manualshive.com logo in svg

Huawei S Series, Быстрая настройка, Страница: 23 / 74

Поделиться
Скачать
Huawei S Series Скачать руководство пользователя страница 23

On ACC1, enable IPSG in VLAN 10.

4

[ACC1] 

vlan 10

[ACC1-vlan10] 

ip source check user-bind enable 

//Enable IPSG.

[ACC1-vlan10] 

quit

20

To prevent users from changing IP addresses and attacking the intranet, enable 
IPSG after enabling DHCP snooping on the access switch. ACC1 is used in the 
example below.

For details about how to configure the switch to prevent users from connecting a small 
router (bogus DHCP server) to the intranet and changing IP addresses, see 
"Configuring Basic Functions of DHCP Snooping", "Configuring IPSG", and 
configuration examples in the corresponding 

Configuration Guide 

– Security

based on 

the version of the device.

If static IP address allocation is configured, bind IP addresses and MAC 
addresses to prevent users from changing IP addresses and attacking the 
network. For this configuration procedure, see "Example for Configuring 
IPSG to Prevent Hosts with Static IP Addresses from Changing Their Own 
IP Addresses" in the 

Typical Configuration Examples.

ACC1 matches packets received from VLAN 10 with dynamic binding entries in the
DHCP snooping binding table. If a packet matches an entry, ACC1 forwards the
packet; otherwise, ACC1 discards the packet. To check packets received from a
specified user device instead of all user devices in the VLAN, enable IPSG on the
interface connecting to the device.

Содержание S Series

Страница 1: ...Quick Configuration HUAWEI S Series Campus Switches Issue 06 2018 08 10 ...

Страница 2: ...cts services and features described in this document may not be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every eff...

Страница 3: ...ANs 55 3 1 Data Plan 24 3 2 Quickly Configuring Small and Mid Sized Campus Networks 26 2 Small Sized Campus Networks 2 2 1 Data Plan 3 2 2 Quickly Configuring Small Sized Campus Networks 5 4 1 Data Plan 56 57 4 2 Configuration Roadmap 4 3 Quickly Configuring Mid sized Campus WLANs 58 5 FAQs 69 ...

Страница 4: ...act details around your workplace Telephone number of the agent responsible for your network construction and service Visit the Huawei Enterprise Service Technical Support website http support huawei com enterprise to register an account With an account you can browse or download more product documents cases and bulletins You can also enjoy our subscription and message push services 2 Before confi...

Страница 5: ...3 communication between different departments The core switch functions as a DHCP server to allocate IP addresses to user devices on the campus network Configuring DHCP snooping on the access switches prevents intranet users from connecting a small router to the intranet to allocate IP addresses Configuring IPSG on the access switches prevents intranet users from changing IP addresses This section...

Страница 6: ...r another switch Management VLAN VLAN 5 3 A modular switch s management interface is Ethernet0 0 0 A fixed switch s management interface is MEth0 0 1 For switches without management interfaces you are advised to use VLANIF interfaces for inband management Configure DHCP DHCP server CORE Configure the DHCP server function on CORE Address pool VLAN 10 IP address pool 10 VLAN 20 IP address pool 20 Te...

Страница 7: ...t connects to the egress router Configure a default route to this IP address on the egress router to forward intranet traffic to the Internet Configure DHCP snooping and IPSG Trusted interface Eth Trunk1 None Public interface IP address GE0 0 1 1 1 1 2 30 GE0 0 1 is the public interface that connects the egress router to the Internet 4 Intranet interface IP address GE1 0 0 10 10 100 2 24 GE1 0 0 c...

Страница 8: ... users can access the Internet 5 Step 9 Save the configuration Step 1 Log in to the switch Step 2 Configure the management IP address and Telnet Step 4 Configure DHCP Step 5 Configure routing of CORE Step 3 Configure interfaces and VLANs Step 8 Verify services Step 6 Configure the egress router Step 7 Configure DHCP snooping and IPSG Quickly Configuring Small Sized Campus Networks ...

Страница 9: ...runs a Windows operating system you can view port information in Device Manager and select a port Table 1 lists the communication parameters on the switch 2 Table 1 Default settings of the console port on the switch Parameter Default Value Transmission rate Data bit 9600 bit s None None 1 8 Flow control Parity bit Stop bit 6 If the switch has a Mini USB port you can connect your PC to the switch u...

Страница 10: ...he Management IP Address and Telnet After configuring the management IP address of a switch you can log in to the switch using this address CORE is used in the example below to show the procedure of configuring the management IP address and Telnet Configure the management IP address 1 HUAWEI system view HUAWEI vlan 5 Create management VLAN 5 HUAWEI VLAN5 management vlan HUAWEI VLAN5 quit HUAWEI in...

Страница 11: ...case insensitive whereas the password is case sensitive HUAWEI aaa local user admin privilege level 15 Set the administrator account level to 15 highest HUAWEI aaa local user admin service type telnet Use of STelnet V2 to log in to the switch is recommended because the Telnet protocol has security risks For this configuration procedure see the corresponding Configuration Guide Basic Configuration ...

Страница 12: ...Eth Trunk1 port link type trunk Set Eth Trunk 1 type to Trunk for VLAN transparent transmission ACC1 Eth Trunk1 port trunk allow pass vlan 10 Configure Eth Trunk 1 to transparently transmit the service VLAN on ACC1 ACC1 Eth Trunk1 mode lacp Configure the LACP mode on Eth Trunk 1 ACC1 Eth Trunk1 quit ACC1 interface GigabitEthernet 0 0 1 Add member interfaces to Eth Trunk 1 ACC1 GigabitEthernet0 0 1...

Страница 13: ...ernet0 0 3 port default vlan 10 ACC1 Ethernet0 0 3 stp edged port enable ACC1 Ethernet0 0 3 quit ACC1 interface Ethernet 0 0 4 Configure the interface connecting to printers ACC1 Ethernet0 0 4 port link type access ACC1 Ethernet0 0 4 port default vlan 10 ACC1 Ethernet0 0 4 stp edged port enable ACC1 Ethernet0 0 4 quit 10 To add all users connected to ACC1 to VLAN 10 you can add Eth Trunk1 on CORE ...

Страница 14: ...bitEthernet0 0 1 Eth Trunk 1 CORE GigabitEthernet0 0 1 quit CORE interface GigabitEthernet 0 0 2 CORE GigabitEthernet0 0 2 Eth Trunk 1 CORE GigabitEthernet0 0 2 quit CORE interface Vlanif 10 Configure a VLANIF interface to allow department A to communicate with department B through Layer 3 CORE Vlanif10 ip address 10 10 10 1 24 CORE Vlanif10 quit CORE interface Vlanif 20 Configure a VLANIF interfa...

Страница 15: ...elected 100M 32768 2 289 10111100 1 GigabitEthernet0 0 2 Selected 100M 32768 3 289 10100010 1 Partner ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet0 0 1 32768 0012 3321 2212 32768 2 289 10111100 GigabitEthernet0 0 2 32768 0012 3321 2212 32768 3 289 10111100 ACC1 display vlan The total number of VLANs is 1 U Up D Down TG Tagged UT Untagged MP Vlan mapping ST Vlan st...

Страница 16: ...tner ActorPortName SysPri SystemID PortPri PortNo PortKey PortState GigabitEthernet0 0 1 32768 0012 3321 2211 32768 2 289 10111100 GigabitEthernet0 0 2 32768 0012 3321 2211 32768 3 289 10111100 CORE display vlan The total number of VLANs is 3 U Up D Down TG Tagged UT Untagged MP Vlan mapping ST Vlan stacking ProtocolTransparent vlan Management vlan VID Type Ports 10 common TG Eth Trunk1 U 20 commo...

Страница 17: ...54 mac address a b c Allocate fixed IP address to the printer CORE ip pool 10 quit Configure the global address pool to allocate IP addresses to user devices in department A 2 CORE interface vlanif 10 CORE Vlanif10 dhcp select global Configure the global address pool to allocate IP addresses to users in department A CORE Vlanif10 quit 14 Configure the DHCP server on CORE to allocate IP addresses t...

Страница 18: ...ame 10 Pool name 10 Pool No 0 Lease 1 Days 0 Hours 0 Minutes Domain name DNS server0 NBNS server0 Netbios type Position Local Status Unlocked Gateway 0 10 10 10 1 Network 10 10 10 0 Mask 255 255 255 0 VPN instance Start End Total Used Idle Expired Conflict Disable 10 10 10 1 10 10 10 254 253 4 249 0 0 0 View address pool configuration View address pool usage information ...

Страница 19: ... topology every time a PC connects to the switch To solve this problem disable STP or configure the switch interface that connects to user devices as an edge port ACC1 is used in the example below Disable STP ACC1 interface GigabitEthernet 0 0 1 ACC1 GigabitEthernet 0 0 1 stp disable Alternatively run the undo stp enable command Configure the switch interface that connects to user devices as an ed...

Страница 20: ...o Pre Cost Flags NextHop Interface 0 0 0 0 0 Static 60 0 RD 10 10 100 2 Vlanif100 10 10 10 0 24 Direct 0 0 D 10 10 10 1 Vlanif10 10 10 10 1 32 Direct 0 0 D 127 0 0 1 Vlanif10 10 10 20 0 24 Direct 0 0 D 10 10 20 1 Vlanif20 10 10 20 1 32 Direct 0 0 D 127 0 0 1 Vlanif20 10 10 100 0 24 Direct 0 0 D 10 10 100 1 Vlanif100 10 10 100 1 32 Direct 0 0 D 127 0 0 1 Vlanif100 17 A default static route whose ne...

Страница 21: ...ents to access the Internet 2 Router acl 2000 Router acl basic 2000 rule permit source 10 10 10 0 0 0 0 255 Router acl basic 2000 rule permit source 10 10 20 0 0 0 0 255 Router acl basic 2000 rule permit source 10 10 100 0 0 0 0 255 Configure NAT on the interface connecting to the Internet so that intranet users can access the Internet 3 Router interface GigabitEthernet 0 0 1 Router GigabitEtherne...

Страница 22: ...d by the small router and cannot access the Internet To prevent this problem configure DHCP snooping Department A is used in the example below Enable DHCP snooping on interfaces that connect to user devices 3 ACC1 interface ethernet 0 0 2 Configure the interface connecting to PC1 ACC1 Ethernet0 0 2 dhcp snooping enable ACC1 Ethernet0 0 2 quit ACC1 interface ethernet 0 0 3 Configure the interface c...

Страница 23: ...ponding Configuration Guide Security based on the version of the device If static IP address allocation is configured bind IP addresses and MAC addresses to prevent users from changing IP addresses and attacking the network For this configuration procedure see Example for Configuring IPSG to Prevent Hosts with Static IP Addresses from Changing Their Own IP Addresses in the Typical Configuration Ex...

Страница 24: ...ta bytes press CTRL_C to break Reply from 10 10 10 100 bytes 56 Sequence 1 ttl 253 time 62 ms Reply from 10 10 10 100 bytes 56 Sequence 2 ttl 253 time 16 ms Reply from 10 10 10 100 bytes 56 Sequence 3 ttl 253 time 62 ms Reply from 10 10 10 100 bytes 56 Sequence 4 ttl 253 time 94 ms Reply from 10 10 10 100 bytes 56 Sequence 5 ttl 253 time 63 ms 10 10 10 100 ping statistics 5 packet s transmitted 5 ...

Страница 25: ... switch restarts Save the data to the configuration file The example below shows the procedure of saving CORE s configuration file CORE save The current configuration will be written to the device Are you sure to continue Y N y Now saving the current configuration to the slot 0 Save the configuration successfully Saving the Configuration 22 1 ...

Страница 26: ...s on the core switches implements Layer 3 communication between different departments The core switches function as DHCP servers to allocate IP addresses to user devices on the campus network Configuring DHCP snooping on the access switches prevents intranet users from connecting a small router to the intranet to allocate IP addresses Configuring IPSG on the access switches prevents intranet users...

Страница 27: ... 5 A modular switch s management interface is Ethernet0 0 0 A fixed switch s management interface is MEth0 0 1 For switches without management interfaces you are advised to use VLANIF interfaces for inband management Configure DHCP DHCP server CORE1 CORE2 Configure the DHCP server on CORE1 and CORE2 Address pool VLAN 10 IP address pool 10 VLAN 20 IP address pool 20 Terminals in department A obtain...

Страница 28: ...HCP packets from the trusted interfaces preventing users from connecting a small router to the intranet to allocate IP addresses Public interface IP address GE0 0 0 1 1 1 2 30 GE0 0 0 is the public interface that connects the egress router to the Internet Configure intranet servers FTP server Web server FTP server 192 168 50 10 Web server 192 168 50 20 1 The egress router uses NAT to translate bet...

Страница 29: ...and intranet users can access the Internet Step 8 Configure rate limiting Step 10 Verify services and save configuration Step 1 Log in to the switch Step 2 Configure the management IP address and Telnet Step 3 Configure network connectivity Step 6 Configure reliability and load balancing Step 5 Configure OSPF Step 4 Configure DHCP Step 7 Configure link aggregation Step 9 Configure NAT server and m...

Страница 30: ...runs a Windows operating system you can view port information in Device Manager and select a port Table 1 lists the communication parameters on the switch 2 Table 1 Default settings of the console port on the switch Parameter Default Value Transmission rate Data bit 9600 bit s None None 1 8 Flow control Parity bit Stop bit If the switch has a Mini USB port you can connect your PC to the switch usi...

Страница 31: ...ing the management IP address of a switch you can log in to the switch using this address CORE1 is used in the example below to show the procedure of configuring the management IP address and Telnet Configure the management IP address 1 HUAWEI system view HUAWEI vlan 5 Create management VLAN 5 HUAWEI VLAN5 quit HUAWEI VLAN5 management vlan HUAWEI interface vlanif 5 Create the VLANIF interface of t...

Страница 32: ...sitive whereas the password is case sensitive HUAWEI aaa local user admin privilege level 15 Set the administrator account level to 15 highest HUAWEI aaa local user admin service type telnet HUAWEI aaa quit Use of STelnet V2 to log in to the switch is recommended because the Telnet protocol has security risks For this configuration procedure see the corresponding Configuration Guide Basic Configur...

Страница 33: ...lan 10 20 Configure GE0 0 4 to transparently transmit the service VLANs on ACC1 ACC1 GigabitEthernet0 0 4 quit Configure the interfaces on ACC1 that connect user devices so that user devices in different departments can be added to VLANs 3 ACC1 interface GigabitEthernet 0 0 1 Configure the interface connecting to department A ACC1 GigabitEthernet0 0 1 port link type access ACC1 GigabitEthernet0 0 ...

Страница 34: ...lanif10 ip address 192 168 10 1 24 CORE1 Vlanif10 quit CORE1 interface Vlanif 20 Configure VLANIF 20 to allow department B to communicate with department A through Layer 3 CORE1 Vlanif20 ip address 192 168 20 1 24 CORE1 Vlanif20 quit Configure interfaces connecting to the egress router and VLANIF interfaces 3 CORE1 interface GigabitEthernet 0 0 7 CORE1 GigabitEthernet0 0 7 port link type access Se...

Страница 35: ... 20 The upstream interfaces transparently transmit all service VLANs Run the display vlan command to view VLAN configurations on CORE1 CORE display vlan The total number of VLANs is 7 U Up D Down TG Tagged UT Untagged MP Vlan mapping ST Vlan stacking ProtocolTransparent vlan Management vlan VID Type Ports 10 common TG GE0 0 1 U 20 common TG GE0 0 1 U 30 common TG GE0 0 2 U 40 common TG GE0 0 3 U 5...

Страница 36: ...ORE1 and CORE2 respectively CORE1 ip route static 0 0 0 0 0 0 0 0 172 16 1 2 Configure a default static route to the egress router on CORE1 CORE1 ip route static 0 0 0 0 0 0 0 0 172 16 3 2 preference 70 Configure a backup static route to CORE2 on CORE1 CORE2 ip route static 0 0 0 0 0 0 0 0 172 16 2 2 CORE2 ip route static 0 0 0 0 0 0 0 0 172 16 3 1 preference 70 On the egress router configure a de...

Страница 37: ...id 2 preempt mode timer delay 20 CORE1 Vlanif20 quit CORE2 uses the default priority and functions as the backup in VLANs 10 and 20 CORE2 interface Vlanif 10 CORE2 Vlanif10 vrrp vrid 1 virtual ip 192 168 10 3 CORE2 Vlanif10 quit CORE2 interface Vlanif 20 CORE2 Vlanif20 vrrp vrid 2 virtual ip 192 168 20 3 CORE2 Vlanif20 quit 2 A physical loop exists between CORE1 CORE2 and ACC1 the actual links do ...

Страница 38: ... rule permit source 172 16 1 0 0 0 0 255 Router acl basic 2000 rule permit source 172 16 2 0 0 0 0 255 Configure NAT on the interface connecting to the Internet so that intranet users can access the Internet Router interface GigabitEthernet 0 0 0 Router GigabitEthernet0 0 0 nat outbound 2000 Router GigabitEthernet0 0 0 quit Configure DNS resolution The carrier provides the DNS server address Route...

Страница 39: ... manage them In addition if a user changes the configured IP address an IP address conflict occurs and the related users cannot access the Internet Therefore the administrator decides to configure fixed IP addresses for several user devices and configure the other user devices to automatically obtain IP addresses from the DHCP server In this section a global address pool is configured You can also...

Страница 40: ...dress 192 168 10 1 192 168 10 2 CORE2 ip pool 10 excluded ip address 192 168 10 4 192 168 10 127 CORE2 ip pool 10 lease day 0 hour 20 minute 0 CORE2 ip pool 10 dns list 8 8 8 8 CORE2 ip pool 10 quit Configure users in department A to obtain IP addresses from the global address pool 3 CORE1 interface vlanif 10 CORE1 Vlanif10 dhcp select global Configure users in department A to obtain IP addresses ...

Страница 41: ...ser devices as an edge port ACC1 is used in the example below Disable STP ACC1 interface GigabitEthernet 0 0 1 ACC1 GigabitEthernet0 0 1 stp disable Alternatively run the undo stp enable command ACC1 GigabitEthernet0 0 1 quit Configure the switch interface that connects to user devices as an edge port ACC1 interface GigabitEthernet 0 0 1 ACC1 GigabitEthernet0 0 1 stp edged port enable ACC1 Gigabit...

Страница 42: ...llocated by the small router and cannot access the Internet To prevent this problem configure DHCP snooping Department A is used in the example below Enable DHCP snooping on interfaces connecting to DHCP servers and configure the interfaces as trusted interfaces 3 ACC1 interface GigabitEthernet 0 0 3 Configure the interface connecting to CORE1 ACC1 GigabitEthernet0 0 3 dhcp snooping enable Enable ...

Страница 43: ...ponding Configuration Guide Security based on the version of the device If static IP address allocation is configured bind IP addresses and MAC addresses to prevent users from changing IP addresses and attacking the network For this configuration procedure see Example for Configuring IPSG to Prevent Hosts with Static IP Addresses from Changing Their Own IP Addresses in the Typical Configuration Ex...

Страница 44: ...e link OSPF configuration is used in the example below Router undo ip route static 192 168 10 0 24 Router undo ip route static 192 168 20 0 24 Configure OSPF on CORE2 Configure OSPF on CORE1 CORE1 ospf 100 router id 2 2 2 2 CORE1 ospf 100 area 0 CORE1 ospf 100 area 0 0 0 0 network 172 16 1 0 0 0 0 255 CORE1 ospf 100 area 0 0 0 0 network 172 16 3 0 0 0 0 255 CORE1 ospf 100 area 0 0 0 0 network 192 ...

Страница 45: ...ospf 10 default route advertise always Router ospf 10 area 0 Router ospf 10 area 0 0 0 0 network 172 16 1 0 0 0 0 255 Router ospf 10 area 0 0 0 0 network 172 16 2 0 0 0 0 255 Router ospf 10 area 0 0 0 0 quit Router ospf 10 quit Router ip route static 0 0 0 0 0 0 0 0 1 1 1 1 For details on OSPF configuration and commands see OSPF Configuration and configuration examples in the corresponding Configu...

Страница 46: ...erface of the master in the VRRP group the master lowers its priority to implement an active standby switchover when it detects that the upstream interface goes Down Configure association between VRRP and the status of the upstream interface on CORE1 to monitor the uplink CORE1 interface Vlanif 10 CORE1 Vlanif10 vrrp vrid 1 track interface GigabitEthernet0 0 7 reduced 100 Configure association bet...

Страница 47: ...s the master in some VLANs while CORE2 function as the master in the other VLANs The two links then load balance traffic from all VLANs effectively using network resources Configure CORE1 to still function as the master in VLAN 10 and change the priority of CORE2 so that CORE2 functions as the master in VLAN 20 b Configure load balancing Configure CORE2 as the master in VLAN 20 and set the preempt...

Страница 48: ... the default configuration on an interface The interface will be shut down after the default configuration is restored Run the undo shutdown command to enable the interface 2 CORE1 GigabitEthernet0 0 5 clear configuration this Warning All configurations of the interface will be cleared and its state will be shutdown Continue Y N y Info Total 2 command s executed 2 successful 0 failed CORE1 Gigabit...

Страница 49: ... lacp priority 100 CORE1 GigabitEthernet0 0 6 quit On CORE1 set the maximum number of active interfaces to 2 On CORE1 set interface priorities to determine active links Configure GE0 0 5 and GE0 0 6 as active interfaces The configuration of CORE2 is similar to that of CORE1 The difference is that CORE2 uses the default system priority For details on link aggregation configuration and commands see ...

Страница 50: ...destination ip address range 192 168 10 1 to 192 168 10 254 per address cir 512 Router GigabitEthernet0 0 1 qos car inbound source ip address range 192 168 20 1 to 192 168 20 254 per address cir 512 Router GigabitEthernet0 0 1 qos car outbound destination ip address range 192 168 20 1 to 192 168 20 254 per address cir 512 Router GigabitEthernet0 0 1 quit Configuring IP address based rate limiting ...

Страница 51: ...e on GE0 0 2 is similar to that on GE0 0 1 For details on rate limiting configuration and commands see Traffic Policing and Traffic Shaping Configurations and configuration examples in the corresponding Configuration Guide QoS based on the version of the device b Configure rate limiting based on all traffic on a network segment Configure rate limiting on LAN side interfaces of the egress router to...

Страница 52: ...llow intranet users to access intranet servers using public IP addresses Router acl 3333 Router acl adv 3333 rule permit ip source 192 168 10 0 0 0 0 255 destination 202 101 111 2 0 0 0 0 Router acl adv 3333 rule permit ip source 192 168 20 0 0 0 0 255 destination 202 101 111 2 0 0 0 0 Router acl adv 3333 quit Configure a mapping table of internal servers on egress router interfaces connecting to ...

Страница 53: ... from different network segments on the intranet to the Internet through specified links Configure policy based routing PBR to allow users on different network segments to access the Internet through different carriers Configure an ACL for NAT Router dialer rule Router dialer rule dialer rule 1 ip permit Router dialer rule quit Configure a dialer ACL 2 50 b Configure multiple egress interfaces to ...

Страница 54: ...nterface Dialer 0 Router Dialer0 nat outbound 2015 Router Dialer0 quit Configure NAT Router interface Dialer 0 Router Dialer0 tcp adjust mss 1200 Router Dialer0 quit Set the maximum segment size MSS of TCP packets to 1200 bytes If the default value 1460 bytes is used the Internet access rate may be slow 5 4 Router interface GigabitEthernet 1 0 0 Router GigabitEthernet 1 0 0 pppoe client dial bundl...

Страница 55: ...b2 Router trafficpolicy test quit Configure a traffic policy and bind traffic classifiers to traffic behavior in the traffic policy 11 12 Configure traffic behavior to not redirect traffic exchanged between internal users to redirect traffic from the internal network segment 192 168 10 0 to the next hop address 1 1 1 1 and to redirect traffic from the internal network segment 192 168 20 0 to the o...

Страница 56: ...bytes press CTRL_C to break Reply from 192 168 20 254 bytes 56 Sequence 1 ttl 253 time 62 ms Reply from 192 168 20 254 bytes 56 Sequence 2 ttl 253 time 16 ms Reply from 192 168 20 254 bytes 56 Sequence 3 ttl 253 time 62 ms Reply from 192 168 20 254 bytes 56 Sequence 4 ttl 253 time 94 ms Reply from 192 168 20 254 bytes 56 Sequence 5 ttl 253 time 63 ms 192 168 20 254 ping statistics 5 packet s trans...

Страница 57: ...ll be lost after the switch restarts The example below shows the procedure of saving CORE1 s configuration file CORE1 save The current configuration will be written to the device Are you sure to continue Y N y Now saving the current configuration to the slot 0 Save the configuration successfully b Save the configuration 54 ...

Страница 58: ... manage STAs The AC functions as a DHCP server to assign IP addresses to APs An AR series router can be deployed as the egress of the campus network The router functions as a DHCP server to assign IP addresses to STAs VLANs in a VLAN pool can be configured as service VLANs IP addresses are assigned to STAs from the interface address pools corresponding to the VLANs in the VLAN pool This section us...

Страница 59: ...address pool for STAs Name sta pool VLANs in the VLAN pool VLAN 101 and VLAN 102 VLAN pool Source interface IP address of the AC VLANIF 100 10 23 100 1 24 Name ap group1 Referenced profiles VAP profile wlan vap and regulatory domain profile domain1 AP group Name domain1 Country code CN Regulatory domain profile Name wlan ssid SSID name wlan net SSID profile Name wlan security Security policy WPA2 ...

Страница 60: ... help users configure and maintain functions of WLANs These profiles are called WLAN profiles The following figure shows the referencing relationships between WLAN profiles By getting to know the referencing relationships you can easily grasp the configuration roadmap of WLAN profiles and complete configurations ...

Страница 61: ...guration Step 1 Set the NAC mode to unified on the AC Step 2 Configure the AC so that the AC and APs can transmit CAPWAP packets Step 4 Configure the AC to assign IP addresses to APs and Router to assign IP addresses to STAs Step 5 Configure a VLAN pool for service VLANs Step 3 Configure the AC to communicate with the upstream network device Step 7 Configure WLAN service parameters Step 8 Configur...

Страница 62: ...e AC automatically saves the configuration file and restarts 59 The S5720HI supports both the NAC unified mode and common mode Compared with the NAC common mode the NAC unified mode can be configured based on templates making the configuration clearer and configuration model easier to understand Based on the preceding advantages you are advised to set the NAC mode to unified 1 If the current NAC m...

Страница 63: ...A GigabitEthernet0 0 3 port link type trunk Switch_A GigabitEthernet0 0 3 port trunk pvid vlan 100 Switch_A GigabitEthernet0 0 3 port trunk allow pass vlan 100 Switch_A GigabitEthernet0 0 3 port isolate enable Switch_A GigabitEthernet0 0 3 quit 60 1 Add GE0 0 1 connecting the AC to Switch_A to VLAN 100 HUAWEI system view HUAWEI sysname AC AC vlan batch 100 AC interface gigabitethernet 0 0 1 AC Gig...

Страница 64: ...rface vlanif 200 AC Vlanif200 ip address 10 23 200 2 24 AC Vlanif200 quit 61 1 Configure the default route on the AC AC ip route static 0 0 0 0 0 0 0 0 10 23 200 1 2 Add GE0 0 2 connecting the AC to Router to VLAN 200 AC interface gigabitethernet 0 0 2 AC GigabitEthernet0 0 2 port link type trunk AC GigabitEthernet0 0 2 port trunk allow pass vlan 200 AC GigabitEthernet0 0 2 quit 3 Configure uplink...

Страница 65: ...P address pool the AC as a DHCP relay agent and Router connected to the AC to assign IP addresses to STAs Huawei system view Huawei sysname Router Router dhcp enable Router ip pool sta ip pool1 Router ip pool sta ip pool1 gateway list 10 23 101 1 Router ip pool sta ip pool1 network 10 23 101 0 mask 24 Router ip pool sta ip pool1 quit Router ip pool sta ip pool2 Router ip pool sta ip pool2 gateway ...

Страница 66: ...N in a location such as the entrance of an office or a stadium and roam to a wireless network covered by other APs If each SSID has only one service VLAN to deliver wireless access to STAs IP address resources may become insufficient in areas with a large number of STAs and IP addresses in other areas are wasted You can configure VLANs in a VLAN pool as service VLAN of STAs so that one SSID can us...

Страница 67: ...nue Y N y AC wlan ap group ap group1 quit AC wlan view quit 2 Configure the AC s source interface AC capwap source interface vlanif 100 3 Import APs offline on the AC and add the APs to the AP group ap group1 Assume that APs MAC addresses are 60de 4476 e360 and 60de 4474 9640 Configure names for the APs based on the APs deployment locations so that you can know where the APs are deployed from thei...

Страница 68: ...tinue Y N y AC wlan ap 1 ap group ap group1 Warning This operation may cause AP reset If the country code changes it will clear channel power and antenna gain configuration s of the radio Whether to continue Y N y AC wlan ap 1 quit 65 After the APs are powered on run the display ap all command to check the AP states If the value of the State field displays nor the APs have gone online successfully...

Страница 69: ...id AC wlan ssid prof wlan ssid ssid wlan net AC wlan ssid prof wlan ssid quit 2 Create VAP profile wlan vap set the data forwarding mode and service VLAN and apply the security profile and SSID profile to this VAP profile AC wlan view vap profile name wlan vap AC wlan vap prof wlan vap forward mode tunnel AC wlan vap prof wlan vap service vlan vlan pool sta pool AC wlan vap prof wlan vap security ...

Страница 70: ...fault The manual channel and power configurations take effect only when these functions are disabled The channel and power configuration for the AP s radio 0 in this example is for reference only In actual scenarios configure channels and power for AP radios based on country codes of the APs and network planning results Disable the automatic channel and power calibration functions of the AP s radi...

Страница 71: ...connected to the WLAN wlan net 2 The data configured using the preceding commands are temporary If you do not save the configuration the configuration will be lost after the AC restarts To enable the current configuration to take effect after the AC restarts save the current configurations into a configuration file Take the configuration on the AC as an example Saving the Configuration 1 AC wlan v...

Страница 72: ...I reboot Info The system is now comparing the configuration please wait Warning The configuration has been modified and it will be saved to the next startup saved configuration file flash vrpcfg zip Continue Y N n Info If want to reboot with saving diagnostic information input N and then execute reboot save diagnostic information System will reboot Continue Y N y 2 How Can I Clear Interface Config...

Страница 73: ...ess start ip address end ip address Run this command in the global address pool view excluded ip address start ip address end ip address If some IP addresses in an address pool need to be reserved for certain services such as DNS these IP addresses must be excluded from the pool of allocable IP addresses If these IP addresses are allocated by the DHCP server IP address conflict may occur 3 How Can...

Страница 74: ...ddress pool view static bind ip address ip address mac address mac address option template template name 6 How Can I Configure the Lease Configuration method Run this command in the interface or interface address pool view dhcp server lease day day hour hour minute minute unlimited Run this command in the global address pool view lease day day hour hour minute minute unlimited By default a lease e...

Отзывы:

Нет отзывов