华为中小企业网络综合实验-WLAN

实验要求：1-WLAN部署AC旁挂式，每个AP两个SSID，一个开放式，另一个需要验证

2-无线设备和内网PC互通

3-内网PC和无线设备NAPT访问外网

4-内网NAT服务器，供外网访问

一：如图网络规划设置好IP (省略)

二：有线部分网络设置

R上设置：

acl number 3000
rule 5 permit ip source 192.168.101.0 0.0.0.255
rule 10 permit ip source 192.168.102.0 0.0.0.255
rule 15 permit ip source 192.168.103.0 0.0.0.255

interface GigabitEthernet0/0/1
nat server protocol tcp global current-interface 8080 inside 192.168.10.2 www
nat server protocol tcp global current-interface 2121 inside 192.168.10.2 ftp
nat outbound 3000

ip route-static 0.0.0.0 0.0.0.0 202.100.1.2
ip route-static 192.168.0.0 255.255.0.0 192.168.1.1

Core 上设置：

vlan batch 50 100 to 103

interface Vlanif1
ip address 192.168.1.1 255.255.255.252

interface Vlanif50
ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet0/0/5

port link-type access
port default vlan 50
#
interface Vlanif100
ip address 192.168.100.254 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/2
port link-type access
port default vlan 100

interface Vlanif101
ip address 192.168.101.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2
#
interface Vlanif102
ip address 192.168.102.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2
#
interface Vlanif103
ip address 192.168.103.254 255.255.255.0
dhcp select interface
dhcp server dns-list 192.168.10.2

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094

ip route-static 0.0.0.0 0.0.0.0 192.168.1.2

AC上设置：

vlan bat 100 to 101

interface Vlanif100
ip address 192.168.100.253 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100

S1上配置：

vlan batch 100 to 103

interface Ethernet0/0/21
port link-type access
port default vlan 102

interface Ethernet0/0/22
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101

interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

S2上配置

interface Ethernet0/0/22
port link-type trunk
port trunk pvid vlan 100

interface Ethernet0/0/2
port link-type access
port default vlan 103
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094

三：AC上设置

1-先设置AP上线

wlan
wlan ac source interface vlanif100
ap-auth-mode sn-auth
ap id 0 type-id 19 mac 00e0-fc60-5340 sn 2102354483109975991D
ap id 1 type-id 19 mac 00e0-fca8-5940 sn 210235448310EA6A8212

检查一下是否成功上线

-------------------------------

----------------------------------

2个AP都已成功上线！

最麻烦的部分来了，直接上配置

wmm-profile name Ap0 id 0
traffic-profile name AP-0 id 0
security-profile name open id 0
security-profile name pre-authen id 1
security-policy wpa2
wpa2 authentication-method psk pass-phrasesimple 1234567890 encryption-method ccmp
service-set name open id 0
wlan-ess 101
ssid Guest
traffic-profile id 0
security-profile id 0
service-vlan 101
service-set name intrenet id 1
wlan-ess 101
ssid intrenet
traffic-profile id 0
security-profile id 1
service-vlan 101
radio-profile name 2.4G id 0
wmm-profile id 0
radio-profile name 5G id 1
radio-type 80211an
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 0 radio 1
radio-profile id 1
service-set id 1 wlan 1
commit ap 0
ap 1 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 1 radio 1
radio-profile id 1
service-set id 1 wlan 1
commit ap 1

很快地漂亮的大圆已经出现，业务已经下发！

每个AP两个SSID。第一个open直接连，第二个需要输入配置里的密码！

四：验证部分

无线上网设备两个SSID都可正常获取IP地址，可上网并可与内网PC互通

内网PC可自动获取地址并可以访问外网,