无线访客vlan问题

网络工程 转变 无线的 hp-procurve
2022-03-01 19:09:08

我正在尝试使用 VLAN 分离无线控制器的流量。我有一个配置为连接到 HP ProCurve 5412zl 交换机上的访客 VLAN 的 Cisco 4400 无线 LAN 控制器。控制器已配置为使用 Web 策略和身份验证。接口名称是guest-vlan,VLAN 标识符是10,IP 地址是192.168.101.2防火墙具有192.168.101.1IP 地址。

交换机配置:

Core Switch config:
hostname "Prod-Core"
module 1 type j8702a
module 2 type j8702a
module 3 type j8702a
module 4 type j8702a
module 5 type j9309a
module 6 type j8702a
mirror 1 port A24
fault-finder broadcast-storm sensitivity high
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
fault-finder link-flap sensitivity high
power-over-ethernet pre-std-detect ports F1-F24
timesync sntp
sntp unicast
sntp 60
sntp server priority 1 10.100.12.33
sntp server priority 2 10.100.12.32
time daylight-time-rule continental-us-and-canada
time timezone -360
web-management idle-timeout 900
ip access-list extended "vlan68-DEVEL_ACL"
     10 remark "ACL Applied to the vlan 68 interface (in)"
     11 remark "-----------------------------------------"
     12 remark "Allow traffic to flow within the DEVEL vlan"
     13 permit ip 10.100.68.0 0.0.3.255 10.100.68.0 0.0.3.255
     22 remark "Allow 80, 443 for Exchange and KBOX"
     23 remark "-----------------------------------------"
     24 permit tcp 10.100.68.0 0.0.3.255 10.100.15.40 0.0.0.0 eq 80
     25 permit tcp 10.100.68.0 0.0.3.255 10.100.15.40 0.0.0.0 eq 443
     26 permit tcp 10.100.68.0 0.0.3.255 10.100.15.91 0.0.0.0 eq 80
     27 permit tcp 10.100.68.0 0.0.3.255 10.100.15.91 0.0.0.0 eq 443
     28 permit tcp 10.100.68.0 0.0.3.255 10.100.15.98 0.0.0.0 eq 80
     29 permit tcp 10.100.68.0 0.0.3.255 10.100.15.98 0.0.0.0 eq 443
     30 remark "Block 80, 443"
     31 remark "-----------------------------------------"
     32 deny tcp 10.100.68.0 0.0.3.255 10.100.12.0 0.0.3.255 eq 80
     33 deny tcp 10.100.68.0 0.0.3.255 10.100.12.0 0.0.3.255 eq 443
     80 remark "Allow Other Dev to Prod traffic"
     81 remark "-------------------------------"
     82 permit ip 10.100.68.0 0.0.3.255 10.100.12.0 0.0.3.255
     90 remark "Allow Everything else (Internet)"
     91 remark "--------------------------------"
     92 permit ip 10.100.68.0 0.0.3.255 0.0.0.0 255.255.255.255
     100 remark "Allow return Internet traffic"
     101 remark "--------------------------------"
     102 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit
ip authorized-managers 10.100.12.0 255.255.252.0 access manager
ip default-gateway 10.100.12.1
ip route 0.0.0.0 0.0.0.0 10.100.12.1
ip routing
..........
..........
..........
snmp-server community "public" unrestricted
snmp-server host 10.100.13.130 community "public" trap-level critical
snmp-server contact "Dave Guyton - 2463" location "HQ"
vlan 1
   name "DEFAULT_VLAN"
   no untagged D1-D3,D7,D9,D11,D14,D16,E1-E4,F1-F24
   untagged A1-A24,B1-B24,C1-C24,D4-D6,D8,D10,D12-D13,D15,D17-D24
   ip address 10.100.12.10 255.255.252.0
   ip local-proxy-arp
   forbid D14,D16
   exit
vlan 5
   name "CharterInternetHA"
   untagged D1-D3
   no ip address
   forbid A1-A24,B3-B24,C1-C24,D5-D24
   exit
vlan 6
   name "AT&TInternetHA"
   untagged D7,D9,D11
   no ip address
   forbid A1-A24,B3-B24,C1-C24,D1-D6,D8,D10,D12-D24
   exit
vlan 7
   name "iSCSI VLAN"
   untagged E1-E4,F1-F24
   no ip address
   forbid A1-A24,B1-B24,C1-C24,D1-D24
   exit
vlan 10
   name "DMZ-Guest-WLAN"
   tagged D14,D16,D20
   no ip address
   exit
vlan 68
   name "DEVEL-68"
   tagged A19,D23-D24
   ip access-group "vlan68-DEVEL_ACL" in
   ip address 10.100.68.1 255.255.252.0
   ip local-proxy-arp
   exit
vlan 72
   name "VOICE"
   tagged D23-D24
   ip address 10.100.72.1 255.255.255.0
   ip local-proxy-arp
   dhcp-server
   exit
no spanning-tree bpdu-throttle
no autorun
no dhcp config-file-update
no dhcp image-file-update
dhcp-server pool "vlan72-Voice"
   authoritative
   default-router "10.100.72.1"
   dns-server "10.100.12.33,10.100.12.32"
   domain-name "memco.local"
   lease 08:00:00
   network 10.100.72.0 255.255.255.0
   option 4 ip "10.100.12.33,10.100.12.32"
   option 42 ip "10.100.12.33,10.100.12.32"
   option 156 ascii "ftpservers=10.100.13.16, layer2tagging=1, vlanid=72"
   range 10.100.72.75 10.100.72.253
   exit
dhcp-server enable<br/>

IP 路由条目:

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          10.100.12.1     1    static               1          1
  10.100.12.0/22     DEFAULT_VLAN    1    connected            1          0
  10.100.68.0/22     DEVEL-68        68   connected            1          0
  10.100.72.0/24     VOICE           72   connected            1          0
  127.0.0.0/8        reject               static               0          0
  127.0.0.1/32       lo0                  connected            1          0<br/>
0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇连接问题,站点到站点,VYOS 下一篇能够从路由器测试 AAA 到 Radius 服务器,但无法使用 AD 登录路由器