信息安全与攻防 之 DCWS 配置

  • 2019-05-30
  • 0
  • 0
1.无线控制器DCWS上配置管理VLAN为VLAN101,第二个地址作为AP的管理地址,配置AP二层手工注册并启用序列号认证,要求连接AP的接口禁止使用TRUNK
DCWS-6028(config-vlan10)#vlan 101
DCWS-6028(config-vlan101)#vlan 100
DCWS-6028(config-if-vlan101)#ip address 192.168.101.1 255.255.255.0
DCWS-6028(config-vlan100)#int e 1/0/3
DCWS-6028(config-if-ethernet1/0/3)#switchport mode hybrid
DCWS-6028(config-if-ethernet1/0/3)#switchport hybrid native vlan 101
DCWS-6028(config-if-ethernet1/0/3)#switchport hybrid allowed vlan 101 untag
DCWS-6028(config)#service dhcp
DCWS-6028(config)#ip dhcp pool vlan101

DCWS-6028(dhcp-vlan101-config)#network-address 192.168.101.0 255.255.255.0
DCWS-6028(dhcp-vlan101-config)#default-router 192.168.101.1

DCWS-6028(config)#ip dhcp pool vlan100
DCWS-6028(dhcp-vlan100-config)#network-address 192.168.100.0 255.255.255.0
DCWS-6028(dhcp-vlan100-config)#default-router 192.168.100.254
DCWS-6028(dhcp-vlan100-config)#exit
DCWS-6028(config)#int vlan 10
DCWS-6028(config-if-vlan100)#ip address 192.168.100.254 255.255.255.0

DCWS-6028#show ip dhcp binding                  #查看AC获取的ip和AP的mac地址
Total dhcp binding items: 1, the matched: 1
IP address Hardware address Lease expiration Type
192.168.101.2 00-03-0F-84-12-30 Mon Jan 02 00:15:00 2006 Dynamic

DCWS-6028(config-wireless)#ap authentication serial-num   #序列号认证

DCWS-6028#telnet 192.168.101.2                                  #进入AP

WLAN-AP login: admin                                                                                 
Password:admin

WLAN-AP# get system                                                #查看AP序列号

serial-number WL020420HC15000186                   #AP序列号

DCWS-6028(config-wireless)#ap database 00-03-0F-84-12-30
DCWS-6028(config-ap)#serial-num WL020420HC15000186   

2.无线控制器DCWS上配置DHCP服务,前十个地址为保留地址,无线用户VLAN10,20, 有线用户VLAN 30,40从DCWS上动态获取IP地址

DCWS-6028(config)#ip dhcp excluded-address 192.168.101.1 192.168.101.10

3.在NETWORK下配置SSID,需求如下:

1、设置SSID DCN2019,VLAN10,加密模式为wpa-personal,其口令为DCNE2011;

DCWS-6028(config)#wireless 
DCWS-6028(config-wireless)#network 1
DCWS-6028(config-network)#ssid DCN2019
DCWS-6028(config-network)#vlan 10

DCWS-6028(config-network)#security mode wpa-personal

DCWS-6028(config-network)#wpa key DCNE2011

2、设置SSID GUEST,VLAN20不进行认证加密,做相应配置隐藏该SSID

DCWS-6028(config-wireless)#network 2
DCWS-6028(config-network)#ssid GUEST
DCWS-6028(config-network)#vlan 20
DCWS-6028(config-network)#hide-ssid

3.配置SSID GUEST每天早上0点到6点禁止终端接入

DCWS-6028(config-network)#time-limit from 0:0 to 6:0 weekday all

4.在SSID DCN2019下启动组播转单播功能, 当某一组播组的成员个数超过8个时组播M2U功能就会关闭

DCWS-6028(config-network)#m2u threshold 8

5.开启ARP抑制功能,开启自动强制漫游功能、动态黑名单功能

DCWS-6028(config-network)#arp-suppression

DCWS-6028(config-wireless)#force-roaming mode auto

DCWS-6028(config-wireless)#dynamic-blacklist


评论

还没有任何评论,你来说两句吧