午夜私人影院,高清一区二区三区,曰韩无码二三区中文字幕 ,91精品国产91久久久久水蜜桃

某公司網(wǎng)絡(luò)結(jié)構(gòu)為標(biāo)準(zhǔn)三層架構(gòu)，內(nèi)網(wǎng)有服務(wù)器群、有線辦公以及無(wú)線覆蓋，由于日常來(lái)訪賓客較多，為了保障內(nèi)網(wǎng)服務(wù)器的安全，想要實(shí)現(xiàn)無(wú)線分為不同的SSID，實(shí)現(xiàn)來(lái)訪的賓客禁止訪問(wèn)公司內(nèi)部服務(wù)器、辦公等網(wǎng)絡(luò)資源。該公司網(wǎng)絡(luò)由：AR2500G(路由器、AC控制)+VS5728G-V2（三層交換機(jī)）+VS1824G（連接服務(wù)器）+VS1224G（有線辦公）+VS1018GP(POE交換機(jī))+WS75（雙頻吸頂AP）組成，具體網(wǎng)絡(luò)拓?fù)湟约癐P地址規(guī)劃如下：

圖1  AR2+三層交換方案拓?fù)?/span>

1. 三層交換機(jī)配置（以VS5728G-V2為例）

首先介紹三層交換機(jī)的配置，是為了能夠更好地理解整個(gè)拓?fù)涞慕Y(jié)構(gòu)。這包含了網(wǎng)段的劃分，端口的規(guī)劃等。

1.1 端口規(guī)劃

端口0/1：用于對(duì)接網(wǎng)關(guān)（AC控制器），ACESS VLAN10

端口0/2：用于對(duì)接服務(wù)器，ACESS VLAN20

端口0/3：用于對(duì)接有線辦公網(wǎng)，ACESS VLAN30

端口0/4：用于對(duì)接POE交換機(jī)TRUNK ALLOW VLAN1、100、200，（100為無(wú)線辦公網(wǎng)絡(luò)VLAN，200為無(wú)線來(lái)賓網(wǎng)絡(luò)VLAN）

1.2 配置內(nèi)容

1.2.1 創(chuàng)建VLAN

FYX>

FYX>enable

FYX#configure terminal

FYX(config)#vlan 10

FYX(config-if-vlan)#vlan 20

FYX(config-if-vlan)#vlan 30

FYX(config-if-vlan)#vlan 100

FYX(config-if-vlan)#vlan 200

1.2.2 VLAN接口

FYX(config)#

FYX(config)#interface vlan-interface 1

FYX(config-if-vlanInterface-1)#ip address 10.0.0.1 255.255.255.0

Config ipaddress successfully!

 

FYX(config)#interface vlan-interface 30

Create vlan-interface successfully!

 

FYX(config-if-vlanInterface-30)#ip address 192.168.2.1 255.255.255.0

This ipaddress will be the primary ipaddress of this interface.

Config ipaddress successfully!

 

FYX(config-if-vlanInterface-30)#interface vlan-interface 100

Create vlan-interface successfully!

 

FYX(config-if-vlanInterface-100)#ip address192.168.100.1 255.255.255.0

This ipaddress will be the primary ipaddress of this interface.

Config ipaddress successfully!

 

FYX(config-if-vlanInterface-100)#interface vlan-interface 200

Create vlan-interface successfully!

 

FYX(config-if-vlanInterface-200)#ip address 192.168.200.1 255.255.255.0

This ipaddress will be the primary ipaddress of this interface.

Config ipaddress successfully!

 

FYX(config-if-vlanInterface-200)#interface vlan-interface 10

Create vlan-interface successfully!

 

FYX(config-if-vlanInterface-10)#ip address 172.16.0.254 255.255.255.0

This ipaddress will be the primary ipaddress of this interface.

Config ipaddress successfully!

 

FYX(config-if-vlanInterface-10)#interface vlan-interface 20

Create vlan-interface successfully!

 

FYX(config-if-vlanInterface-20)#ip address 192.168.1.1 255.255.255.0

This ipaddress will be the primary ipaddress of this interface.

Config ipaddress successfully!

 

FYX(config-if-vlanInterface-20)#exit

1.2.3 建立DHCP地址池并開(kāi)啟DHCP Server（服務(wù)器和有線辦公手動(dòng)配置IP）

建立DHCP地址池：

FYX(config)#ip pool vlan100

Create a new ip pool successfully.

FYX(config-ip-pool-vlan100)#gateway 192.168.100.1 255.255.255.0

Config the gateway ip successfully.

FYX(config-ip-pool-vlan100)#router 192.168.100.1    

FYX(config-ip-pool-vlan100)#dns primary-ip 61.139.2.69

Configure the primary dns successfully.

FYX(config-ip-pool-vlan100)#dns second-ip 119.6.6.6

Configure the second dns successfully.

FYX(config-ip-pool-vlan100)#section 0 192.168.100.2 192.168.100.200

Create an ip section successfully.

FYX(config-ip-pool-vlan100)#lease 0:1:0

Lease time has been modified successfully

FYX(config-ip-pool-vlan100)#exit

FYX(config)#ip pool vlan200

Create a new ip pool successfully.

FYX(config-ip-pool-vlan200)#gateway 192.168.200.1 255.255.255.0

Config the gateway ip successfully.

FYX(config-ip-pool-vlan200)#router 192.168.200.1

FYX(config-ip-pool-vlan200)#dns primary-ip 61.139.2.69

Configure the primary dns successfully.

FYX(config-ip-pool-vlan200)#dns second-ip 119.6.6.6

Configure the second dns successfully.

FYX(config-ip-pool-vlan200)#section 0 192.168.200.2 192.168.200.200

Create an ip section successfully.

FYX(config-ip-pool-vlan200)#lease 0:1:0

Lease time has been modified successfully

FYX(config-ip-pool-vlan200)#exit

開(kāi)啟DHCPserver:

FYX(config)#dhcp-relay

Turn on DHCP relay successfully!

 

FYX(config)#dhcp-server 100 ip 192.168.100.1

Set the ipaddress of dhcp server group success !

 

FYX(config)#dhcp-server 200 ip 192.168.200.1

Set the ipaddress of dhcp server group success !

 

FYX(config)#interface vlan-interface 100

FYX(config-if-vlanInterface-100)#dhcp-server 100

Set vlan interface dhcp server group success

 

FYX(config-if-vlanInterface-100)#interface vlan-interface 200

FYX(config-if-vlanInterface-200)#dhcp-server 200

Set vlan interface dhcp server group success

 

FYX(config-if-vlanInterface-200)#exit

1.2.4 交換端口

FYX(config)#interface ethernet 0/0/1

FYX(config-if-ethernet-0/0/1)#switchport default vlan 10

FYX(config-if-ethernet-0/0/1)#interface ethernet 0/0/2

FYX(config-if-ethernet-0/0/2)#switchport default vlan 20

FYX(config-if-ethernet-0/0/2)#interface ethernet 0/0/3

FYX(config-if-ethernet-0/0/3)#switchport default vlan 30

FYX(config-if-ethernet-0/0/3)#exit  

FYX(config)#interface ethernet 0/0/4

FYX(config-if-ethernet-0/0/4)#switchport mode trunk

FYX(config-if-ethernet-0/0/4)#switchport trunk allowed vlan 1,100,200

1.2.5 默認(rèn)路由

FYX(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.1

Config static route successfully!

1.2.6 來(lái)賓網(wǎng)訪問(wèn)控制

FYX(config)#access-list extended guest

Create ACL item successfully.

 

FYX(config-ext-nacl-guest)#0 deny 192.168.200.0 0.0.0.255 10.0.0.0 0.0.0.255

                                                                            

Config ACL subitem successfully.

 

FYX(config-ext-nacl-guest)#1 deny 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255                                                                       

Config ACL subitem successfully.

 

FYX(config-ext-nacl-guest)#2 deny 192.168.200.0 0.0.0.255 192.168.1.0 0.0.0.255                                                                         

Config ACL subitem successfully.

 

FYX(config-ext-nacl-guest)#3 deny 192.168.200.0 0.0.0.255 192.168.2.0 0.0.0.255                                                                         

Config ACL subitem successfully.

 

FYX(config-ext-nacl-guest)#4 permit any any

Config ACL subitem successfully.

 

FYX(config-ext-nacl-guest)#exit

FYX(config)#access-group ip-group guest subitem 0

Activate ACL successfully .

 

FYX(config)#access-group ip-group guest subitem 1

Activate ACL successfully .

 

FYX(config)#access-group ip-group guest subitem 2

Activate ACL successfully .

 

FYX(config)#access-group ip-group guest subitem 3

Activate ACL successfully .

 

FYX(config)#access-group ip-group guest subitem 4

Activate ACL successfully .

 

FYX(config)#exit

 

 

 

2.  AP配置

2.1 準(zhǔn)備階段

為了方便配置，先按照下圖拓?fù)溥B接，直接通過(guò)AC對(duì)AP進(jìn)行配置。接下來(lái)，我們只舉出一個(gè)AP配置的例子。

 

圖2.1.1 AP配置拓?fù)?/span>

 

2.2 web配置

在AP上線之后，需要給AP靜態(tài)指定IP、網(wǎng)關(guān)、掩碼和AC地址等信息，具體配置如下圖：

 

圖2.2.1 AC上進(jìn)行AP配置示例

 

配置完成保存后，AP會(huì)離線。至此，AP的配置已經(jīng)完成。最后，需要進(jìn)行進(jìn)行AC的配置。

 

 

 

3.  AC配置

AC的配置，分為外網(wǎng)配置、AP配置、服務(wù)配置、內(nèi)網(wǎng)擴(kuò)展配置、靜態(tài)路由幾個(gè)部分。AP配置已經(jīng)給大家展示，外網(wǎng)配置和未接三層的配置情況一樣，這里給大家介紹剩下的三個(gè)配置。

3.1 服務(wù)配置

從整網(wǎng)拓?fù)?，可以看出，無(wú)線業(yè)務(wù)的VLAN100對(duì)應(yīng)網(wǎng)段192.168.100.0，VLAN200對(duì)應(yīng)192.168.200.0。經(jīng)這樣配置后，AC發(fā)往這兩個(gè)網(wǎng)段的報(bào)文就會(huì)直接從本地二層發(fā)出。因此，我們?cè)谧龇?wù)配置時(shí)，給SSID的配置必須VLAN相同，同時(shí)建議網(wǎng)段相同：

 

圖3.1.1 辦公網(wǎng)SSID配置

 

圖3.1.2 來(lái)賓網(wǎng)SSID配置

 

3.2 內(nèi)網(wǎng)擴(kuò)展配置

需要擴(kuò)展的內(nèi)網(wǎng)網(wǎng)段如下圖（注意：SSID里面的VLAN網(wǎng)段在此處不需要增加，默認(rèn)DHCP服務(wù)器擴(kuò)展地址池里面會(huì)自動(dòng)生成）：

 

圖3.2.1 內(nèi)網(wǎng)擴(kuò)展配置

 

3.3 靜態(tài)路由

針對(duì)內(nèi)網(wǎng)擴(kuò)展的網(wǎng)段，將路由指向三層交換機(jī)對(duì)應(yīng)的VLAN接口IP：172.16.0.254。

 

圖3.3.1 靜態(tài)路由

 

至此，所有配置完成。最后，只需要按照?qǐng)D1所示拓?fù)洌晟普麄€(gè)網(wǎng)絡(luò)的組建即可。

 

注意

（1） AP的管理VLAN并非必須是1，可以修改為其他VLAN，但是，對(duì)應(yīng)的TRUNK口的PVID就要修改（例如：管理VLAN為1000，TRUNK口要加上命令switchport default vlan 1000）。