Shulou(Shulou.com)06/01 Report--

1. Local computer room

When I joined the company last year, there were only 20 people, but now it has grown to 100. At that time, the office was still quite small, accommodating up to 40 people. In July, the company plans to relocate the office. In view of the office environment at that time, in fact, stupid switches and routes, coupled with the intertwining of network lines and telephone lines, like a spider's web, dropped lines often occurred. When more than 40 people, go to check the routing negative cut, 100%, can connect to the Internet, but the packet switching is extremely serious. In view of this situation, it is very necessary to build a stable local office computer room environment.

2. Machine selection

Serial number product model description quantity

Router

1MSR2600-10-WiNetH3C MSR2600-10-WiNet router host 1

Online behavior management

1NS-ACG1010+LIS-1H3C SecPath ACG1010 application control gateway host (12GE port), including one-year feature library upgrade 1

Core switch

1LS-5500-24P-WiNetH3C S5500-24P-WiNet Ethernet switch host (24GE+4SFP Combo) 1

Access to POE switch

1LS-5120-28P-POE-WiNetH3C S5120-28P-POE-WiNet L2 Ethernet switch mainframe, 24 10ax 100max 1000BaseMet SFP 4 SFP, support AC110/220V,POE1

Wireless AC controller

1EWP-WAC360 manages 16 AP by default, which is not scalable. The maximum number of management users is 512, which is 1xWAND4xLanxUSB1.

Wireless AP

1EWP-WAP722-FIT internal antenna, no external antenna, 2.4/5GHz dual-band 866m, with its own power supply, fat and thin, suction top plate 9

Network cabinet

1WD8632-A width, depth and height 800 "600" 1600, 4 standard fans, 2 laminates and 1 power supply, black 1

48-port 100 megabit access switching

1LS-S3110-52TP-SIH3C S3110-52TP-SI Ethernet switch host (48FE+2GE+2SFP, AC powered) 4

Unshielded 48-port distribution frame

1935548 Sol Super five unshielded 48-port Distribution frame (full) 8

Telephone program-controlled exchange

1WS824-9H8 external extension 64 cannot be expanded 1

Implementation of cabling in computer room

1 computer room wiring, machine room wiring, thread smoothing and other work, 150 information points

III. Topological structure

IV. Configure step-by-step gathering

Router S2600-10

1.1 configure Telnet users to log in using AAA authentication

System-view

Turn on the Telnet server function of Router.

Telnet server enable

Configure Telnet user login to use AAA authentication.

User-interface vty 0 4 authentication-mode scheme

Set Telnet user and password

Local-user admin password cipher fill in the password authorization-attribute level 3 service-type telnet terminal service-type web

1.2 Dial 1 Settin

Interface Dialer1 nat outbound 3001 link-protocol ppp ppp chap user dialing account ppp chap password cipher password ppp pap local-user dialing account password cipher password ip address ppp-negotiate tcp mss 1024 dialer user account dialer-group 1 dialer bundle 1

1.3 Dial 2 Settings

Interface Dialer2 nat outbound 3002 link-protocol ppp ppp chap user account ppp chap password cipher password ppp pap local-user account password cipher password ip address ppp-negotiate tcp mss 1024 dialer user account dialer-group 2 dialer bundle 2

1.4 configure ACL

Acl number 3001 rule 0 permit ipacl number 3002 rule 0 permit ip source 10.1.9.0 0.0.0.255

1.5 create policy node 5 and apply it to G0Unip 2

Policy-based-route server permit node 5 if-match acl 3002 apply output-interface GigabitEthernet0/2policy-based-route server permit node 10

1.6 if the operating mode is set to layer 3 mode (Rout), it will be used as a layer 3 Ethernet interface

G0UB0 interface

Interface GigabitEthernet0/0 port link-mode route pppoe-client dial-bundle-number 1

G0x2 interface

Interface GigabitEthernet0/2 port link-mode route pppoe-client dial-bundle-number 2

1.7 configure management IP address

Interface GigabitEthernet0/1 port link-mode route ip address 10.1.7.1 255.255.255.0 tcp mss 1024 ip policy-based-route server

1.8 set static rout

Ip route-static 0.0.0.0 0.0.0.0 Dialer1 ip route-static 10.1.0.0 255.255.0.0 10.1.7.3

1.9 enable DHCP

Dhcp enable

1.10 set trigger dialing conditions

Dialer-rule 1 ip permit dialer-rule 2 ip permit

This command is used to set the conditions that trigger dialing, and this command indicates that the IP package can

Trigger dialing. The following dialer-group command in interface configuration mode corresponds to this command and is used to specify the dial-up interface

The trigger dialing condition used.

1.11 View interface details

two。 Online behavior Management NS-ACG1010

Without too many restrictions, it is only used to view the current network belt bandwidth, which is shown here in a configuration file, which can be used for reference.

! configauthorized-table admin authorized read all authorized write all! user administrator admin local secret Hg6MAD7MGTUEcoT9gHG+LhDc6E07QwG71SmiEodL/fQT/YirzsAURqDjk69469y authorized-table admin user administrator admin authorized-address first 0.0.0.0/0!!timezone 57!pki ca crl update-period 30!!interface bvi2 ip address 10.1.7.2/24 allow access https allow access http allow access ping allow access telnet!interface ge0 ip address 192.168.1.1/24 allow access https allow access http allow access ping!interface ge1!interface ge2 bridge-group 2!interface ge3 Bridge-group 2 rooms interface ge4 rooms interface ge5 colors interface ge6 colors interface ge8 colors interface ge9 colors interface ge10 colors interface ge11 address address 6 address address color color address address, service property, service color, groupcolor color, service, color, etc. Policy default-action permit policy white-list enable! snmp community secret 6NSjZ2FJfHqUtCqRXdechDETsW7nP4FFcq1ujxx1HotuCZoZGsn14R7gwFVplw1 write-community secret QuVJ8MPv5S7noa5LpProfiles C7xY4UnIZD5gm5LCCvi9RLtd C2fYqVZdaKQ0rwLAIf36Pcustomers dhcppacks installed IP route 0.0.0.0max 010.1.7.1user words paramilitary userhouses param recognition threshold 60000 userhouses authentic examples IP session examples qosconsumption profile line 01 limit ingress maxbandwidth ingress 1000 match interface ge0policies qosformula profile channel def_01 parent 01policies policy6 default-action permit!

3. Core switch LS-5500-24

3.1Configuration is in the web interface. Create vlan1,vlan2,vlan5,vlan6,vlan7,vlan9,vlan100.

3.2Configuring routing and enabling DHCP

3.3.The interface is set to Trunk mode

3.4 Settings for interface 20

Related definition

1. Trunk port, Trunk port can transmit multiple VLAN packets at the same time, which is generally used for the link between switches.

2. Hybrid port, which can transmit multiple VLAN packets at the same time, which is generally used for the link between switches or the link between the switch and the server.

3. Access port, access port can only belong to 1 VLAN, which is generally used to connect to the computer port.

4. Tag and Untag,tag refer to the label of vlan, that is, the id of vlan, which indicates which vlan,untag index packet does not belong to any vlan and does not have a vlan tag.

5. Pvid, that is, the port vlan id number, is the vlan id setting of the untagged port. When the untagged packet enters the switch, the switch will check the vlan setting and decide whether to forward it. If an ip packet enters a switch port without a tag header and pvid is configured on the port, the packet will be tagged accordingly! If the incoming ip packet already has a tag header (vlan data), the switch generally does not add the tag header, even if the port is configured with a pvid number; when an untagged packet enters the switch.

4. Access layer switching

4.1 S3110-01

4.1.2 initial configuration

Sysname H3C-S3110-zero domain default enable system# ipv6# telnet server enable# password-recovery enable# domain system access-limit disable state active idle-cut disable self-service-url disable# user-group system group-attribute allow-guest # local-user admin password cipher password authorization-attribute level 3 service-type telnet terminal service-type web # user-interface aux 0user-interface vty 0 4 authentication-mode schemeuser-interface vty 5 15

4.1.3 create vlan

Vlan 1#vlan 2#vlan 5 to 7#vlan 100#

4.1.4 configure the management address

Interface Vlan-interface1 ip address 10.1.1.4 255.255.255.0

4.1.5 add the current Access port to the specified VLAN2

Interface Ethernet1/0/1 port access vlan 2# interface Ethernet1/0/2 port access vlan 2# interface Ethernet1/0/3 port access vlan 2# interface Ethernet1/0/4 port access vlan 2# interface Ethernet1/0/5 port access vlan 2# interface Ethernet1/0/6 port access vlan 2# interface Ethernet1/0/7 port access vlan 2# Interface Ethernet1/0/8 port access vlan 2# interface Ethernet1/0/9 port access vlan 2# interface Ethernet1/0/10 port access vlan 2# interface Ethernet1/0/11 port access vlan 2# interface Ethernet1/0/12 port access vlan 2# interface Ethernet1/0/13 port access vlan 2# interface Ethernet1/0/14 Port access vlan 2# interface Ethernet1/0/15 port access vlan 2# interface Ethernet1/0/16 port access vlan 2# interface Ethernet1/0/17 port access vlan 2# interface Ethernet1/0/18 port access vlan 2# interface Ethernet1/0/19 port access vlan 2# interface Ethernet1/0/20 port access vlan 2# Interface Ethernet1/0/21 port access vlan 2# interface Ethernet1/0/22 port access vlan 2# interface Ethernet1/0/23 port access vlan 2# interface Ethernet1/0/24 port access vlan 2# interface Ethernet1/0/25 port access vlan 2# interface Ethernet1/0/26 port access vlan 2# interface Ethernet1/0/27 port access vlan 2# Interface Ethernet1/0/28 port access vlan 2# interface Ethernet1/0/29 port access vlan 2# interface Ethernet1/0/30 port access vlan 2# interface Ethernet1/0/31 port access vlan 2# interface Ethernet1/0/32 port access vlan 2# interface Ethernet1/0/33 port access vlan 2# interface Ethernet1/0/34 Port access vlan 2# interface Ethernet1/0/35 port access vlan 2# interface Ethernet1/0/36 port access vlan 2# interface Ethernet1/0/37 port access vlan 2# interface Ethernet1/0/38 port access vlan 2# interface Ethernet1/0/39 port access vlan 2# interface Ethernet1/0/40 port access vlan 2# Interface Ethernet1/0/41 port access vlan 2# interface Ethernet1/0/42 port access vlan 2# interface Ethernet1/0/43 port access vlan 2# interface Ethernet1/0/44 port access vlan 2# interface Ethernet1/0/45 port access vlan 2# interface Ethernet1/0/46 port access vlan 2# interface Ethernet1/0/47 port access vlan 2# Interface Ethernet1/0/48 port access vlan 2

4.1.6 each switch has 4 cascaded ports, and each is configured in trunk mode with 52 interfaces

Interface GigabitEthernet1/0/52 port link-type trunk port trunk permit vlan all

4.1.7 configure static rout

Ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

4.2 similarly, the other three exchanges are configured in the same way, but the configuration in S3110-04 has more vlan9.

# interface Ethernet1/0/6 port access vlan 9#interface Ethernet1/0/8 port access vlan 9#interface Ethernet1/0/10 port access vlan 9#interface Ethernet1/0/12 port access vlan 9#interface Ethernet1/0/14 port access vlan 9#interface Ethernet1/0/16 port access vlan 9#interface Ethernet1/0/18 port access vlan 9#interface Ethernet1/ 0/20 port access vlan 9# interface Ethernet1/0/22 port access vlan 9# interface Ethernet1/0/24 port access vlan 9# interface Ethernet1/0/26 port access vlan 9# interface Ethernet1/0/28 port access vlan 9# interface Ethernet1/0/30 port access vlan 9 # interface Ethernet1/0/32 port access vlan 9

5. Access to POE switch LS-5120

5.1 G1Accord 24 configure trunk mode, and IP, routing table settings for virtual subinterface 1

5.2 POE Settings

6. Wireless controller EWP-WAC360

6.1Create vlan

# vlan 2#vlan 4 to 7#vlan 100#

6.2 set login user and password

Local-user admin password cipher password authorization-attribute level 3 service-type telnet terminal service-type web

6.3 RF rate setting

Wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 12 dot11b supported-rate 5.5 11 dot11g mandatory-rate 12 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54

6.4 Wireless access services

6.4.1 one company, the other is a customer visit

Wlan service-template 2 crypto ssid Company bind WLAN-ESS 2 cipher-suite ccmp security-ie rsn service-template enable

6.4.2 the other is customer visit

# wlan service-template 3 crypto ssid CompanyVistor bind WLAN-ESS 3 cipher-suite ccmp security-ie rsn service-template enable

6.5 Interface Management

6.5.1 configure its administrative IP address

Interface Vlan-interface100 ip address 10.1.100.254 255.255.255.0

6.5.1 switch the G1UniPax interface to layer 2 mode, which is used as a layer 2 Ethernet port, and at the same time

Interface GigabitEthernet1/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all

6.6 create a pre-shared key

6.6.1 and allow customers to access vlan6

Interface WLAN-ESS2 port access vlan 6 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher

6.6.2 and allow customers to access vlan5

Interface WLAN-ESS3 port access vlan 5 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher

6.7 AP setting, using serial number

6.7.1 create AP name

Wlan ap-group default_group ap ap1 ap ap2 ap ap3 ap ap4 ap ap5 ap ap6 ap ap7 ap ap8 ap ap9 dot11a service-template 1 dot11bg service-template 1 dot11a radio enable dot11bg radio enable

6.7.1 add AP

6.7.1.1

Wlan ap ap2 model WAP722 id 2 serial-id 219801A0Q19154G00032 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.2

Wlan ap ap3 model WAP722 id 3 serial-id 219801A0Q19154G00025 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.3

Wlan ap ap4 model WAP722 id 4 serial-id 219801A0Q19154G00052 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.4

Wlan ap ap5 model WAP722 id 5 serial-id 219801A0Q19154G00338 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.5

Wlan ap ap6 model WAP722 id 6 serial-id 219801A0Q19154G00110 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.6

Wlan ap ap7 model WAP722 id 7 serial-id 219801A0Q19154G00195 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.7

Wlan ap ap8 model WAP722 id 8 serial-id 219801A0Q19154G00080 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.7.1.8

Wlan ap ap9 model WAP722 id 9 serial-id 219801A0Q19154G00038 radio 1 service-template 2 service-template 3 radio enable radio 2 service-template 2 service-template 3 radio enable

6.8 configure static rout

Ip route-static 0.0.0.0 0.0.0.0 10.1.100.253

6.9 finally turn on telnet

User-interface con 0user-interface vty 0 4 authentication-mode scheme user privilege level 3

5. Effect picture

The cabinets are small, the lines are full, there are several local servers, and there is no extra space, so I bought a tower (local servers are used for cluster testing). The construction of the computer room did not take into account the expansibility! Learn the lesson and prepare for the next time to improve the computer room.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.