1 / 80

ARUBA 無線網路教育訓練

ARUBA 無線網路教育訓練. 蔡億慶 francis@netease.com.tw. Agenda. 設備外觀介紹 基礎操作介面介紹 運作原理說明 無線網路基本設定 Mesh 設定 AP 設定 除錯及查看訊息 Q&A. 設備外觀介紹. 機器外觀介紹. Aruba controller 620. 機器外觀介紹. AP 125. 天線. AP 125. PoE Ethernet. 基礎操作介面介紹. 基礎操作介面介紹. Monitoring Configuration Diagnostics Maintenance Plan

ebesser
Download Presentation

ARUBA 無線網路教育訓練

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ARUBA 無線網路教育訓練 蔡億慶 francis@netease.com.tw

  2. Agenda 設備外觀介紹 基礎操作介面介紹 運作原理說明 無線網路基本設定 Mesh 設定 AP 設定 除錯及查看訊息 Q&A

  3. 設備外觀介紹

  4. 機器外觀介紹 Aruba controller 620

  5. 機器外觀介紹 AP 125 天線 AP 125 PoE Ethernet

  6. 基礎操作介面介紹

  7. 基礎操作介面介紹 • Monitoring • Configuration • Diagnostics • Maintenance • Plan • Events • Reports

  8. 基礎操作介面介紹 • Monitoring-Network-Controller-WLAN-Voice-Debug

  9. 基礎操作介面介紹 • Configuration-Wizards-Network-Security-Wireless-Management-Advanced Services

  10. 基礎操作介面介紹 • Diagnostics-Network-General-Access Point

  11. 基礎操作介面介紹 • Maintenance-Controller-File-WLAN

  12. 運作原理說明

  13. L2 Deployment • In a L2 deployment, WLAN controller acts as an Ethernet bridge • After authentication, frames from client are bridged onto L2 network • 802.1q VLANs can be used • Clients can all be on same VLAN • Client can be assigned to VLAN based on ESSID, location, or authentication result (802.1x) • Uplink ports can be 802.1q tagged • Or a different physical uplink port can be used per VLAN • Address assignment through external DHCP server normally (internal DHCP server available) • Client broadcasts for DHCP, controller bridges the broadcast on user’s VLAN

  14. Theory of Operations 10.1.11.36 AP4/2nd Floor 10.1.11.42 AP3/2nd Floor 10.1.10.68 AP2/1st Floor 10.1.10.96 AP1/1st Floor Second Floor 11 VLAN 14 First Floor 10 Data Center 14 VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 DHCP E-mail

  15. Theory of Operations 150-200 Users per VLAN VLAN 101 VLAN 100 Second Floor 10.1.11.36 AP4/2nd Floor 11 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 Switch vlan 100: 10.1.100.1/24 vlan 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller vlan 14: 10.1.14.6/24 loopback: 10.1.14.7/32 vlan 100 vlan 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail

  16. Theory of Operations 100 14 GRE Second Floor 10.1.11.36 AP4/2nd Floor SIP: 10.96 DIP: 14.7 DHCP Request 802.3 802.11 802.3 11 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail

  17. Theory of Operations 100 14 GRE Second Floor 10.1.11.36 AP4/2nd Floor SIP: 14.7 DIP: 10.96 DHCP Reply 10.1.100.32 802.3 802.3 802.11 11 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10.1.100.32 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail

  18. Theory of Operations 100 14 10.1.100.32 Second Floor 10.1.11.36 AP4/2nd Floor 11 10.1.11.42 AP3/2nd Floor GRE First Floor SIP: 11.42 DIP: 14.7 DHCP Renew 10.1.100.32 802.3 802.3 802.11 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail

  19. Theory of Operations 100 14 10.1.100.32 Second Floor 10.1.11.36 AP4/2nd Floor 11 10.1.11.42 AP3/2nd Floor GRE First Floor SIP: 14.7 DIP: 11.42 DHCP Reply 10.1.100.32 802.3 802.11 802.3 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail

  20. 無線網路基本設定

  21. 登入Controller • 使用GUIhttps://x.x.x.x:4343default IP address :172.16.0.254 • 使用CLI將console 控制線接至controller serial portserial setting9600 8 n 1

  22. Groups and Properties AP Group Wireless LAN RF Management AP QoS IDS Virtual AP Properties a/g Radio Settings System Profile VoIP SSID RF Optimizations Ethernet a/g Management AAA Regulatory Virtual AP Properties SNMP SSID AAA

  23. Profiles (cont.)

  24. 設定範例 • 在實驗室中,為了安全考量,SSID分類為student:WPA2-PSKGuest:web authentication,不能存取student vlan • Vlan 分配:student :Vlan 1 IP 192.168.1.0/24Guest :Vlan 11 IP 192.168.11.0/24

  25. 範例架構說明 • 無線存取架構 Internet 192.168.1.250/24 192.168.1.254/24 Firewall or IP sharing 2.4 or 5 Ghz Switch 192.168.1.249/24

  26. 設定步驟 • 新增student and Guest Vlan 、IP、DHCP • 新增student及Guest SSID • 設定student 屬性、role • 設定Guest firewall policy、role • 新增student及Guest aaa profile • 新增student及Guest Virtual AP profile • 新增Group • 新增AP

  27. 新增student and Guest Vlan • Network->Vlan->add • 新增Guest vlan 11,選擇2-3為access port • Apply

  28. 設定student Vlan IP • 設定vlan 1 IP address • 下圖紅框 • Apply 1 192.168.1.254 255.255.255.0

  29. 設定Guest Vlan IP • 設定vlan 11 IP address • 下圖紅框1 • 下圖紅框2,啟用NAT • Apply 11 2 192.168.11.254 255.255.255.0 1 3

  30. 新增Guest DHCP 4 1 5 2 Guest 192.168.11.254 8.8.8.8 192.168.11.0 255.255.255.0 3

  31. 新增 student及Guest SSID • 先在藍框處輸入 SSID-student->Add • 新增完SSID-student,在藍框處輸入SSID-Guest->Add

  32. 編輯 student SSID • 點選SSID-student->編輯內容 1 2 3 4

  33. 編輯Guest SSID • 點選SSID-Guest->編輯內容 1 2 3

  34. 設定Guest firewall policy • 新增阻斷存取192.168.1.0/24 ACL • 新增上網連線ACL 1 2 3

  35. 設定Guest firewall policy、role

  36. 編輯Guest role • 編輯Guest role

  37. 編輯Guest role • 新增deny_student policy 1 編輯Guest role 2 3

  38. 編輯Guest role • 設定Captive portal profile :default 4 5

  39. 新增student及Guest aaa profile • 先在藍框處輸入 AAA-student->Add • 新增完AAA-student,在藍框處輸入AAA-Guest->Add

  40. 編輯student aaa profile • 點選AAA-Student->編輯內容 • 將authenticated role 套用至AAA-Student profile,802.1x authentication default role 1 2 3

  41. 編輯student aaa profile • 設定802.1x authentication profile • 選擇default-psk 2 1 3

  42. 編輯Guest aaa profile • 點選AAA-Guest->編輯內容 • 將guest role 套用至AAA-Guest profile Intial role 1 2 3

  43. 新增student及Guest Virtual AP profile • 先在藍框處輸入 VAP-student->Add • 新增完VAP-student,在藍框處輸入VAP-Guest->Add

  44. 編輯VAP-Student profile • 新增VAP-Student VLAN 1 1 2 3

  45. 編輯VAP-Student profile • 設定VAP-Student AAA profile • 選擇AAA profile AAA-student 2 1 3

  46. 編輯VAP-Student profile • 設定VAP-Student SSID profile • 選擇SSID profile SSID-student 2 1 3

  47. 編輯VAP-Guest profile • 新增VAP-Guest VLAN 11 1 2 3

  48. 編輯VAP-Guest profile • 設定VAP-Guest SSID profile • 選擇SSID profile SSID-Guest • 設定VAP-Guest AAA profile • 選擇AAA profile AAA-Guest 1 2 3

  49. 新增Group • 新增AP Group:5F-study • 編輯5F-study 2 3 1

  50. 編輯5F-study • 新增VAP-Student and VAP-Guest 1 2 3

More Related