五、(H3C)基于802.1x+AD+DHCP+NPS动态下发vlan 华三交换机配置
2013-07-30 00:39
597 查看
一、配置网络设备
以下为拓扑图
1、配置核心交换机(华为S7712)sysname Core-Switch 更改主机名vlan batch 31 32 222 223 批量创建vlanint vlan 32 创建管理vlan 32虚拟接口ip address 172.16.32.254 24 配置管理vlan 32 网关地址int vlan 31 创建服务器vlan 31虚拟接口ip address 172.16.31.254 24 配置服务器vlan 31 网关地址int vlan 222 创建业务vlan 222虚拟接口ip address 172.16.222.254 24 配置业务vlan 222 网关地址dhcp select relaydhcp relay server-ip 172.16.31.66 配置DHCP中服继务器为172.16.31.66int vlan 223 创建业务vlan 223虚拟接口ip address 172.16.223.254 24 配置业务vlan 223 网关地址dhcp select relaydhcp relay server-ip 172.16.31.66 配置DHCP中继服务器为172.16.31.66开启DHCP服务dhcp enableG10/0/1端口配置int G10/0/1description To 802.1x Switch-G1/0/24port link-type trunkport trunk pvid vlan 32port trunk allow-pass vlan allG10/0/2接口配置int G10/0/2description To Server Switch-G0/0/48port link-type trunkport trunk pvid vlan 32port trunk allow-pass vlan all2、配置服务器端交换机(S5700)sysname Server Switch更改主机名vlan batch 31 32 创建vlan 31、32int Vlan 32 创建管理VLAN 32虚拟接口ip address 172.16.32.252 24 配置管理IP地址配置默认路由ip route 0.0.0.0 0.0.0.0 172.16.32.254上联端口G0/0/48配置interface GigabitEthernet0/0/1description To Core-Switch-G10/0/2port link-type accessport default vlan 31连接服务器端口G0/0/1配置interface GigabitEthernet0/0/1description To Windows Server 2008 port link-type accessport default vlan 31 3、配置接入交换机 (华三S5120)
sysname 802.1x Switch 更改主机名vlan 32 创建管理VLAN 32vlan 222 to 223 创建业务VLAN 222和223int Vlan 32 创建管理VLAN 32虚拟接口ip address 172.16.32.253 24 配置管理IP为172.16.32.253/24创建radius 模版为test.comradius scheme test.comserver-type extendedprimary authentication 172.16.31.66primary accounting 172.16.31.66keyauthentication test.comkeyaccounting test.com创建域为test.comdomain test.comauthentication lan-access radius-schemetest.comauthorization lan-access radius-schemetest.comaccounting lan-access radius-scheme test.comaccess-limit disablestateactiveidle-cut disableself-service-url disable配置默认域domain default enable test.com全局开启dot1xdot1x配置dot1x验证方式 dot1x authentication-method eap开启DHCP 服务dhcp enable配置默认路由ip route 0.0.0.0 0.0.0.0 172.16.32.254配置接入的端口G1/0/1interface GigabitEthernet1/0/1description To Dynamic 802.1x-huan.yan-PCport link-type hybridundo port hybrid vlan 1port hybrid vlan 222 to 223 untaggedport hybrid pvid vlan 222undo dot1x handshakedot1x配置接入的端口G1/0/2interface GigabitEthernet1/0/2description To Dynamic 802.1x-obama-PCport link-type hybridundo port hybrid vlan 1port hybrid vlan 222 to 223 untaggedport hybrid pvid vlan 222undo dot1x handshakedot1x配置上联端口interface GigabitEthernet1/0/24description To Core-Switch-G10/0/1port link-type trunkport trunk permit vlan allport trunk pvid vlan 32网络设备全部配置完毕
本文出自 “yanhuan” 博客,请务必保留此出处http://yanhuan.blog.51cto.com/1761673/1260083
以下为拓扑图
1、配置核心交换机(华为S7712)sysname Core-Switch 更改主机名vlan batch 31 32 222 223 批量创建vlanint vlan 32 创建管理vlan 32虚拟接口ip address 172.16.32.254 24 配置管理vlan 32 网关地址int vlan 31 创建服务器vlan 31虚拟接口ip address 172.16.31.254 24 配置服务器vlan 31 网关地址int vlan 222 创建业务vlan 222虚拟接口ip address 172.16.222.254 24 配置业务vlan 222 网关地址dhcp select relaydhcp relay server-ip 172.16.31.66 配置DHCP中服继务器为172.16.31.66int vlan 223 创建业务vlan 223虚拟接口ip address 172.16.223.254 24 配置业务vlan 223 网关地址dhcp select relaydhcp relay server-ip 172.16.31.66 配置DHCP中继服务器为172.16.31.66开启DHCP服务dhcp enableG10/0/1端口配置int G10/0/1description To 802.1x Switch-G1/0/24port link-type trunkport trunk pvid vlan 32port trunk allow-pass vlan allG10/0/2接口配置int G10/0/2description To Server Switch-G0/0/48port link-type trunkport trunk pvid vlan 32port trunk allow-pass vlan all2、配置服务器端交换机(S5700)sysname Server Switch更改主机名vlan batch 31 32 创建vlan 31、32int Vlan 32 创建管理VLAN 32虚拟接口ip address 172.16.32.252 24 配置管理IP地址配置默认路由ip route 0.0.0.0 0.0.0.0 172.16.32.254上联端口G0/0/48配置interface GigabitEthernet0/0/1description To Core-Switch-G10/0/2port link-type accessport default vlan 31连接服务器端口G0/0/1配置interface GigabitEthernet0/0/1description To Windows Server 2008 port link-type accessport default vlan 31 3、配置接入交换机 (华三S5120)
sysname 802.1x Switch 更改主机名vlan 32 创建管理VLAN 32vlan 222 to 223 创建业务VLAN 222和223int Vlan 32 创建管理VLAN 32虚拟接口ip address 172.16.32.253 24 配置管理IP为172.16.32.253/24创建radius 模版为test.comradius scheme test.comserver-type extendedprimary authentication 172.16.31.66primary accounting 172.16.31.66keyauthentication test.comkeyaccounting test.com创建域为test.comdomain test.comauthentication lan-access radius-schemetest.comauthorization lan-access radius-schemetest.comaccounting lan-access radius-scheme test.comaccess-limit disablestateactiveidle-cut disableself-service-url disable配置默认域domain default enable test.com全局开启dot1xdot1x配置dot1x验证方式 dot1x authentication-method eap开启DHCP 服务dhcp enable配置默认路由ip route 0.0.0.0 0.0.0.0 172.16.32.254配置接入的端口G1/0/1interface GigabitEthernet1/0/1description To Dynamic 802.1x-huan.yan-PCport link-type hybridundo port hybrid vlan 1port hybrid vlan 222 to 223 untaggedport hybrid pvid vlan 222undo dot1x handshakedot1x配置接入的端口G1/0/2interface GigabitEthernet1/0/2description To Dynamic 802.1x-obama-PCport link-type hybridundo port hybrid vlan 1port hybrid vlan 222 to 223 untaggedport hybrid pvid vlan 222undo dot1x handshakedot1x配置上联端口interface GigabitEthernet1/0/24description To Core-Switch-G10/0/1port link-type trunkport trunk permit vlan allport trunk pvid vlan 32网络设备全部配置完毕
本文出自 “yanhuan” 博客,请务必保留此出处http://yanhuan.blog.51cto.com/1761673/1260083
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 一、基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (第1篇、准备工作及需求)
- 四、基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (第4篇、添加角色DHCP服务器并配置)
- 基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (第1篇、准备工作及需求)
- 六、基于802.1x+AD+NPS+DHCP动态下发VLAN配置 客户端配置
- 二、基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (第2篇、安装AD 2008并配置)
- 三、基于802.1x+AD+NPS+DHCP动态下发VLAN配置 (第3篇、添加角色NPS并设置)
- Spring + mybatis 基于注解方式的多数据源动态配置
- pgpool-II 2.10 故障节点动态恢复 基于pgpool-ii的集群配置(五)
- 基于Xilinx FPGA 的动态局部重配置(DPR)简介
- 两种交换机配置模式,以配置基于端口划分的VLAN为例
- 配置基于接口划分VLAN(静态配置链路类型)
- H3C VLAN的配置 VLAN配置实例
- H3C VLAN的配置 VLAN配置实例
- 基于maven的profile实现动态选择配置文件
- H3C S3100交换机配置VLAN和远程管理
- H3C 4250T的Vlan配置
- 跨多个交换机VLAN的配置方案设计(H3C)
- H3C VLAN 配置
- h3c 交换机配置VLAN和远程管理
- 基于cisco_vtp的vlan配置