安全认证配置
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
102 ❖ [AC6005]interface Wlan-Ess 0 ❖ [AC6005-Wlan-Ess0]port hybrid untagged vlan 101 ❖ [AC6005-Wlan-Ess0]quit ❖ [AC6005]interface Wlan-Ess 1 ❖ [AC6005-Wlan-Ess1]port hybrid untagged vlan 102 ❖ [AC6005-Wlan-Ess1]quit ❖ [AC6005]interface Wlan-Ess 2 ❖ [AC6005-Wlan-Ess2]port hybrid untagged vlan 103
安全认证配置
[AC6005-wlan-view]service-set name vlan102 id 1 [AC6005-wlan-service-set-vlan102]wlan-ess 1 [AC6005-wlan-service-set-vlan102]ssid vlan102 [AC6005-wlan-service-set-vlan102]traffic-profile id 0 [AC6005-wlan-service-set-vlan102]security-profile id 2 [AC6005-wlan-service-set-vlan102]service-vlan 102 [AC6005-wlan-view]service-set name guest103 id 2 [AC6005-wlan-service-set-guest103]wlan-ess 2 [AC6005-wlan-service-set-guest103]ssid guest103 [AC6005-wlan-service-set-guest103]user-isolate [AC6005-wlan-service-set-guest103]traffic-profile id 0 [AC6005-wlan-service-set-guest103]security-profile id 0 [AC6005-wlan-service-set-guest103]service-vlan 103 [AC6005-wlan-view]radio-profile name 2g id 0 [AC6005-wlan-radio-prof-2g]wmm-profile id 0 [AC6005-wlan-view]ap 0 radio 0 [AC6005-wlan-radio-0/0]radio-profile id 0 Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y [AC6005-wlan-radio-0/0]service-set id 0 wlan 1 [AC6005-wlan-radio-0/0]service-set id 1 wlan 2 [AC6005-wlan-radio-0/0]service-set id 2 wlan 3
210235826010e6000881 ❖ [AC6005-wlan-ap-0]quit ❖ [AC6005-wlan-view]ap id 1 type-id 19 mac 1051-7235-ca60 sn
2102354196w0e9002266
安全认证配置
❖ [AC6005-wlan-view]wmm-profile name wmm id 0 ❖ [AC6005-wlan-view]traffic-profile name tra id 0 ❖ [AC6005-wlan-view] security-profile name open id 0 ❖ [AC6005-wlan-view]security-profile name wep40 id 1 ❖ [AC6005-wlan-sec-prof-wep40]wep authentication-method
安全认证配置
❖ [AC6005-wlan-view]ap 1 radio 0 ❖ [AC6005-wlan-radio-1/0]radio-profile id 0 ❖ Warning: Modify the Radio type may cause some parameters of
Radio resume default value, are you sure to continue?[Y/N]:y ❖ [AC6005-wlan-radio-1/0]channel 20mhz 6 ❖ [AC6005-wlan-radio-1/0]service-set id 0 wlan 1 ❖ [AC6005-wlan-radio-1/0]service-set id 1 wlan 2 ❖ [AC6005-wlan-radio-1/0]service-set id 2 wlan 3 ❖ [AC6005-wlan-view]commit all ❖ Warning: Committing configuration may cause service
安全认证配置
❖ [AC6005]interface Vlanif 101 ❖ [AC6005-Vlanif101]ip add 10.1.101.1 24 ❖ [AC6005-Vlanif101]dhcp select interface ❖ [AC6005-Vlanif101]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 102 ❖ [AC6005-Vlanif102]ip add 10.1.102.1 24 ❖ [AC6005-Vlanif102]dhcp select interface ❖ [AC6005-Vlanif102]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 103 ❖ [AC6005-Vlanif103]ip add 10.1.103.1 24 ❖ [AC6005-Vlanif103]dhcp select interface ❖ [AC6005-Vlanif103]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 200 ❖ [AC6005-Vlanif200]ip add 10.1.200.2 24 ❖ [AC6005]interface GigabitEthernet 0/0/1 ❖ [AC6005-GigabitEthernet0/0/1]port link-type access ❖ [AC6005-GigabitEthernet0/0/1]port default vlan 200
share-key ❖ [AC6005-wlan-sec-prof-wep40]wep key wep-40 pass-phrase 0
cipher 12345 ❖ [AC6005-wlan-view]security-profile name wpapsk id 2 ❖ [AC6005-wlan-sec-prof-wpapsk]security-policy wpa ❖ [AC6005-wlan-sec-prof-wpapsk]wpa authentication-method
安全认证配置
❖ [AC6005]interface GigabitEthernet 0/0/7 ❖ [AC6005-GigabitEthernet0/0/7]port link-type trunk ❖ [AC6005-GigabitEthernet0/0/7]port trunk pvid vlan 100 ❖ [AC6005-GigabitEthernet0/0/7]port trunk allow-pass vlan 100 to
安全认证配置
❖ [AC6005]ospf 1 ❖ [AC6005-ospf-1]area 0 ❖ [AC6005-ospf-1-area-0.0.0.0]network 10.1.200.2 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.0]quit ❖ [AC6005-ospf-1]area 1 ❖ [AC6005Βιβλιοθήκη Baiduospf-1-area-0.0.0.1]network 10.1.100.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.101.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.102.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.103.1 0.0.0.0 ❖ [AC6005]wlan ❖ [AC6005-wlan-view]wlan ac source interface Vlanif 100 ❖ [AC6005-wlan-view]ap id 0 type-id 19 mac 30d1-7eeb-d460 sn
102 ❖ [AC6005]int GigabitEthernet 0/0/8 ❖ [AC6005-GigabitEthernet0/0/8]port link-type trunk ❖ [AC6005-GigabitEthernet0/0/8]port trunk pvid vlan 100 ❖ [AC6005-GigabitEthernet0/0/8]port trunk allow-pass vlan 100 to
psk pass-phrase cipher huaweipsk encryption-method ccmp ❖ 定义了3 种不同的认证方式,分别为open、WEP 与WPA ❖ [AC6005-wlan-view]service-set name vlan101 id 0 ❖ [AC6005-wlan-service-set-vlan101]wlan-ess 0 ❖ [AC6005-wlan-service-set-vlan101]ssid vlan101 ❖ [AC6005-wlan-service-set-vlan101]traffic-profile id 0 ❖ [AC6005-wlan-service-set-vlan101]security-profile id 1 ❖ [AC6005-wlan-service-set-vlan101]service-vlan 101
安全认证配置实训(1)
Open+WEP+WPA PSK方 式
安全认证配置
培训目标
❖ 实训项目目标
❖ 对于安全认证来说,也是无线比较重要的一块,在SOHO 级别以及小型 环境中,比较倾向于预共享的方式进行认证,也就是配置一个大家知道 的密码,输入后就能连接到无线网络,常用的有WEP、WPA、WPA2 ,WEP 已经渐渐的淘汰了,非常容易被破解,推荐的是WPA2 的AES ,对应小型环境或者SOHO 级别的来说还是比较容易部署的。当然认证 还有很多,比如基于MAC 地址认证、dot1x 方式或者portal 网页认 证等,这些方式会在后续陆续演示。
❖ 1、AC 的基本业务配置 ❖ 2、认证方式的配置
安全认证配置
安全认证配置
❖ 配置步骤
❖ 路由器配置: ❖ interface GigabitEthernet0/0/0 ❖ ip address 10.1.200.1 255.255.255.0 ❖ interface LoopBack100 ❖ ip address 100.100.100.100 255.255.255.255 ❖ ospf 1 router-id 1.1.1.1 ❖ default-route-advertise always ❖ area 0.0.0.0 ❖ network 10.1.200.1 0.0.0.0 ❖ AC配置: ❖ [AC6005]vlan batch 100 to 103 200 ❖ [AC6005]dhcp enable ❖ [AC6005]interface Vlanif 100 ❖ [AC6005-Vlanif100]ip add 10.1.100.1 24 ❖ [AC6005-Vlanif100]dhcp select interface
安全认证配置
[AC6005-wlan-view]service-set name vlan102 id 1 [AC6005-wlan-service-set-vlan102]wlan-ess 1 [AC6005-wlan-service-set-vlan102]ssid vlan102 [AC6005-wlan-service-set-vlan102]traffic-profile id 0 [AC6005-wlan-service-set-vlan102]security-profile id 2 [AC6005-wlan-service-set-vlan102]service-vlan 102 [AC6005-wlan-view]service-set name guest103 id 2 [AC6005-wlan-service-set-guest103]wlan-ess 2 [AC6005-wlan-service-set-guest103]ssid guest103 [AC6005-wlan-service-set-guest103]user-isolate [AC6005-wlan-service-set-guest103]traffic-profile id 0 [AC6005-wlan-service-set-guest103]security-profile id 0 [AC6005-wlan-service-set-guest103]service-vlan 103 [AC6005-wlan-view]radio-profile name 2g id 0 [AC6005-wlan-radio-prof-2g]wmm-profile id 0 [AC6005-wlan-view]ap 0 radio 0 [AC6005-wlan-radio-0/0]radio-profile id 0 Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y [AC6005-wlan-radio-0/0]service-set id 0 wlan 1 [AC6005-wlan-radio-0/0]service-set id 1 wlan 2 [AC6005-wlan-radio-0/0]service-set id 2 wlan 3
210235826010e6000881 ❖ [AC6005-wlan-ap-0]quit ❖ [AC6005-wlan-view]ap id 1 type-id 19 mac 1051-7235-ca60 sn
2102354196w0e9002266
安全认证配置
❖ [AC6005-wlan-view]wmm-profile name wmm id 0 ❖ [AC6005-wlan-view]traffic-profile name tra id 0 ❖ [AC6005-wlan-view] security-profile name open id 0 ❖ [AC6005-wlan-view]security-profile name wep40 id 1 ❖ [AC6005-wlan-sec-prof-wep40]wep authentication-method
安全认证配置
❖ [AC6005-wlan-view]ap 1 radio 0 ❖ [AC6005-wlan-radio-1/0]radio-profile id 0 ❖ Warning: Modify the Radio type may cause some parameters of
Radio resume default value, are you sure to continue?[Y/N]:y ❖ [AC6005-wlan-radio-1/0]channel 20mhz 6 ❖ [AC6005-wlan-radio-1/0]service-set id 0 wlan 1 ❖ [AC6005-wlan-radio-1/0]service-set id 1 wlan 2 ❖ [AC6005-wlan-radio-1/0]service-set id 2 wlan 3 ❖ [AC6005-wlan-view]commit all ❖ Warning: Committing configuration may cause service
安全认证配置
❖ [AC6005]interface Vlanif 101 ❖ [AC6005-Vlanif101]ip add 10.1.101.1 24 ❖ [AC6005-Vlanif101]dhcp select interface ❖ [AC6005-Vlanif101]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 102 ❖ [AC6005-Vlanif102]ip add 10.1.102.1 24 ❖ [AC6005-Vlanif102]dhcp select interface ❖ [AC6005-Vlanif102]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 103 ❖ [AC6005-Vlanif103]ip add 10.1.103.1 24 ❖ [AC6005-Vlanif103]dhcp select interface ❖ [AC6005-Vlanif103]dhcp server dns-list 202.106.0.20 ❖ [AC6005]interface Vlanif 200 ❖ [AC6005-Vlanif200]ip add 10.1.200.2 24 ❖ [AC6005]interface GigabitEthernet 0/0/1 ❖ [AC6005-GigabitEthernet0/0/1]port link-type access ❖ [AC6005-GigabitEthernet0/0/1]port default vlan 200
share-key ❖ [AC6005-wlan-sec-prof-wep40]wep key wep-40 pass-phrase 0
cipher 12345 ❖ [AC6005-wlan-view]security-profile name wpapsk id 2 ❖ [AC6005-wlan-sec-prof-wpapsk]security-policy wpa ❖ [AC6005-wlan-sec-prof-wpapsk]wpa authentication-method
安全认证配置
❖ [AC6005]interface GigabitEthernet 0/0/7 ❖ [AC6005-GigabitEthernet0/0/7]port link-type trunk ❖ [AC6005-GigabitEthernet0/0/7]port trunk pvid vlan 100 ❖ [AC6005-GigabitEthernet0/0/7]port trunk allow-pass vlan 100 to
安全认证配置
❖ [AC6005]ospf 1 ❖ [AC6005-ospf-1]area 0 ❖ [AC6005-ospf-1-area-0.0.0.0]network 10.1.200.2 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.0]quit ❖ [AC6005-ospf-1]area 1 ❖ [AC6005Βιβλιοθήκη Baiduospf-1-area-0.0.0.1]network 10.1.100.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.101.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.102.1 0.0.0.0 ❖ [AC6005-ospf-1-area-0.0.0.1]network 10.1.103.1 0.0.0.0 ❖ [AC6005]wlan ❖ [AC6005-wlan-view]wlan ac source interface Vlanif 100 ❖ [AC6005-wlan-view]ap id 0 type-id 19 mac 30d1-7eeb-d460 sn
102 ❖ [AC6005]int GigabitEthernet 0/0/8 ❖ [AC6005-GigabitEthernet0/0/8]port link-type trunk ❖ [AC6005-GigabitEthernet0/0/8]port trunk pvid vlan 100 ❖ [AC6005-GigabitEthernet0/0/8]port trunk allow-pass vlan 100 to
psk pass-phrase cipher huaweipsk encryption-method ccmp ❖ 定义了3 种不同的认证方式,分别为open、WEP 与WPA ❖ [AC6005-wlan-view]service-set name vlan101 id 0 ❖ [AC6005-wlan-service-set-vlan101]wlan-ess 0 ❖ [AC6005-wlan-service-set-vlan101]ssid vlan101 ❖ [AC6005-wlan-service-set-vlan101]traffic-profile id 0 ❖ [AC6005-wlan-service-set-vlan101]security-profile id 1 ❖ [AC6005-wlan-service-set-vlan101]service-vlan 101
安全认证配置实训(1)
Open+WEP+WPA PSK方 式
安全认证配置
培训目标
❖ 实训项目目标
❖ 对于安全认证来说,也是无线比较重要的一块,在SOHO 级别以及小型 环境中,比较倾向于预共享的方式进行认证,也就是配置一个大家知道 的密码,输入后就能连接到无线网络,常用的有WEP、WPA、WPA2 ,WEP 已经渐渐的淘汰了,非常容易被破解,推荐的是WPA2 的AES ,对应小型环境或者SOHO 级别的来说还是比较容易部署的。当然认证 还有很多,比如基于MAC 地址认证、dot1x 方式或者portal 网页认 证等,这些方式会在后续陆续演示。
❖ 1、AC 的基本业务配置 ❖ 2、认证方式的配置
安全认证配置
安全认证配置
❖ 配置步骤
❖ 路由器配置: ❖ interface GigabitEthernet0/0/0 ❖ ip address 10.1.200.1 255.255.255.0 ❖ interface LoopBack100 ❖ ip address 100.100.100.100 255.255.255.255 ❖ ospf 1 router-id 1.1.1.1 ❖ default-route-advertise always ❖ area 0.0.0.0 ❖ network 10.1.200.1 0.0.0.0 ❖ AC配置: ❖ [AC6005]vlan batch 100 to 103 200 ❖ [AC6005]dhcp enable ❖ [AC6005]interface Vlanif 100 ❖ [AC6005-Vlanif100]ip add 10.1.100.1 24 ❖ [AC6005-Vlanif100]dhcp select interface