20110829 Aruba Training
Download
Report
Transcript 20110829 Aruba Training
ARUBA 無線網路教育訓練
蔡億慶
[email protected]
AGENDA
設備外觀介紹
基礎操作介面介紹
運作原理說明
無線網路基本設定
Mesh 設定
AP 設定
除錯及查看訊息
Q&A
2
設備外觀介紹
3
機器外觀介紹
Aruba controller 620
4
機器外觀介紹
AP 125
天線
PoE Ethernet
AP 125
5
基礎操作介面介紹
6
基礎操作介面介紹
Monitoring
Configuration
Diagnostics
Maintenance
Plan
Events
Reports
7
基礎操作介面介紹
Monitoring
-Network
-Controller
-WLAN
-Voice
-Debug
8
基礎操作介面介紹
Configuration
-Wizards
-Network
-Security
-Wireless
-Management
-Advanced Services
9
基礎操作介面介紹
Diagnostics
-Network
-General
-Access Point
10
基礎操作介面介紹
Maintenance
-Controller
-File
-WLAN
11
運作原理說明
12
L2 Deployment
In a L2 deployment, WLAN controller acts as an Ethernet bridge
After authentication, frames from client are bridged onto L2 network
802.1q VLANs can be used
Clients can all be on same VLAN
Client can be assigned to VLAN based on ESSID, location, or
authentication result (802.1x)
Uplink ports can be 802.1q tagged
Or a different physical uplink port can be used per VLAN
Address assignment through external DHCP server normally
(internal DHCP server available)
Client broadcasts for DHCP, controller bridges the broadcast on user’s
VLAN
13
Theory of Operations
Second Floor
10.1.11.36
AP4/2nd Floor
11
10.1.11.42
AP3/2nd Floor
First Floor
VLAN 14
10.1.10.68
AP2/1st Floor
10
10.1.10.96
AP1/1st Floor
Data Center
14
VLAN 14: 10.1.14.6/24
loopback: 10.1.14.7/32
DHCP E-mail
14
Theory of Operations
Second Floor
150-200 Users per VLAN
10.1.11.36
AP4/2nd Floor
VLAN
10.1.11.42
AP3/2nd Floor
11
101
First Floor
10.1.10.68
VLAN
AP2/1st Floor
10
10.1.10.96
AP1/1st Floor
Data Center
14 802.1q
14, 100,
101
DHCPE-mail
100
Layer 3 Switch
vlan 100: 10.1.100.1/24
vlan 101: 10.1.101.1/24
Mobility Controller
vlan 14: 10.1.14.6/24
loopback: 10.1.14.7/32
vlan 100
vlan 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
15
Theory of Operations
GRE
Second Floor
1
10.1.11.36
802.3
AP4/2nd Floor
4
11
SIP: 10.96
DIP: 14.7
802.11
802.3
10.1.11.42
AP3/2nd Floor
1
0 DHCP Request
0
First Floor
10.1.10.68
AP2/1st Floor
10
10.1.10.96
AP1/1st Floor
14
Data Center
802.1q
14, 100, 101
DHCP E-mail
Layer 3 switch
VLAN 100: 10.1.100.1/24
VLAN 101: 10.1.101.1/24
Mobility Controller
VLAN 14: 10.1.14.6/24
loopback: 10.1.14.7/32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
16
Theory of Operations
GRE
Second Floor
1
10.1.11.36
802.3
AP4/2nd Floor
4
11
SIP: 14.7
DIP: 10.96
802.11
802.3
10.1.11.42
AP3/2nd Floor
1
0
0
DHCP Reply
10.1.100.32
First Floor
10.1.10.68
AP2/1st Floor
10
10.1.10.96
AP1/1st Floor
14
Data Center
802.1q
14, 100, 101
DHCP E-mail
10.1.100.32
Layer 3 switch
VLAN 100: 10.1.100.1/24
VLAN 101: 10.1.101.1/24
Mobility Controller
VLAN 14: 10.1.14.6/24
loopback: 10.1.14.7/32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
17
Theory of Operations
Second Floor
10.1.11.36
AP4/2nd Floor
11
10.1.11.42
AP3/2nd Floor
First Floor
GRE
1
4
SIP: 11.42
802.3
DIP: 14.7
10.1.10.68
AP2/1st Floor 10.1.100.32
10
10.1.10.96
AP1/1st Floor
14
Data Center
802.1q
14, 100, 101
DHCP E-mail
802.3
802.11
1 DHCP Renew
0 10.1.100.32
0
Layer 3 switch
VLAN 100: 10.1.100.1/24
VLAN 101: 10.1.101.1/24
Mobility Controller
VLAN 14: 10.1.14.6/24
loopback: 10.1.14.7/32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
18
Theory of Operations
Second Floor
10.1.11.36
AP4/2nd Floor
11
10.1.100.32
10.1.11.42
AP3/2nd Floor
GRE
First Floor
802.3
10.1.10.68
AP2/1st Floor
10
10.1.10.96
AP1/1st Floor
14
Data Center
802.1q
14, 100, 101
DHCP E-mail
1
4
SIP: 14.7
DIP: 11.42
802.11
802.3
1
0
0
DHCP Reply
10.1.100.32
Layer 3 switch
VLAN 100: 10.1.100.1/24
VLAN 101: 10.1.101.1/24
Mobility Controller
VLAN 14: 10.1.14.6/24
loopback: 10.1.14.7/32
VLAN 100
VLAN 101
ap group “1st Floor”
vlan 100
ap group “2nd Floor”
vlan 101
19
無線網路基本設定
20
登入Controller
使用GUI
https://x.x.x.x:4343
default IP address :172.16.0.254
使用CLI
將console 控制線接至controller serial port
serial setting
9600 8 n 1
21
Groups and Properties
AP Group
Wireless LAN
RF Management
Virtual AP
Properties
SSID
AP
QoS
IDS
a/g Radio
Settings
System Profile
VoIP
RF
Optimizations
Ethernet
a/g Management
AAA
Regulatory
Virtual AP
Properties
SSID
SNMP
AAA
22
Profiles (cont.)
23
設定範例
在實驗室中,為了安全考量,SSID分類為
student:WPA2-PSK
Guest:web authentication,不能存取student vlan
Vlan 分配:
student :Vlan 1 IP 192.168.1.0/24
Guest :Vlan 11 IP 192.168.11.0/24
24
範例架構說明
無線存取架構
Internet
192.168.1.254/24
192.168.1.250/24
Firewall or IP sharing
Switch
2.4 or 5 Ghz
192.168.1.249/24
25
設定步驟
新增student and Guest Vlan 、IP、DHCP
新增student及Guest SSID
設定student 屬性、role
設定Guest firewall policy、role
新增student及Guest aaa profile
新增student及Guest Virtual AP profile
新增Group
新增AP
26
新增student and Guest Vlan
Network->Vlan->add
新增Guest vlan 11,選擇2-3為access port
Apply
27
設定student Vlan IP
設定vlan 1 IP address
下圖紅框
Apply
1
192.168.1.254
255.255.255.0
28
設定Guest Vlan IP
設定vlan 11 IP address
下圖紅框1
下圖紅框2,啟用NAT
Apply
11
2
192.168.11.254
255.255.255.0
1
3
29
新增Guest DHCP
4
1
5
2
Guest
192.168.11.254
8.8.8.8
192.168.11.0
255.255.255.0
3
30
新增 student及Guest SSID
先在藍框處輸入 SSID-student->Add
新增完SSID-student,在藍框處輸入SSID-Guest->Add
31
編輯 student SSID
點選SSID-student->編輯內容
1
2
3
4
32
編輯Guest SSID
點選SSID-Guest->編輯內容
1
2
3
33
設定Guest firewall policy
1
2
3
新增阻斷存取192.168.1.0/24 ACL
新增上網連線ACL
34
設定Guest firewall policy、role
35
編輯Guest role
編輯Guest role
36
編輯Guest role
新增deny_student policy
1
2
編輯Guest role
3
37
編輯Guest role
4
5
設定Captive portal profile :default
38
新增student及Guest aaa profile
先在藍框處輸入 AAA-student->Add
新增完AAA-student,在藍框處輸入AAA-Guest->Add
39
編輯student aaa profile
點選AAA-Student->編輯內容
將authenticated role 套用至AAA-Student profile,802.1x
authentication default role
1
2
3
40
編輯student aaa profile
設定802.1x authentication profile
選擇default-psk
2
1
3
41
編輯Guest aaa profile
點選AAA-Guest->編輯內容
將guest role 套用至AAA-Guest profile Intial role
1
2
3
42
新增student及Guest Virtual AP profile
先在藍框處輸入 VAP-student->Add
新增完VAP-student,在藍框處輸入VAP-Guest->Add
43
編輯VAP-Student profile
新增VAP-Student VLAN 1
1
2
3
44
編輯VAP-Student profile
設定VAP-Student AAA profile
選擇AAA profile AAA-student
2
1
3
45
編輯VAP-Student profile
設定VAP-Student SSID profile
選擇SSID profile SSID-student
2
1
3
46
編輯VAP-Guest profile
新增VAP-Guest VLAN 11
1
2
3
47
編輯VAP-Guest profile
設定VAP-Guest SSID profile
選擇SSID profile SSID-Guest
設定VAP-Guest AAA profile
選擇AAA profile AAA-Guest
1
2
3
48
新增Group
新增AP Group:5F-study
編輯5F-study
2
3
1
49
編輯5F-study
新增VAP-Student and VAP-Guest
1
2
3
50
設定AP
將AP加入Group
1
4
5
2
3
51
設定AP
1
2
52
3
4修改AP name
5
53
MESH 設定
54
範例架構說明
Mesh架構
Internet
192.168.1.254/24
2.4Ghz
Firewall or IP sharing
192.168.1.249/24
192.168.1.247/24
192.168.1.250/24
5Ghz
5Ghz
192.168.1.248/24
55
設定步驟
設定mesh profile
新增Group
設定AP
查看mesh 訊息
56
設定Mesh profile
新增Mesh Profile
設定加密:wpa2-psk-aes
1
2
5
3
4
6
7
57
編輯Mesh Radio Profile
Reselection mode:
1、reselect-anytime
2、reselect-never
3、startup-subthreshold
4、subthreshold-only
Metric algorithm:
1 、 best-link-rssi
2 、distributed-tree-rssi
58
新增Mesh Group
59
編輯Mesh Group
1
3
2
4
新增Mesh Profile
60
設定AP
新增Mesh AP
將AP加入Mesh Group
1
4
5
2
3
61
設定Mesh AP
選擇AP Group :mesh
1
62
設定Mesh portal
2設定mesh portal及mesh point IP setting
3
5
4
設定Mesh point
5
3
4
63
觀察Mesh AP狀態
64
觀察Mesh AP狀態
觀察Mesh Point topology
65
觀察Mesh AP狀態
使用CLI觀察Mesh AP狀態
#show ap mesh topology
#show ap mesh active
66
AP 設定
67
Concept Review: AP Boot Process
1.
2.
3.
4.
5.
6.
Acquire IP Address
“Discover” a controller
Update code if necessary
Obtain configuration information
Build GRE
Enable radio
68
AP 開機畫面
請在二秒內按enter
69
AP setting command
清空指令 purge
修改ap 的ip
setenv ipaddr x.x.x.x
setenv netmask x.x.x.x
setenv gatewayip x.x.x.x
setenv name xxx
存檔save
顯示設定print
重開 boot
70
除錯及查看訊息
71
查看AP 狀態
72
查看Cilent
73
備份設定檔及更新韌體
74
備份設定檔
備份startup config至tftp server
1
2 Ip address:x.x.x.x
File name: xxxx.cfg
3
75
回復設定檔
1
2
3
76
更新韌體
檢查目前韌體使用的boot partition
77
更新韌體
1
2
3
4
78
Q&A
79
THANK YOU !!
80