生前何必久睡,死后定當長眠,
文章目錄
- 簡單概述
- 框架拓撲
- 基本配置
- 簡單測驗
高校的監控、有線、無線網路業務如何跑起來?
簡單概述
專案簡單復盤,簡單總結一下必要的知識,這是本人的之前做的專案,
業務規劃如下表所示:
| vlan | 描述 | 網段 | 網關 | 登錄方式 | 用戶名 | 密碼 | 備注 |
|---|---|---|---|---|---|---|---|
| 1 | 監控 | 10.40.0.0/23 | 10.40.1.254/23 | ||||
| 20 | 無線 | 10.20.61.0/24 | 10.20.61.254/24 | ||||
| 30 | 有線 | 10.30.61.0/24 | 10.30.61.254/24 | ||||
| 40 | 管理 | 10.7.90.0/24 | telnet | admin | 1008611 | ||
| 50 | AP | 192.168.60.0/24 | 192.168.60.254/24 | ||||
| 60 | 預留 |
不同的業務劃分不同的VLAN,因為網關不一樣,
有線接入交換機,后期有其他業務需求,所以接傻瓜式交換機也能正常上網(傻瓜式交換機不需要配置,能實作即插即用;可在核心交換機上配置DHCP服務器,實作自動下發IP地址,下聯口配置ACCSESS埠模式,上行口配置TRUNK的埠模式)
監控的接入交換機,需要是POE交換機,因為POE能提供電,開啟POE功能,配置好上下聯介面即可,這配置比較簡單,直接使用默認VLAN 1就行,后期如果需要再添加攝像頭的話,介面插在監控交換機上的下聯口即可,
無線的AP需要正常上線,用戶連接到的WIFI能正常上網,需要給SSID設備密碼,并要有一定的安全系數,配置AC本地轉發模式,因為配置本地轉發模式之后資料轉發的時候不需要走AC,用戶數量很多的話,也推薦使用本地轉發模式,這樣也起到了減輕AC的負擔效果,
GW到核心可以配置介面或者是配置單臂路由,
高校的網路業務,全部跑起來,
框架拓撲
只簡單體現部分網路業務與部分設備
監控部分
無線部分
有線部分
基本配置
只簡單描述部分網路業務的設備配置
核心
sysname HX
#
telnet server enable
#
......
#
dhcp enable
dhcp server forbidden-ip 172.30.61.253 172.30.61.254
#
.......
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan30
description guanli
#
vlan 40
#
dhcp server ip-pool user-1
gateway-list 10.20.61.254
network 10.20.61.0 mask 255.255.255.0
dns-list 114.114.114.114
#
dhcp server ip-pool yx
gateway-list 10.30.61.254
network 10.30.61.0 mask 255.255.255.0
dns-list 114.114.114.114
#
interface Vlan-interface1
description jiankong
ip address 10.40.1.254 255.255.254.0
#
interface Vlan-interface10
description wuxian
ip address 10.20.61.252 255.255.255.0
#
interface Vlan-interface20
description wangluo
ip address 10.30.61.253 255.255.255.0
#
interface Vlan-interface30
description guanli
ip address 10.7.90.50 255.255.255.0
#
interface Vlan-interface40
ip address 192.168.60.253 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/4
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/5
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/6
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
......
#
interface Ten-GigabitEthernet1/0/50
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/51
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/52
port link-type trunk
port trunk permit vlan all
#
......
#
line vty 0 4
authentication-mode scheme
user-role level-15
user-role network-operator
set authentication password hash $h$6$r7o4J69wjD75yJp+$PmI5fGsZgevnjzyD4eNbTkArqyidaUk1lytB0up5HNjjE+Xw2SPQj0v54rdvPXUcQFuAYA9iigrGe1Gr00Of0w==
#
.....
#
local-user admin class manage
password hash $h$6$g9622q3nQgTUANrR$fKvMW5PujY4IYfsJm9IRRExXViubtxsSAclR/5yChOtbfcXrWeCP7yuygu7WdPB+IKHlqg2eCBRlYBzUlwywfQ==
service-type telnet
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
......
無線控制器
sysname AC
#
telnet server enable
#
dhcp enable
#
vlan 1
#
vlan 10
#
vlan 30
description guanli
#
vlan 40
name AP-GuanLi
#
dhcp server ip-pool ap
gateway-list 192.168.60.254
network 192.168.60.0 mask 255.255.255.0
#
wlan service-template 1
ssid LXXX-1
client forwarding-location ap
akm mode psk
preshared-key pass-phrase cipher 1008611
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
#
interface Vlan-interface30
ip address 10.7.90.254 255.255.255.0
#
interface Vlan-interface40
ip address 192.168.60.40 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
description To-hx
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 30 40
#
ip route-static 0.0.0.0 0 10.7.90.50
#
.....
#
local-user admin class manage
password hash $h$6$Q8fCpjF7Q/Dx2e15$mnHpb4R9v3+rOsyOkEFk5kmCsGGOo/RZ13tDbRAAfNBbD689sl3Y5ycseJ53gUcKrA1oNob1YU53Dg/VSCfUBA==
service-type telnet http https
authorization-attribute user-role network-admin
#
app-group xxxx-xxxx-xxxx
description "User-defined application group"
#
......
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan ap-group bel
vlan 1
ap-model WA6320-C
map-configuration flash:/apconfig.txt
radio 1
radio enable
service-template 1 vlan 10
radio 2
radio enable
service-template 1 vlan 10
gigabitethernet 1
#
........
#
wlan ap-group default-group
vlan 1
ap-model WA6320-C
map-configuration flash:/apconfig.txt
radio 1
radio enable
service-template 1 vlan 10
radio 2
radio enable
service-template 1 vlan 10
gigabitethernet 1
#
wlan ap 0c3a-fa3e-f940 model WA6320-C
serial-id 219801A2BS820BE004WL
vlan 1
radio 1
radio 2
gigabitethernet 1
#
......
監控
sysname JK
#
telnet server enable
#
......
#
vlan 1
description jiankong
#
vlan 30
description guanli
#
interface Vlan-interface30
ip address 10.7.90.30 255.255.255.0
#
interface GigabitEthernet1/0/1
stp edged-port
poe enable
#
interface GigabitEthernet1/0/2
stp edged-port
poe enable
#
interface GigabitEthernet1/0/3
stp edged-port
poe enable
#
interface GigabitEthernet1/0/4
stp edged-port
poe enable
#
interface GigabitEthernet1/0/5
stp edged-port
poe enable
#
interface GigabitEthernet1/0/6
stp edged-port
poe enable
#
......
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
poe enable
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
poe enable
#
ip route-static 0.0.0.0 0 10.7.90.50
#
.....
無線
sysname WX
#
telnet server enable
#
......
#
dhcp enable
#
.......
#
vlan 10
description wuxian
#
vlan 30
description guanli
#
vlan 40
description glap
#
interface Vlan-interface30
ip address 10.7.90.20 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
interface GigabitEthernet1/0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
interface GigabitEthernet1/0/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
interface GigabitEthernet1/0/4
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
interface GigabitEthernet1/0/5
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
interface GigabitEthernet1/0/6
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port trunk pvid vlan 40
stp edged-port
poe enable
#
......
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
poe enable
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
poe enable
#
ip route-static 0.0.0.0 0 10.7.90.50
#
.....
#
line vty 0 4
user-role level-15
user-role network-operator
set authentication password hash $h$6$mWM7Az3+Vq9JSIGe$ss1G+9qS8fC4es+om5Sqb7ipr04vyLqujhaDDVjFjWibcGaf8pq0YWFeN9wYd6rTp2Sj8FiHvFAQT96qltRU1g==
#
.....
#
local-user admin class manage
password hash $h$6$U+Eu6tFUnQ6QOFtI$/3oqehm3MSABANUbVKKYyxUdoObrIZoc4UCvTJ/ot8WJVkcWv3TLEuJVEISovzT1A09ZhHBMK9AWkELThVlUJg==
service-type telnet http https terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
......
有線
sysname YX
#
vlan 20
description wangluo
#
vlan 30
description guanli
#
......
#
local-user admin
password cipher 1008611
authorization-attribute level 3
service-type telnet
#
interface NULL0
#
interface Vlan-interface30
ip address 10.7.90.10 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 30
#
interface GigabitEthernet1/0/2
port access vlan 30
#
interface GigabitEthernet1/0/3
port access vlan 30
#
interface GigabitEthernet1/0/4
port access vlan 30
#
interface GigabitEthernet1/0/5
port access vlan 30
#
interface GigabitEthernet1/0/6
port access vlan 30
#
......
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
#
ip route-static 0.0.0.0 0 10.7.90.50
#
......
#
dhcp enable
#
......
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
set authentication password cipher 1008611
user-interface vty 5 15
#
return
簡單測驗
1、監控
是否能PING通網關
安裝一個插件(不需要有網路,用戶名:admin,密碼:1111)
在攝像頭上配置一個和監控網關同網段的IP地址
效果畫面
2、無線
AP上線
如果當天AP沒有全部上線的話,或者是只有幾個AP沒上線,之后等客戶把線插好之后,可考慮遠程操作,把剩下沒分組的AP給分組,因為AP沒上線的因素有很多,比如,網線差錯業務介面,網線沒插,或者是沒插好,甚至是網線制作有問題,(因為這是我踩過的坑兒)
3、有線
把PC接到接入交換機,PC能拿到IP地址,能正常上網
ping 114.114.114.114
知識拓展:
批量PING測驗
@for /l %i in (1,1,255) do @ping -n 1 -w 40 192.168.110.%i & if errorlevel 1 (echo 192.168.110%i>>na.txt) else (echo 192.168.110.%i>>act.txt)
有192.168.110.39IP地址能通
好了這期就到這里了,如果你喜歡這篇文章的話,請點贊評論分享收藏,如果你還能點擊關注,那真的是對我最大的鼓勵,謝謝大家,下期見!
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/301996.html
標籤:其他