真实设备配置AP+AC+FW(VRRP+HSB前置实验)
AI-摘要
AI初始化中...
前往tianli博客
一、项目拓扑以及网络规划。
二、各设备配置,实现透传。
1. SW_01(三层交换机)配置。
主要实现的是配置vlan和IP地址,命令如下。
sys
sysname SW_01
dhcp en
vlan ba 30 50 70 87
int vlan 30
ip add 192.168.30.254 24
int vlan 50
ip add 192.168.50.254 24
dhcp select interface
int vlan 70
ip add 192.168.70.254 24
int vlan 87
ip add 192.168.87.254 24
dhcp select interface
int g0/0/1
p l h
p h t v 30 50
int g0/0/2
p l h
p h t v 30 50
int g0/0/3
p l h
p h u v 30
p h p v 30
int g0/0/4
p l h
p h u v 70
p h p v 70
int g0/0/5
p l h
p h u v 87
p h p v 87
ip route-static 172.172.172.0 24 192.168.70.2532. FW(防火墙)和虚拟FW基础配置。
主要实现基础的IP配置,使之实现互联网能ping通FW的g0/0/2口,SW_01能ping通FW的虚拟防火墙,命令如下。
sys
sysname FW
dhcp en
int g1/0/2
ip add 172.172.172.1 24
servi all permit
q
firewall zone untrust
add int g1/0/2
q
security-policy
rule name TEST
action permit
q
vsys enable
vsys name InSide
assign int g1/0/1
q
switch vsys InSide
sys
firewall zone trust
add int g1/0/1
q
int g1/0/1
ip add 192.168.70.253 24
servi all permit
q
security-policy
rule name TEST
action permit 3. FW互通配置。
主要实现防火墙之间的通讯,以及路由的添加,实现防火墙任意口能ping通交换机任意口。
[FW]
ret
sys
interface Virtual-if 0
ip add 199.199.199.199 32
q
firewall zone untrust
add interface Virtual-if 0
q
switch vsys InSide
sys
interface Virtual-if 1
ip add 198.198.198.198 32
firewall zone trust
add interface Virtual-if 1
ret
sys
ip route-static 192.168.30.0 24 vpn-instance InSide
ip route-static 192.168.50.0 24 vpn-instance InSide
ip route-static 192.168.70.0 24 vpn-instance InSide
ip route-static 192.168.87.0 24 vpn-instance InSide
switch vsys InSide
sys
ip route-static 0.0.0.0 0 public
ip route-static 192.168.30.0 24 192.168.70.254
ip route-static 192.168.50.0 24 192.168.70.254
ip route-static 192.168.70.0 24 192.168.70.254
ip route-static 192.168.87.0 24 192.168.70.254AP管理配置
sys
sysname AC_23
dhcp enable
vlan ba 30 50
int vlan 30
ip add 192.168.30.253 24
dhcp select interface
int vlan 50
ip add 192.168.50.253 24
int g0/0/1
port link-type hybrid
port hybrid tagged vlan 30 50
ip route-static 0.0.0.0 0 192.168.30.254
capwap source interface Vlanif 30
wlan
ap auth-mode no-authAP业务配置
ap-id 0
ap-name AP1
q
ssid-profile name SSID_AP1
ssid AP1
q
security-profile name SEC_AP1
security wpa2 psk pass-phrase Huawei@123 aes
q
vap-profile name VAP_AP1
service-vlan vlan-id 50
forward-mode tunnel
security-profile SEC_AP1
ssid-profile SSID_AP1
q
ap-group name GRP_AP1
vap-profile VAP_AP1 wlan 1 radio all
q
ap-id 0
ap-group GRP_AP1至此,前置实验正式完成。(AC+AP+FW+VRRP+HSB应该会在下一篇发布)
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果