華為模拟器模拟中小型企業辦公網和WLAN組網實驗

華為模拟器模拟中小型企業辦公網和WLAN組網實驗

實驗拓撲圖

實驗說明

公司内部部分及相應vlan劃分，行政部vlan10，市場部vlan20，生産部vlan30，每個辦公區都有無線網絡，無線AP屬于vlan100，無線網劃分vlan101

核心交換機SW1和SW5做VRRP虛拟備援鍊路備份，核心交換機和出口路由器做Eth-Trunk負載均衡

各裝置配置

交換機SW1

sys
sys SW1
vlan batch 10 20 30 40 100 to 101
ip pool p101
gateway-list 192.168.101.254 
network 192.168.101.0 mask 255.255.255.0 
dns-list 114.114.114.114 
q
int vlanif 10
ip address 192.168.10.251 255.255.255.0 
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 120
dhcp select interface
dhcp server excluded-ip-address 192.168.10.1 192.168.10.127 
dhcp server dns-list 114.114.114.114 
q
int vlanif 20
 ip address 192.168.20.251 255.255.255.0 
 vrrp vrid 2 virtual-ip 192.168.20.254
 vrrp vrid 2 priority 120
 dhcp select interface
 dhcp server excluded-ip-address 192.168.20.1 192.168.20.127 
 dhcp server dns-list 114.114.114.114 
int vlanif 30
 ip address 192.168.30.251 255.255.255.0 
 vrrp vrid 3 virtual-ip 192.168.30.254
 vrrp vrid 3 priority 120
 dhcp select interface
 dhcp server excluded-ip-address 192.168.30.1 192.168.30.127 
 dhcp server dns-list 114.114.114.114 
int vlanif 40
 ip address 192.168.40.251 255.255.255.0 
 vrrp vrid 4 virtual-ip 192.168.40.254
 vrrp vrid 4 priority 120
 dhcp select interface
 dhcp server static-bind ip-address 192.168.40.100 mac-address 5489-9877-0834 
q
int vlanif 101
ip address 192.168.101.254 255.255.255.0 
 dhcp select global
q
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
q
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk allow-pass vlan 10
q
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk allow-pass vlan 20
q
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk allow-pass vlan 30 40
q
           

交換機SW5

sys
sys SW5
vlan batch 10 20 30 40
dhcp enable
interface Vlanif10
 ip address 192.168.10.252 255.255.255.0 
 vrrp vrid 1 virtual-ip 192.168.10.254
 dhcp select interface
 dhcp server excluded-ip-address 192.168.10.128 192.168.10.250 
 dhcp server dns-list 114.114.114.114 
q
interface Vlanif20
 ip address 192.168.20.252 255.255.255.0 
 vrrp vrid 2 virtual-ip 192.168.20.254
 dhcp select interface
 dhcp server excluded-ip-address 192.168.20.128 192.168.20.250 
 dhcp server dns-list 114.114.114.114 
q
interface Vlanif30
 ip address 192.168.30.252 255.255.255.0 
 vrrp vrid 3 virtual-ip 192.168.30.254
 dhcp select interface
 dhcp server excluded-ip-address 192.168.30.128 192.168.30.250 
 dhcp server dns-list 114.114.114.114 
q
interface Vlanif40
 ip address 192.168.40.252 255.255.255.0 
 vrrp vrid 4 virtual-ip 192.168.40.254
 dhcp select interface
 dhcp server static-bind ip-address 192.168.40.100 mac-address 5489-9877-0834 
q
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
q
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
q
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 30 40
q
           

無線控制器AC

sys
sys AC
vlan batch 100 to 101
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
q
wlan
 traffic-profile name default
 security-profile name Test
  security wpa-wpa2 psk pass-phrase %^%#>o"90r[*uP6kR}Gi9e}Od$o@AW5uTLz9b}MeJ;$2%^%# aes
 security-profile name default
 security-profile name default-wds
 security-profile name default-mesh
 ssid-profile name Test
  ssid Test
 ssid-profile name default
 vap-profile name Test
  service-vlan vlan-id 101
  ssid-profile Test
  security-profile Test
 vap-profile name default
 wds-profile name default
 mesh-handover-profile name default
 mesh-profile name default
 regulatory-domain-profile name default
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-profile name default
 wireless-access-specification
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 serial-profile name preset-enjoyor-toeap 
 ap-group name group1
  radio 0
   vap-profile Test wlan 1
  radio 1
   vap-profile Test wlan 1
  radio 2
   vap-profile Test wlan 1
 ap-group name default
 ap-id 0 type-id 60 ap-mac 00e0-fc14-2a80 ap-sn 21023544831077393C60
  ap-name ap0
  ap-group group1
 ap-id 1 type-id 60 ap-mac 00e0-fc9d-77a0 ap-sn 210235448310913B800F
  ap-name ap1
  ap-group group1
 ap-id 2 type-id 60 ap-mac 00e0-fc88-70f0 ap-sn 2102354483102C673E2D
  ap-name ap2
  ap-group group1
q           

出口路由器R1

sys
sys R1
interface Eth-Trunk1
 undo portswitch
 mode lacp-static
q
interface Eth-Trunk1.100
 dot1q termination vid 111
 ip address 192.168.1.1 255.255.255.0 
 arp broadcast enable
q
interface Eth-Trunk2
 undo portswitch
 mode lacp-static
q
interface Eth-Trunk2.100
 dot1q termination vid 112
 ip address 192.168.2.1 255.255.255.0 
 arp broadcast enable
 q
interface GigabitEthernet0/0/0
 eth-trunk 1
q
interface GigabitEthernet0/0/1
 eth-trunk 1
q
interface GigabitEthernet0/0/2
 eth-trunk 1
q
interface GigabitEthernet4/0/3
 ip address 1.1.1.1 255.255.255.0 
 nat outbound 2000
q
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 192.168.1.0 0.0.0.255 
  network 192.168.2.0 0.0.0.255 
ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
ip route-static 192.168.0.0 255.255.0.0 192.168.1.2 preference 50
ip route-static 192.168.0.0 255.255.0.0 192.168.2.2           

實驗結果驗證：

①各部門網絡互訪

行政部PC通路生産部PC

行政部PC通路外網R2

②無線網能通路外網

sta終端通過無線通路外網

③VRRP備援鍊路測試

vrrp測試