ARUBA 無線網路教育訓練 蔡億慶 francis@netease.com.tw
Agenda 設備外觀介紹 基礎操作介面介紹 運作原理說明 無線網路基本設定 Mesh 設定 AP 設定 除錯及查看訊息 Q&A
設備外觀介紹
機器外觀介紹 Aruba controller 620
機器外觀介紹 AP 125 天線 PoE Ethernet AP 125
基礎操作介面介紹
基礎操作介面介紹 Monitoring Configuration Diagnostics Maintenance Plan Events Reports
基礎操作介面介紹 Monitoring -Network -Controller -WLAN -Voice -Debug
基礎操作介面介紹 Configuration -Wizards -Network -Security -Wireless -Management -Advanced Services
基礎操作介面介紹 Diagnostics -Network -General -Access Point
基礎操作介面介紹 Maintenance -Controller -File -WLAN
運作原理說明
L2 Deployment In a L2 deployment, WLAN controller acts as an Ethernet bridge After authentication, frames from client are bridged onto L2 network 802.1q VLANs can be used Clients can all be on same VLAN Client can be assigned to VLAN based on ESSID, location, or authentication result (802.1x) Uplink ports can be 802.1q tagged Or a different physical uplink port can be used per VLAN Address assignment through external DHCP server normally (internal DHCP server available) Client broadcasts for DHCP, controller bridges the broadcast on user’s VLAN
Theory of Operations VLAN 14 10.1.11.36 AP4/2nd Floor 10.1.11.42 Second Floor 10.1.11.42 AP3/2nd Floor 10.1.11.36 AP4/2nd Floor 11 VLAN 14 First Floor 10.1.10.96 AP1/1st Floor 10.1.10.68 AP2/1st Floor 10 Data Center 14 VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 DHCP E-mail
Theory of Operations VLAN 101 VLAN 100 150-200 Users per VLAN Second Floor 10.1.11.36 AP4/2nd Floor 11 VLAN 101 VLAN 100 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 Switch vlan 100: 10.1.100.1/24 vlan 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller vlan 14: 10.1.14.6/24 loopback: 10.1.14.7/32 vlan 100 vlan 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail
Theory of Operations GRE 14 100 10.1.11.36 AP4/2nd Floor DHCP Request Second Floor GRE 10.1.11.36 AP4/2nd Floor 14 100 SIP: 10.96 DIP: 14.7 DHCP Request 802.3 802.11 802.3 11 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail
Theory of Operations GRE 14 100 10.1.11.36 DHCP Reply AP4/2nd Floor Second Floor GRE 10.1.11.36 AP4/2nd Floor 14 100 SIP: 14.7 DIP: 10.96 DHCP Reply 10.1.100.32 802.3 802.11 802.3 11 10.1.11.42 AP3/2nd Floor First Floor 10.1.10.68 AP2/1st Floor 10.1.100.32 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail
Theory of Operations GRE 14 10.1.11.36 AP4/2nd Floor 10.1.11.42 Second Floor 10.1.11.36 AP4/2nd Floor 11 10.1.11.42 AP3/2nd Floor GRE First Floor 10.1.100.32 14 100 SIP: 11.42 DIP: 14.7 DHCP Renew 10.1.100.32 802.3 10.1.10.68 AP2/1st Floor 802.3 802.11 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail
Theory of Operations GRE 14 10.1.11.36 AP4/2nd Floor 10.1.11.42 Second Floor 10.1.100.32 10.1.11.36 AP4/2nd Floor 11 10.1.11.42 AP3/2nd Floor GRE First Floor 14 100 SIP: 14.7 DIP: 11.42 DHCP Reply 10.1.100.32 802.3 802.11 802.3 10.1.10.68 AP2/1st Floor 10 10.1.10.96 AP1/1st Floor Layer 3 switch VLAN 100: 10.1.100.1/24 VLAN 101: 10.1.101.1/24 Data Center 14 802.1q 14, 100, 101 Mobility Controller VLAN 14: 10.1.14.6/24 loopback: 10.1.14.7/32 VLAN 100 VLAN 101 ap group “1st Floor” vlan 100 ap group “2nd Floor” vlan 101 DHCP E-mail
無線網路基本設定
登入Controller 使用GUI https://x.x.x.x:4343 default IP address :172.16.0.254 使用CLI 將console 控制線接至controller serial port serial setting 9600 8 n 1
Groups and Properties AP Group Wireless LAN RF Management AP QoS IDS Virtual AP Properties a/g Radio Settings System Profile VoIP SSID RF Optimizations Ethernet a/g Management AAA Regulatory Virtual AP Properties SNMP SSID AAA
Profiles (cont.)
設定範例 在實驗室中,為了安全考量,SSID分類為 student:WPA2-PSK Guest:web authentication,不能存取student vlan Vlan 分配: student :Vlan 1 IP 192.168.1.0/24 Guest :Vlan 11 IP 192.168.11.0/24
範例架構說明 無線存取架構 Internet 2.4 or 5 Ghz 192.168.1.250/24 192.168.1.254/24 Firewall or IP sharing Switch Internet 192.168.1.250/24 192.168.1.254/24 2.4 or 5 Ghz 192.168.1.249/24
設定步驟 新增student and Guest Vlan 、IP、DHCP 新增student及Guest SSID 設定student 屬性、role 設定Guest firewall policy、role 新增student及Guest aaa profile 新增student及Guest Virtual AP profile 新增Group 新增AP
新增student and Guest Vlan Network->Vlan->add 新增Guest vlan 11,選擇2-3為access port Apply
設定student Vlan IP 設定vlan 1 IP address 下圖紅框 Apply 1 192.168.1.254 255.255.255.0
設定Guest Vlan IP 設定vlan 11 IP address 下圖紅框1 下圖紅框2,啟用NAT Apply 11 2 192.168.11.254 255.255.255.0 1 3
新增Guest DHCP 4 1 5 2 Guest 192.168.11.254 8.8.8.8 192.168.11.0 255.255.255.0 3
新增 student及Guest SSID 先在藍框處輸入 SSID-student->Add 新增完SSID-student,在藍框處輸入SSID-Guest->Add
編輯 student SSID 點選SSID-student->編輯內容 1 2 3 4
編輯Guest SSID 點選SSID-Guest->編輯內容 1 2 3
設定Guest firewall policy 1 2 3 新增阻斷存取192.168.1.0/24 ACL 新增上網連線ACL
設定Guest firewall policy、role
編輯Guest role 編輯Guest role
編輯Guest role 新增deny_student policy 1 編輯Guest role 2 3
編輯Guest role 4 5 設定Captive portal profile :default
新增student及Guest aaa profile 先在藍框處輸入 AAA-student->Add 新增完AAA-student,在藍框處輸入AAA-Guest->Add
編輯student aaa profile 點選AAA-Student->編輯內容 將authenticated role 套用至AAA-Student profile,802.1x authentication default role 1 2 3
編輯student aaa profile 設定802.1x authentication profile 選擇default-psk 2 3
編輯Guest aaa profile 點選AAA-Guest->編輯內容 將guest role 套用至AAA-Guest profile Intial role 1 2 3
新增student及Guest Virtual AP profile 先在藍框處輸入 VAP-student->Add 新增完VAP-student,在藍框處輸入VAP-Guest->Add
編輯VAP-Student profile 新增VAP-Student VLAN 1 1 2 3
編輯VAP-Student profile 設定VAP-Student AAA profile 選擇AAA profile AAA-student 2 1 3
編輯VAP-Student profile 設定VAP-Student SSID profile 選擇SSID profile SSID-student 2 1 3
編輯VAP-Guest profile 新增VAP-Guest VLAN 11 1 2 3
編輯VAP-Guest profile 設定VAP-Guest SSID profile 選擇SSID profile SSID-Guest 設定VAP-Guest AAA profile 選擇AAA profile AAA-Guest 1 2 3
新增Group 新增AP Group:5F-study 編輯5F-study 2 3 1
編輯5F-study 新增VAP-Student and VAP-Guest 1 2 3
設定AP 將AP加入Group 1 4 5 2 3
設定AP 1 2
3 4修改AP name 5
MESH 設定
範例架構說明 Mesh架構 Internet 2.4Ghz 5Ghz 192.168.1.254/24 192.168.1.249/24 Firewall or IP sharing Internet 5Ghz 2.4Ghz 192.168.1.254/24 192.168.1.249/24 192.168.1.247/24 192.168.1.250/24 192.168.1.248/24
設定步驟 設定mesh profile 新增Group 設定AP 查看mesh 訊息
設定Mesh profile 新增Mesh Profile 設定加密:wpa2-psk-aes 1 2 5 3 6 4 7
編輯Mesh Radio Profile Reselection mode: 1、reselect-anytime 2、reselect-never 3、startup-subthreshold 4、subthreshold-only Metric algorithm: 1 、 best-link-rssi 2 、distributed-tree-rssi
新增Mesh Group
編輯Mesh Group 1 3 2 4 新增Mesh Profile
設定AP 新增Mesh AP 將AP加入Mesh Group 1 4 5 2 3
設定Mesh AP 選擇AP Group :mesh 1
設定Mesh portal 設定Mesh point 2設定mesh portal及mesh point IP setting 5 3 4
觀察Mesh AP狀態
觀察Mesh AP狀態 觀察Mesh Point topology
觀察Mesh AP狀態 使用CLI觀察Mesh AP狀態 #show ap mesh topology #show ap mesh active
AP 設定
Concept Review: AP Boot Process Acquire IP Address “Discover” a controller Update code if necessary Obtain configuration information Build GRE Enable radio
AP 開機畫面 請在二秒內按enter
AP setting command 清空指令 purge 修改ap 的ip setenv ipaddr x.x.x.x setenv netmask x.x.x.x setenv gatewayip x.x.x.x setenv name xxx 存檔save 顯示設定print 重開 boot
除錯及查看訊息
查看AP 狀態
查看Cilent
備份設定檔及更新韌體
備份設定檔 備份startup config至tftp server 1 Ip address:x.x.x.x File name: xxxx.cfg 3
回復設定檔 1 2 3
更新韌體 檢查目前韌體使用的boot partition
更新韌體 1 2 3 4
Q&A
Thank you !!