又是下班跑路失败的第二天
又是下班跑路失败的第二天
●茹菓ミ1.AC重新配置
书接上回坑爹华为供应商,最近办公楼同事一直反应最近无线网络特别卡、信号特别弱,能不优化一下 (可能影响大佬刷抖音了 ),所以进AC看了一下配置,结果发现AP名称是默认的,不知道哪个办公室是哪个AP,只能苦逼搬着梯子看MAC地址,后续等忙完手头工作了,讲AC重新配置优化一下,配置思路如下
2.配置思路
第一步:需要明确AP名称,明确AP在哪个办公室,方便后续维护。第二步:因AC型号性能羸弱,将转发模式设置为本地转发模式,AC旁挂在核心交换机,业务VLAN地址池、管理VLAN地址池配置在核心交换机中。第三步:公司双出口专线,计划将AC业务流量通过策略路由PBR 自定义策略进行报文转发和选路。
3.配置步骤
3.1华为AC配置
创建VLAN,VLAN100为与核心交换机互联VLAN,VLAN116为管理VLAN,VLAN118为高层领导业务VLAN,VLAN119为员工业务VLAN。AC的GigabitEthernet0/0/1配置Trunk口,放行VLAN100,配置capwap隧道:capwap source interface vlanif100,配置指向核心的默认路由:ip route-static 0.0.0.0 0.0.0.0 192.168.100.1。
进入WLAN视图,分别配置高层领导与员工AP组,创建管理域模板,城市代码设置为CN:
[AC-wlan-view]ap-group name ap/vip
[AC-wlan-view]regulatory-domain-profile name domain
[AC-wlan-regulate-domain-domain]country-code CN
以MAC认证方式添加AP,并添加到AP组中:
[AC-wlan-view]ap auth-mode mac-auth
[AC-wlan-view]ap-id 0 ap-mac AP的MAC地址
[AC-wlan-ap-0]ap-name AP名称
[AC-wlan-ap-0]ap-group ap/vip
配置安全模板、名称模板、VAP模板
[AC-wlan-view]security-profile name sec
[AC-wlan-sec-prof-sec]security wpa2 psk pass-phrase hf88888888 aes
[AC-wlan-view]ssid-profile name ssid
[AC-wlan-ssid-prof-ssid]ssid HBhuafeng
[AC-wlan-view]vap-profile name ap/vip
[AC-wlan-vap-prof-ap/vip]forward-mode direct-forward
[AC-wlan-vap-prof-ap/vip]service-vlan vlan-id 118/119
[AC-wlan-vap-prof-ap/vip]security-profile sec
[AC-wlan-vap-prof-ap/vip]ssid-profile ssid
配置AP组引用VAP模板
[AC1-wlan-view]ap-group name ap/vip
[AC1-wlan-ap-group-ap/vip]vap-profile ap/vip wlan 1 radio all
3.2华为核心交换机配置
开启DHCP服务:dhcp enable
创建业务、管理VLAN地址池:
ip pool vlan116
gateway-list 192.168.116.1
network 192.168.116.0 mask 255.255.255.0
option 43 sub-option 2 ip-address 192.168.100.3
ip pool vlan118
gateway-list 192.168.118.1
network 192.168.118.0 mask 255.255.255.0
dns-list 119.29.29.29
ip pool vlan119
gateway-list 192.168.119.1
network 192.168.119.0 mask 255.255.255.0
dns-list 119.29.29.29
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
#
interface Vlanif116
ip address 192.168.116.1 255.255.255.0
dhcp select global
#
interface Vlanif118
ip address 192.168.118.1 255.255.255.0
dhcp select global
#
interface Vlanif119
ip address 192.168.119.1 255.255.255.0
dhcp select global
4.华为路由器配置PBR策略路由
创建高级ACL,分别匹配VLAN118、119
[R1] acl 3001
[R1-acl-adv-3001] rule permit ip source 192.168.118.0 0.0.0.255
[R1] acl 3002
[R1-acl-adv-3001] rule permit ip source 192.168.119.0 0.0.0.255
配置流分类
[R1] traffic classifier cl operator or
[R1-classifier-cl] if-match acl 3001
[R1] traffic classifier c2 operator or
[R1-classifier-c2] if-match acl 3002
配置流行为
[R1-behavior-bl] redirect ip-nexthop 电信专线 track nqa test0 test0
[R1-behavior-b2] redirect ip-nexthop 联通专线 track nqa test2 test2
配置流策略
[R1] traffic policy pl
[R1-trafficpolicy-pl] classifier cl behavior bl
[R1-trafficpolicy-p1] classifier c2 behavior b2
在路由器入方向接口调用
[R1] interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1] traffic-policy pl inbound
———————————————————————————————————————-
到这里就完成了对办公楼AC及一些网络优化的改造了,后续还有其他设备优化,我也会记录到这里。
