1、企业案例24无线高密覆盖的搭建与优化解析企业案例H3C安全优化的广域网所在系别: 计算机技术系 所属专业: 计算机网络技术 指导教师: 董科鹏 专业负责人: 孙志成 无线高密覆盖的搭建与优化1、项目来源无线高密覆盖的搭建与优化2、项目主要内容1 会场要求大多数会场有大型的商场,如大型的超市, 购物中心, 大型的会议,大型的展会,如车展,还有许多人员密集的地点,并且需要上网的的会场进行会场的查看。会场的分布情况,会场的ap的放置的地方。2 网络要求会场网络要求,按照客户需求进行网络的构建。根据客户的要求可已行网络的速率的要求。3 客户需求1.上网人数,按照人数确定ac,ap的使用型号。2.根据人
2、员上网的要求,上网出口的带宽确定上网的人的限制带宽。3.上网的要求是否需要进行验证,portal,802.x的验证方式。3、项目知识点无线网络标准与规范1.网络设计目的无线局域网的设计是为了让用户在场馆内进行上网。2.网络设计思想通过无线网络让用户体会到在公共场合也能快速的上网。3.网络设计原则上网速度快、标准、规范。4、项目技能点1、IP地址规划2、AP的正确配置3、VLAN的划分5、附录:1.交换的配置 H3Cdis cu # version 5.20, Release 3507P29# sysname H3C# domain default enable system# telnet s
3、erver enable# oap management-ip 192.168.0.100 slot 1# password-recovery enable#vlan 1#vlan 30#vlan 50#domain system access-limit disable state active idle-cut disable self-service-url disable#user-group system#local-user admin password cipher $c$3$JnZsHxKbcma6Nkok3iJbS7WFoPtgqvYl authorization-attri
4、bute level 3 service-type telnet#interface Bridge-Aggregation1 port link-type trunk port trunk permit vlan all#interface NULL0#interface Vlan-interface1 ip address 192.168.0.101 255.255.255.0#interface GigabitEthernet1/0/1 poe enable#interface GigabitEthernet1/0/2 port link-type trunk port trunk per
5、mit vlan all poe enable#interface GigabitEthernet1/0/3 poe enable#interface GigabitEthernet1/0/4 poe enable#interface GigabitEthernet1/0/5 poe enable#interface GigabitEthernet1/0/6 poe enable#interface GigabitEthernet1/0/7 poe enable#interface GigabitEthernet1/0/8 port access vlan 30 poe enable#inte
6、rface GigabitEthernet1/0/9 poe enable #interface GigabitEthernet1/0/10 poe enable#interface GigabitEthernet1/0/11 poe enable#interface GigabitEthernet1/0/12 poe enable#interface GigabitEthernet1/0/13 poe enable#interface GigabitEthernet1/0/14 poe enable#interface GigabitEthernet1/0/15 poe enable#int
7、erface GigabitEthernet1/0/16 poe enable#interface GigabitEthernet1/0/17 poe enable#interface GigabitEthernet1/0/18 poe enable#interface GigabitEthernet1/0/19 poe enable#interface GigabitEthernet1/0/20 poe enable#interface GigabitEthernet1/0/21 poe enable#interface GigabitEthernet1/0/22 poe enable#in
8、terface GigabitEthernet1/0/23 poe enable#interface GigabitEthernet1/0/24 poe enable# interface GigabitEthernet1/0/25 shutdown#interface GigabitEthernet1/0/26 shutdown#interface GigabitEthernet1/0/27 shutdown#interface GigabitEthernet1/0/28 shutdown#interface GigabitEthernet1/0/29 port link-type trun
9、k port trunk permit vlan all port link-aggregation group 1#interface GigabitEthernet1/0/30 port link-type trunk port trunk permit vlan all port link-aggregation group 1#user-interface aux 0user-interface vty 0 4 authentication-mode schemeuser-interface vty 5 15#return2.无线控制器的配置wuxiandis cu # version
10、 5.20, Release 3509P29# sysname wuxian# domain default enable zhao# telnet server enable# port-security enable# portal server zhao ip 10.10.100.12 key cipher $c$3$aA2UrZqSJuVf2sS5zAqnAte2fr93TyrIEyc= url http:/10.10.122.12:8080/portal server-type imc sysnetid wuxian# oap management-ip 192.168.0.101
11、slot 0# password-recovery enable#vlan 1#vlan 30 #vlan 50#radius scheme zhao primary authentication 10.10.100.12 primary accounting 10.10.100.12 key authentication cipher $c$3$71EbbZCzE7dWu7u0CV/OMknVKoF/4vF94wI= key accounting cipher $c$3$GVdfmkVSNH21owq3nyh8xyGXbhQU78Gp0Es= user-name-format without
12、-domain nas-ip 172.16.16.2#domain zhao authentication portal radius-scheme zhao authorization portal radius-scheme zhao accounting portal radius-scheme zhao access-limit disable state active idle-cut disable self-service-url disabledomain system access-limit disable state active idle-cut disable sel
13、f-service-url disable#user-group system group-attribute allow-guest#local-user admin password cipher $c$3$QybnVQlHf1sZzMXHi5WQxN3UmsolASqL authorization-attribute level 3 service-type telnet#wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b s
14、upported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan service-template 1 crypto ssid kaoshi office bind WLAN-ESS 1 cipher-suite tkip cipher-suite ccmp security-ie rsn security-ie wpa service-template enable# interface Bridge-Aggregation1 port link-typ
15、e trunk port trunk permit vlan all#interface NULL0#interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0#interface Vlan-interface30 ip address 192.168.30.254 255.255.255.0#interface Vlan-interface50 ip address 172.16.16.2 255.255.255.0 portal server zhao method layer3 portal nas-ip 172.16
16、.16.2#interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all port link-aggregation group 1#interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 1#interface WLAN-ESS1 port access vlan 30#wlan ap-group default_group ap ap1#w
17、lan ap ap1 model WA2620i-AGN id 1 serial-id 219801A0CNC127001760 radio 1 service-template 1 radio enable radio 2 service-template 1 radio enable#wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood sig
18、nature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10
19、 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default# ip route-static 0.0.0.0
20、0.0.0.0 172.16.16.1# snmp-agent snmp-agent local-engineid 800063A2035CDD705A5406 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all#user-interface con 0user-interface vty 0 4 authentication-mode scheme user privilege level 3#Return3.路由的配置rt2dis cu # v
21、ersion 5.20, Release 2512P03, Standard# sysname rt2# l2tp enable# ike local-name zhao# nat address-group 1 210.1.1.1 210.1.1.14# domain default enable system# dns proxy enable dns server 202.106.0.20 dns server 8.8.8.8# dar p2p signature-file cfa0:/p2p_default.mtd# qos carl 1 destination-ip-address
22、subnet 192.168.10.1 24 qos carl 2 destination-ip-address subnet 192.168.10.1 24 per-address qos carl 3 source-ip-address subnet 192.168.10.1 24 qos carl 4 source-ip-address subnet 192.168.10.1 24 per-address# port-security enable# undo ip http enable# password-recovery enable#acl number 3000 descrip
23、tion nat rule 0 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 rule 1 permit ip source 192.168.0.0 0.0.255.255acl number 3001 description ipsec rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.100.0 0.0.0.255acl number 3002 description L2TP rule 0 deny ip
24、 source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255acl number 3003 rule 0 permit ip source 192.168.20.10 0 destination 192.168.0.0 0.0.255.255acl number 3004 description liantong pbr rule 0 permit ip source 192.168.20.0 0.0.0.255acl number 3005 description dianxin pbr rule 0 permit ip
25、source 192.168.10.0 0.0.0.255#vlan 1#domain system access-limit disable state active idle-cut disable self-service-url disabledomain zhao authentication ppp local access-limit disable state active idle-cut disable self-service-url disable ip pool 1 192.168.70.2 192.168.70.253#ike peer zhao exchange-
26、mode aggressive pre-shared-key cipher $c$3$93JAnfhX6oBvlMyyoe+2oIAdSSYOb70= id-type name remote-name zhao#ipsec transform-set zhao encapsulation-mode tunnel transform esp esp authentication-algorithm sha1 esp encryption-algorithm aes-cbc-128#ipsec policy zhao 10 isakmp security acl 3001 ike-peer zha
27、o transform-set zhao#policy-based-route 1 permit node 20 if-match acl 3004 apply ip-address next-hop 210.1.2.1 track 1policy-based-route 1 permit node 30 if-match acl 3005 apply ip-address next-hop 200.1.1.1 track 2#user-group system group-attribute allow-guest#local-user admin password cipher $c$3$
28、40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV authorization-attribute level 3 service-type telnetlocal-user zhao password cipher $c$3$FVTzT6SHUCbWzg1U/wMYBl0MSP4NaHI= service-type ppplocal-user zhao1 password cipher $c$3$2V81V6tVLUCopk4FJWqbdGc8fTzzy4A= service-type ppp#cwmp undo cwmp enable#l2tp-group 1 allow l
29、2tp virtual-template 1#interface Aux0 async mode flow link-protocol ppp#interface Cellular0/0 async mode protocol link-protocol ppp#interface Ethernet0/0 port link-mode route description liantong nat outbound 3000 address-group 1 nat server protocol tcp global 210.1.1.1 www inside 192.168.20.10 8080
30、 ip address 210.1.2.2 255.255.255.252 ipsec policy zhao qos car inbound carl 1 cir 1000000 cbs 1000000 ebs 0 green pass red discard qos car outbound carl 3 cir 1000000 cbs 1000000 ebs 0 green pass red discard#interface Ethernet0/1 port link-mode route description dianxin nat outbound 3000 ip address 200.1.1.2 255.255.255.252 qos car inbound carl 1 cir 10
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1