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<RTA>

3.2 中继配置

[SWA]display current-configuration  

#

sysname SWA

#

vlan batch 10 20 100 666

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

dhcp enable

#

diffserv domain default

#

drop-profile default

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

ip address 192.168.1.2 255.255.255.0

#

interface Vlanif20

ip address 192.168.2.2 255.255.255.0

#

interface Vlanif100

ip address 192.168.100.254 255.255.255.0

dhcp select relay

dhcp relay server-ip 192.168.1.1

#

interface Vlanif666

ip address 172.16.1.1 255.255.255.0

dhcp select relay

dhcp relay server-ip 192.168.1.1

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

#

interface GigabitEthernet0/0/2

port link-type access

port default vlan 20

#

interface GigabitEthernet0/0/3

port link-type trunk

port trunk pvid vlan 100

port trunk allow-pass vlan 2 to 4094

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

user-interface con 0

user-interface vty 0 4

#

return

[SWA]

3.3AC配置

<AC>display current-configuration  

#

sysname AC

#

set memory-usage threshold 0

#

ssl renegotiation-rate 1  

#

vlan batch 20 100 666

#

authentication-profile name default_authen_profile

authentication-profile name dot1x_authen_profile

authentication-profile name mac_authen_profile

authentication-profile name portal_authen_profile

authentication-profile name macportal_authen_profile

#

diffserv domain default

#

radius-server template default

#

pki realm default

rsa local-key-pair default

enrollment self-signed

#

ike proposal default

encryption-algorithm aes-256  

dh group14  

authentication-algorithm sha2-256  

authentication-method pre-share

integrity-algorithm hmac-sha2-256  

prf hmac-sha2-256  

#

free-rule-template name default_free_rule

#

portal-access-profile name portal_access_profile

#

aaa

authentication-scheme default

authentication-scheme radius

 authentication-mode radius

authorization-scheme default

accounting-scheme default

domain default

 authentication-scheme radius

 radius-server default

domain default_admin

 authentication-scheme default

local-user admin password irreversible-cipher $1a$Y;p,R/W_~@$v$@[WsX'^V<.<3%(.[

K0">kzK|%K;'W7iZ%]j$A6$

local-user admin privilege level 15

local-user admin service-type http

#

interface Vlanif20

ip address 192.168.2.1 255.255.255.0

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 20

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet0/0/3

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

undo negotiation auto

duplex half

#

interface GigabitEthernet0/0/8

undo negotiation auto

duplex half

#

interface NULL0

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

ssh server secure-algorithms cipher aes256_ctr aes128_ctr

ssh server key-exchange dh_group14_sha1

ssh client secure-algorithms cipher aes256_ctr aes128_ctr

ssh client secure-algorithms hmac sha2_256

ssh client key-exchange dh_group14_sha1

#

ip route-static 0.0.0.0 0.0.0.0 192.168.2.2

#

capwap source interface vlanif20

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

protocol inbound all

user-interface vty 16 20

protocol inbound all

#

wlan

traffic-profile name default

security-profile name default

security-profile name default-wds

security-profile name default-mesh

security-profile name huawei-ap3030

 security wpa2 psk pass-phrase %^%#+2lC4kahi17v"*0}MOV>1{(c1ia`fX`(~rC5&{t@%^%#

aes-tkip

ssid-profile name default

ssid-profile name huawei-ap3030

 ssid huawei-ap3030

vap-profile name default

vap-profile name Huawei-AP3030

 service-vlan vlan-id 666

 ssid-profile huawei-ap3030

 security-profile huawei-ap3030

wds-profile name default

mesh-handover-profile name default

mesh-profile name default

regulatory-domain-profile name default

air-scan-profile name default

rrm-profile name default

radio-2g-profile name default

radio-5g-profile name default

wids-spoof-profile name default

wids-profile name default

wireless-access-specification

ap-system-profile name default

port-link-profile name default

wired-port-profile name default

serial-profile name preset-enjoyor-toeap  

ap-group name default

ap-group name Huawei-AP3030

 radio 0

  vap-profile Huawei-AP3030 wlan 1

ap-id 1 type-id 45 ap-mac 00e0-fc63-4550 ap-sn 2102354483101780BE72

 ap-name ap1

 ap-group Huawei-AP3030

provision-ap

#

dot1x-access-profile name dot1x_access_profile

#

mac-access-profile name mac_access_profile

#

return

<AC>

说明:密码为P@ssw0rd

4、结果

WLAN DHCP中继代理实验组网_ci_02

举报

相关推荐

0 条评论