1、h3csysh3csysname AC( 注意,AC为WA2620-AGN,本AC改名字的时候不能只打sys+名字,需要的是完整才能打出来sysname+名字)ACint vlan 1AC-vlan-interfacelundo ip addAC-vlan-interfacelvlan 2AC-vlan2vlan 4AC-vlan4int vlan 4AC-vlan-interface4ip add 192.168.4.1 24AC-vlan-interface4quitAC radius scheme yuAC-radius-yu server-type extendedAC-radius-
2、yu primary authentication 192.168.5.1AC-radius-yu primary accounting 192.168.5.1AC-radius-yu key authentication h3c(radius上默认的密钥为h3c,可以重设,所以在配置上需要一致,所以这里配置h3c)AC-radius-yu key accounting h3cAC-radius-yu user-name-format without-domain(注意:这条指令的意思是,不用域名,让你在radius添加账户时可以不带域名)AC-isp-yu authentication la
3、n-access radius-scheme yuAC-isp-yu authorization lan-access radius-scheme luAC-isp-yu accounting lan-access radius-scheme luACint g1/0/1AC-GigabitEthernet1/0/1 port link-type trunkAC-GigabitEthernet1/0/1 port trunk permit vlan 1 to 2 4AC interface WLAN-ESS7AC-WLAN-ESS7 port access vlan 2AC-WLAN-ESS7
4、 port-security port-mode mac-authenticationAC wlan service-template 7 clearAC-wlan-st-7ssid yuAC-wlan-st-7 bind WLAN-ESS 7AC-wlan-st-7 service-template enableACwlan ap yu model wa2620-agnAC-wlan-ap-yu serial-id 219801A0A89112G03396AC-wlan-ap-yuradio 2AC-wlan-ap-yu-radio-2 service-template 7AC-wlan-a
5、p-yu-radio-2 radio enableAC ip route-static 0.0.0.0 0.0.0.0 192.168.4.254AClocal user 90c1151c77dbAC-luser-90c1151c77dbpassword simple 90c1151c77db(这里是接入的无线客户端的mac地址)步骤二:在AC交换模块上配置连接ACSWacoap connet slot 0acswacswint vlan 1acsw-vlan-interfacelundo ip addacsw-vlan-interfacelvlan 2acsw-vlan2vlan 4acsw
6、-vlan4quitacsw interface GigabitEthernet1/0/8acsw- GigabitEthernet1/0/8 port link-type trunkacsw- GigabitEthernet1/0/8 port trunk permit vlan 1 to 2 4acswint g1/0/9acsw- GigabitEthernet1/0/9 port link-type trunkacsw- GigabitEthernet1/0/9 port trunk permit vlan 1 to 2 4步骤三:配置Dhcp中继交换机上的ip地址池Dhcp中继交换机
7、dhcpvlan 3dhcpdhcp enabledhcp dhcp server ip-pool 1dhcp-pool-pool1 network 192.168.1.0 24dhcp-pool-pool1 gateway-list 192.168.1.254dhcp-pool-pool1 option 43 hex 80070000 01C0A804 01dhcp-pool-pool2 network 192.168.2.0 24dhcp-pool-pool2 gateway-list 192.168.2.254dhcpint vlan 3dhcp-vlan-interface3ip ad
8、d 192.168.3.1 24dhcpint e1/0/24dhcp-Ethernet1/0/24 port access vlan 3dhcprip 1dhcp-rip-1 network 192.168.3.0dhcp dhcp server forbidden-ip 192.168.1.254dhcp dhcp server forbidden-ip 192.168.2.254步骤四:作为连接所有设备的交换机,配置其中继功能SWswvlan 2sw-vlan2vlan 3sw-vlan3vlan 4sw-vlan4vlan 5sw-vlan5vlan 6sw-vlan6quitsw d
9、hcp relay server-group 1 ip 192.168.3.1swint vlan 1sw-vlan-interfacelip add 192.168.1.254 24sw-vlan-interfacel dhcp select relaysw-vlan-interfacel dhcp relay server-select 1sw-vlan-interface2 ip address 192.168.2.254 24sw-vlan-interface2 dhcp select relaysw-vlan-interface2 dhcp relay server-select 1
10、sw-vlan-interface3 ip address 192.168.3.254 24sw-vlan-interface4 ip address 192.168.4.254 24sw-vlan-interface5 ip address 192.168.5.254 24sw-vlan-interface6 ip address 192.168.6.254 24swint e1/0/5sw- Ethernet1/0/5 port access vlan 5swint e1/0/6sw- Ethernet1/0/6 port access vlan 2swint e1/0/8sw- Ethe
11、rnet1/0/8 port link-type trunksw- Ethernet1/0/8 port trunk permit vlan 1 to 2 4swint e1/0/24sw- Ethernet1/0/24 port access vlan 3swrip 1sw-rip-1 network 192.168.1.0sw-rip-1network 192.168.2.0sw-rip-1 network 192.168.3.0sw-rip-1 network 192.168.4.0sw-rip-1 network 192.168.5.0sw-rip-1 network 192.168.
12、6.0swdhcp enblesw ip route-static 0.0.0.0 0.0.0.0 192.168.6.1(这里指向下一跳的地址,即连接外网的路由器的接口地址)步骤五:配置路由器上的路由功能RARA acl number 2000RA-acl-basic-2000 rule 1 permit source 192.168.2.0 0.0.0.255RA-acl-basic-2000 rule 2 permit source 192.168.6.0 0.0.0.255RAripRA-rip network 192.168.2.0RA-rip network 192.168.6.0
13、RAint e0/0RA- Ethernet0/0ip add 192.168.6.1 24RAint e0/1RA- Ethernet0/1 ip address 10.3.102.33 24RA- Ethernet0/1 nat outbound 2000RA ip route-static 0.0.0.0 0.0.0.0 10.3.102.1至此,基本配置全部完成步骤五:测试配置结果查看3层注册是否成功假如3层注册不成功,我们应该一环环进行检查,ping测试AC ping switch测试DHCP ping switch测试3层注册成功后,我们检查下DHCP获取情况建立起RADIUS服务器手机连接过程与结果手机客户端连接后的DHCP获取情况查看一下路由器上nat转换的情况接下来看看我们连接的手机是不是可以正常的上网随便上的2个不同的网,再看看上面的各种图片证明,毫无疑问实验成功。
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 