企业案例(24)无线高密覆盖搭建与优化解析

1、公司事例(24)无线高密覆盖的搭建与优化解析公司事例(24)无线高密覆盖的搭建与优化解析16/16公司事例(24)无线高密覆盖的搭建与优化解析公司事例H3C安全优化的广域网所在系别：计算机技术系所属专业：计算机网络技术指导教师：董科鹏专业负责人：孙志成无线高密覆盖的搭建与优化一、项目根源无线高密覆盖的搭建与优化二、项目主要内容1会场要求大部分会场有大型的商场，如大型的商场，购物中心，大型的会议，大型的展会，如车展，还有很多人员密集的地址，而且需要上网的的会场进行会场的查察。会场的散布状况，会场的AP的搁置的地方。2网络要求会场网络要求，依据客户需求进行网络的建立。依据客户的要求可已行网络的速率

2、的要求。3客户需求上网人数，依据人数确立AC，AP的使用型号。依据人员上网的要求，上网出口的带宽确立上网的人的限制带宽。上网的要求能否需要进行考证，PORTAL，802.X的考证方式。三、项目知识点无线网络标准与规范网络设计目的无线局域网的设计是为了让用户在场馆内进行上网。网络设计思想经过无线网络让用户意会到在公共场合也能迅速的上网。网络设计原则上网速度快、标准、规范。四、项目技术点1、IP地址规划2、AP的正确配置3、VLAN的区分五、附录：互换的配置H3Cdiscu#version5.20,Release3507P29#sysnameH3C#domaindefaultenablesyste

3、m#telnetserverenable#oapmanagement-ip00slot1#password-recoveryenable#vlan1#vlan30#vlan50#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystem#local-useradminpasswordcipher$c$3$JnZsHxKbcma6Nkok3iJbS7WFoPtgqvYlauthorization-attributelevel3service-typetelnet

4、#interfaceBridge-Aggregation1portlink-typetrunkporttrunkpermitvlanall#interfaceNULL0#interfaceVlan-interface1#interfaceGigabitEthernet1/0/1poeenable#interfaceGigabitEthernet1/0/2portlink-typetrunkporttrunkpermitvlanallpoeenable#interfaceGigabitEthernet1/0/3poeenable#interfaceGigabitEthernet1/0/4poee

5、nable#interfaceGigabitEthernet1/0/5poeenable#interfaceGigabitEthernet1/0/6poeenable#interfaceGigabitEthernet1/0/7poeenable#interfaceGigabitEthernet1/0/8portaccessvlan30poeenable#interfaceGigabitEthernet1/0/9poeenable#interfaceGigabitEthernet1/0/10poeenable#interfaceGigabitEthernet1/0/11poeenable#int

6、erfaceGigabitEthernet1/0/12poeenable#interfaceGigabitEthernet1/0/13poeenable#interfaceGigabitEthernet1/0/14poeenable#interfaceGigabitEthernet1/0/15poeenable#interfaceGigabitEthernet1/0/16poeenable#interfaceGigabitEthernet1/0/17poeenable#interfaceGigabitEthernet1/0/18poeenable#interfaceGigabitEtherne

7、t1/0/19poeenable#interfaceGigabitEthernet1/0/20poeenable#interfaceGigabitEthernet1/0/21poeenable#interfaceGigabitEthernet1/0/22poeenable#interfaceGigabitEthernet1/0/23poeenable#interfaceGigabitEthernet1/0/24poeenable#interfaceGigabitEthernet1/0/25shutdown#interfaceGigabitEthernet1/0/26shutdown#inter

8、faceGigabitEthernet1/0/27shutdown#interfaceGigabitEthernet1/0/28shutdown#interfaceGigabitEthernet1/0/29portlink-typetrunkporttrunkpermitvlanallportlink-aggregationgroup1#interfaceGigabitEthernet1/0/30portlink-typetrunkporttrunkpermitvlanallportlink-aggregationgroup1#user-interfaceaux0user-interfacev

9、ty04authentication-modeschemeuser-interfacevty515#return无线控制器的配置wuxiandiscu#version5.20,Release3509P29#sysnamewuxian#domaindefaultenablezhao#telnetserverenable#port-securityenable#portalserverzhaoipkeycipher$c$3$aA2UrZqSJuVf2sS5zAqnAte2fr93TyrIEyc=url2:8080/portalserver-typeimcsysnetidwuxian#oapmana

10、gement-ip01slot0#password-recoveryenable#vlan1#vlan30#vlan50#radiusschemezhaokeyauthenticationcipher$c$3$71EbbZCzE7dWu7u0CV/OMknVKoF/4vF94wI=keyaccountingcipher$c$3$GVdfmkVSNH21owq3nyh8xyGXbhQU78Gp0Es=user-name-formatwithout-domain#domainzhaoauthenticationportalradius-schemezhaoauthorizationportalra

11、dius-schemezhaoaccountingportalradius-schemezhaoaccess-limitdisablestateactiveidle-cutdisableself-service-urldisabledomainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystemgroup-attributeallow-guest#local-useradminpasswordcipher$c$3$QybnVQlHf1sZzMXHi5WQxN3Ums

12、olASqLauthorization-attributelevel3service-typetelnet#wlanrrmdot11amandatory-rate61224dot11asupported-rate918364854dot11bmandatory-rate12dot11bsupported-rate5.511dot11gmandatory-rate125.511dot11gsupported-rate69121824364854#wlanservice-template1cryptossidkaoshiofficebindWLAN-ESS1cipher-suitetkipciph

13、er-suiteccmpsecurity-iersnsecurity-iewpaservice-templateenable#interfaceBridge-Aggregation1portlink-typetrunkporttrunkpermitvlanall#interfaceNULL0#interfaceVlan-interface1#interfaceVlan-interface30#interfaceVlan-interface50portalserverzhaomethodlayer3#interfaceGigabitEthernet1/0/1portlink-typetrunkp

14、orttrunkpermitvlanallportlink-aggregationgroup1#interfaceGigabitEthernet1/0/2portlink-typetrunkporttrunkpermitvlanallportlink-aggregationgroup1#interfaceWLAN-ESS1portaccessvlan30#wlanap-groupdefault_groupapap1#wlanapap1modelWA2620i-AGNid1serial-id219801A0CNC127001760radio1service-template1radioenabl

15、eradio2service-template1radioenable#wlanipsmalformed-detect-policydefaultsignaturedeauth_floodsignature-id1signaturebroadcast_deauth_floodsignature-id2signaturedisassoc_floodsignature-id3signaturebroadcast_disassoc_floodsignature-id4signatureeapol_logoff_floodsignature-id5signatureeap_success_floods

16、ignature-id6signatureeap_failure_floodsignature-id7signaturepspoll_floodsignature-id8signaturects_floodsignature-id9signaturerts_floodsignature-id10signatureaddba_req_floodsignature-id11signature-policydefaultcountermeasure-policydefaultattack-detect-policydefaultvirtual-security-domaindefaultattack

17、-detect-policydefaultmalformed-detect-policydefaultsignature-policydefaultcountermeasure-policydefault#snmp-agentsnmp-agentlocal-engineid800063A2035CDD705A5406snmp-agentcommunityreadpublicsnmp-agentcommunitywriteprivatesnmp-agentsys-infoversionall#user-interfacecon0user-interfacevty04authentication-

18、modeschemeuserprivilegelevel3#Return路由的配置rt2discu#version5.20,Release2512P03,Standard#sysnamert2#l2tpenable#ikelocal-namezhao#domaindefaultenablesystem#dnsproxyenable#darp2psignature-filecfa0:/p2p_default.mtd#qoscarl1destination-ip-addresssubnet24qoscarl2destination-ip-addresssubnet24per-addressqosc

19、arl3source-ip-addresssubnet24qoscarl4source-ip-addresssubnet24per-address#port-securityenable#undoiphttpenable#password-recoveryenable#aclnumber3000descriptionnataclnumber3001descriptionipsecaclnumber3002descriptionL2TPaclnumber3003rule0permitipsource00destinationaclnumber3004descriptionliantongpbra

20、clnumber3005descriptiondianxinpbr#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisabledomainzhaoauthenticationppplocalaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#ikepeerzhaoexchange-modeaggressivepre-shared-keycipher$c$3$93JAnfhX6oBvlMyyoe+2

21、oIAdSSYOb70=id-typenameremote-namezhao#ipsectransform-setzhaoencapsulation-modetunneltransformespespauthentication-algorithmsha1espencryption-algorithmaes-cbc-128#ipsecpolicyzhao10isakmpsecurityacl3001ike-peerzhaotransform-setzhao#policy-based-route1permitnode20if-matchacl3004applyip-addressnext-hop

22、track1policy-based-route1permitnode30if-matchacl3005applyip-addressnext-hoptrack2#user-groupsystemgroup-attributeallow-guest#local-useradminpasswordcipher$c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aVauthorization-attributelevel3service-typetelnetlocal-userzhaopasswordcipher$c$3$FVTzT6SHUCbWzg1U/wMYBl0MSP4Na

23、HI=service-typeppplocal-userzhao1passwordcipher$c$3$2V81V6tVLUCopk4FJWqbdGc8fTzzy4A=service-typeppp#cwmpundocwmpenable#l2tp-group1allowl2tpvirtual-template1#interfaceAux0asyncmodeflowlink-protocolppp#interfaceCellular0/0asyncmodeprotocollink-protocolppp#interfaceEthernet0/0portlink-moderoutedescript

24、ionliantongnatoutbound3000address-group1ipsecpolicyzhaoqoscarinboundcarl1cir1000000cbs1000000ebs0greenpassreddiscardqoscaroutboundcarl3cir1000000cbs1000000ebs0greenpassreddiscard#interfaceEthernet0/1portlink-moderoutedescriptiondianxinnatoutbound3000qoscarinboundcarl1cir1000000cbs1000000ebs0greenpas

25、sreddiscardqoscaroutboundcarl3cir1000000cbs1000000ebs0greenpassreddiscard#interfaceEthernet0/2portlink-moderouteqoscarinboundcarl2cir80000cbs80000ebs0greenpassreddiscardqoscaroutboundcarl4cir80000cbs80000ebs0greenpassreddiscard#interfaceSerial1/0link-protocolpppauthentication-modechappppchapuserzhao

26、1pppchappasswordcipher$c$3$XcWoaIn8j3j+DbOiXJYxQnmjeyQa/PY=pppmpMp-group1#interfaceSerial2/0link-protocolpppauthentication-modechappppchapuserzhaopppchappasswordcipher$c$3$XcWoaIn8j3j+DbOiXJYxQnmjeyQa/PY=pppmpMp-group1#interfaceVirtual-Template1firewallpacket-filter3002inboundauthentication-modechapdomainzhaoremoteaddresspool1#interfaceMp-group1#interfaceVirtual-Ethernet1#interfaceNULL0#interfaceVlan-interface1#inter