企业案例24无线高密覆盖的搭建与优化解析.docx
《企业案例24无线高密覆盖的搭建与优化解析.docx》由会员分享,可在线阅读,更多相关《企业案例24无线高密覆盖的搭建与优化解析.docx(23页珍藏版)》请在冰豆网上搜索。
企业案例24无线高密覆盖的搭建与优化解析
企业案例
H3C安全优化的广域网
所在系别:
计算机技术系
所属专业:
计算机网络技术
指导教师:
董科鹏
专业负责人:
孙志成
无线高密覆盖的搭建与优化
1、项目来源
无线高密覆盖的搭建与优化
2、项目主要内容
1.会场要求
大多数会场有大型的商场,如大型的超市,购物中心,大型的会议,大型的展会,如车展,还有许多人员密集的地点,并且需要上网的的会场进行会场的查看。
会场的分布情况,会场的ap的放置的地方。
2.网络要求
会场网络要求,按照客户需求进行网络的构建。
根据客户的要求可已行网络的速率的要求。
3.客户需求
1.上网人数,按照人数确定ac,ap的使用型号。
2.根据人员上网的要求,上网出口的带宽确定上网的人的限制带宽。
3.上网的要求是否需要进行验证,portal,802.x的验证方式。
3、项目知识点
无线网络标准与规范
1.网络设计目的
无线局域网的设计是为了让用户在场馆内进行上网。
2.网络设计思想
通过无线网络让用户体会到在公共场合也能快速的上网。
3.网络设计原则
上网速度快、标准、规范。
4、项目技能点
1、IP地址规划
2、AP的正确配置
3、VLAN的划分
5、附录:
1.交换的配置
H3C]discu
#
version5.20,Release3507P29
#
sysnameH3C
#
domaindefaultenablesystem
#
telnetserverenable
#
oapmanagement-ip192.168.0.100slot1
#
password-recoveryenable
#
vlan1
#
vlan30
#
vlan50
#
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
#
user-groupsystem
#
local-useradmin
passwordcipher$c$3$JnZsHxKbcma6Nkok3iJbS7WFoPtgqvYl
authorization-attributelevel3
service-typetelnet
#
interfaceBridge-Aggregation1
portlink-typetrunk
porttrunkpermitvlanall
#
interfaceNULL0
#
interfaceVlan-interface1
ipaddress192.168.0.101255.255.255.0
#
interfaceGigabitEthernet1/0/1
poeenable
#
interfaceGigabitEthernet1/0/2
portlink-typetrunk
porttrunkpermitvlanall
poeenable
#
interfaceGigabitEthernet1/0/3
poeenable
#
interfaceGigabitEthernet1/0/4
poeenable
#
interfaceGigabitEthernet1/0/5
poeenable
#
interfaceGigabitEthernet1/0/6
poeenable
#
interfaceGigabitEthernet1/0/7
poeenable
#
interfaceGigabitEthernet1/0/8
portaccessvlan30
poeenable
#
interfaceGigabitEthernet1/0/9
poeenable
#
interfaceGigabitEthernet1/0/10
poeenable
#
interfaceGigabitEthernet1/0/11
poeenable
#
interfaceGigabitEthernet1/0/12
poeenable
#
interfaceGigabitEthernet1/0/13
poeenable
#
interfaceGigabitEthernet1/0/14
poeenable
#
interfaceGigabitEthernet1/0/15
poeenable
#
interfaceGigabitEthernet1/0/16
poeenable
#
interfaceGigabitEthernet1/0/17
poeenable
#
interfaceGigabitEthernet1/0/18
poeenable
#
interfaceGigabitEthernet1/0/19
poeenable
#
interfaceGigabitEthernet1/0/20
poeenable
#
interfaceGigabitEthernet1/0/21
poeenable
#
interfaceGigabitEthernet1/0/22
poeenable
#
interfaceGigabitEthernet1/0/23
poeenable
#
interfaceGigabitEthernet1/0/24
poeenable
#
interfaceGigabitEthernet1/0/25
shutdown
#
interfaceGigabitEthernet1/0/26
shutdown
#
interfaceGigabitEthernet1/0/27
shutdown
#
interfaceGigabitEthernet1/0/28
shutdown
#
interfaceGigabitEthernet1/0/29
portlink-typetrunk
porttrunkpermitvlanall
portlink-aggregationgroup1
#
interfaceGigabitEthernet1/0/30
portlink-typetrunk
porttrunkpermitvlanall
portlink-aggregationgroup1
#
user-interfaceaux0
user-interfacevty04
authentication-modescheme
user-interfacevty515
#
return
2.无线控制器的配置
[wuxian]discu
#
version5.20,Release3509P29
#
sysnamewuxian
#
domaindefaultenablezhao
#
telnetserverenable
#
port-securityenable
#
portalserverzhaoip10.10.100.12keycipher$c$3$aA2UrZqSJuVf2sS5zAqnAte2fr93TyrIEyc=urlhttp:
//10.10.122.12:
8080/portalserver-typeimc
sysnetidwuxian
#
oapmanagement-ip192.168.0.101slot0
#
password-recoveryenable
#
vlan1
#
vlan30
#
vlan50
#
radiusschemezhao
primaryauthentication10.10.100.12
primaryaccounting10.10.100.12
keyauthenticationcipher$c$3$71EbbZCzE7dWu7u0CV/OMknVKoF/4vF94wI=
keyaccountingcipher$c$3$GVdfmkVSNH21owq3nyh8xyGXbhQU78Gp0Es=
user-name-formatwithout-domain
nas-ip172.16.16.2
#
domainzhao
authenticationportalradius-schemezhao
authorizationportalradius-schemezhao
accountingportalradius-schemezhao
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
#
user-groupsystem
group-attributeallow-guest
#
local-useradmin
passwordcipher$c$3$QybnVQlHf1sZzMXHi5WQxN3UmsolASqL
authorization-attributelevel3
service-typetelnet
#
wlanrrm
dot11amandatory-rate61224
dot11asupported-rate918364854
dot11bmandatory-rate12
dot11bsupported-rate5.511
dot11gmandatory-rate125.511
dot11gsupported-rate69121824364854
#
wlanservice-template1crypto
ssidkaoshioffice
bindWLAN-ESS1
cipher-suitetkip
cipher-suiteccmp
security-iersn
security-iewpa
service-templateenable
#
interfaceBridge-Aggregation1
portlink-typetrunk
porttrunkpermitvlanall
#
interfaceNULL0
#
interfaceVlan-interface1
ipaddress192.168.0.100255.255.255.0
#
interfaceVlan-interface30
ipaddress192.168.30.254255.255.255.0
#
interfaceVlan-interface50
ipaddress172.16.16.2255.255.255.0
portalserverzhaomethodlayer3
portalnas-ip172.16.16.2
#
interfaceGigabitEthernet1/0/1
portlink-typetrunk
porttrunkpermitvlanall
portlink-aggregationgroup1
#
interfaceGigabitEthernet1/0/2
portlink-typetrunk
porttrunkpermitvlanall
portlink-aggregationgroup1
#
interfaceWLAN-ESS1
portaccessvlan30
#
wlanap-groupdefault_group
apap1
#
wlanapap1modelWA2620i-AGNid1
serial-id219801A0CNC127001760
radio1
service-template1
radioenable
radio2
service-template1
radioenable
#
wlanips
malformed-detect-policydefault
signaturedeauth_floodsignature-id1
signaturebroadcast_deauth_floodsignature-id2
signaturedisassoc_floodsignature-id3
signaturebroadcast_disassoc_floodsignature-id4
signatureeapol_logoff_floodsignature-id5
signatureeap_success_floodsignature-id6
signatureeap_failure_floodsignature-id7
signaturepspoll_floodsignature-id8
signaturects_floodsignature-id9
signaturerts_floodsignature-id10
signatureaddba_req_floodsignature-id11
signature-policydefault
countermeasure-policydefault
attack-detect-policydefault
virtual-security-domaindefault
attack-detect-policydefault
malformed-detect-policydefault
signature-policydefault
countermeasure-policydefault
#
iproute-static0.0.0.00.0.0.0172.16.16.1
#
snmp-agent
snmp-agentlocal-engineid800063A2035CDD705A5406
snmp-agentcommunityreadpublic
snmp-agentcommunitywriteprivate
snmp-agentsys-infoversionall
#
user-interfacecon0
user-interfacevty04
authentication-modescheme
userprivilegelevel3
#
Return
3.路由的配置
[rt2]discu
#
version5.20,Release2512P03,Standard
#
sysnamert2
#
l2tpenable
#
ikelocal-namezhao
#
nataddress-group1210.1.1.1210.1.1.14
#
domaindefaultenablesystem
#
dnsproxyenable
dnsserver202.106.0.20
dnsserver8.8.8.8
#
darp2psignature-filecfa0:
/p2p_default.mtd
#
qoscarl1destination-ip-addresssubnet192.168.10.124
qoscarl2destination-ip-addresssubnet192.168.10.124per-address
qoscarl3source-ip-addresssubnet192.168.10.124
qoscarl4source-ip-addresssubnet192.168.10.124per-address
#
port-securityenable
#
undoiphttpenable
#
password-recoveryenable
#
aclnumber3000
descriptionnat
rule0denyipsource192.168.20.00.0.0.255destination192.168.100.00.0.0.255
rule1permitipsource192.168.0.00.0.255.255
aclnumber3001
descriptionipsec
rule5permitipsource192.168.20.00.0.0.255destination192.168.100.00.0.0.255
aclnumber3002
descriptionL2TP
rule0denyipsource192.168.20.00.0.0.255destination192.168.10.00.0.0.255
aclnumber3003
rule0permitipsource192.168.20.100destination192.168.0.00.0.255.255
aclnumber3004
descriptionliantongpbr
rule0permitipsource192.168.20.00.0.0.255
aclnumber3005
descriptiondianxinpbr
rule0permitipsource192.168.10.00.0.0.255
#
vlan1
#
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
domainzhao
authenticationppplocal
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
ippool1192.168.70.2192.168.70.253
#
ikepeerzhao
exchange-modeaggressive
pre-shared-keycipher$c$3$93JAnfhX6oBvlMyyoe+2oIAdSSYOb70=
id-typename
remote-namezhao
#
ipsectransform-setzhao
encapsulation-modetunnel
transformesp
espauthentication-algorithmsha1
espencryption-algorithmaes-cbc-128
#
ipsecpolicyzhao10isakmp
securityacl3001
ike-peerzhao
transform-setzhao
#
policy-based-route1permitnode20
if-matchacl3004
applyip-addressnext-hop210.1.2.1track1
policy-based-route1permitnode30
if-matchacl3005
applyip-addressnext-hop200.1.1.1track2
#
user-groupsystem
group-attributeallow-guest
#
local-useradmin
passwordcipher$c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV
authorization-attributelevel3
service-typetelnet
local-userzhao
passwordcipher$c$3$FVTzT6SHUCbWzg1U/wMYBl0MSP4NaHI=
service-typeppp
local-userzhao1
passwordcipher$c$3$2V81V6tVLUCopk4FJWqbdGc8fTzzy4A=
service-typeppp
#
cwmp
undocwmpenable
#
l2tp-group1
allowl2tpvirtual-template1
#
interfaceAux0
asyncmodeflow
link-protocolppp
#
interfaceCellular0/0
asyncmodeprotocol
link-protocolppp
#
interfaceEthernet0/0
portlink-moderoute
descriptionliantong
natoutbound3000address-group1
natserverprotocoltcpglobal210.1.1.1wwwinside192.168.20.108080
ipaddress210.1.2.2255.255.255.252
ipsecpolicyzhao
qoscarinboundcarl1cir1000000cbs1000000ebs0greenpassreddiscard
qoscaroutboundcarl3cir1000000cbs1000000ebs0greenpassreddiscard
#
interfaceEthernet0/1
portlink-moderoute
descriptiondianxin
natoutbound3000
ipaddress200.1.1.2255.255.255.252
qoscarinboundcarl1cir10
升级会员 