网络设备安装与调试（eNSP）（AIGC版）课后习题答案-项目6

练习题1．选择题（1）答案：D解析IEEE802.11是无线局域网WLAN标准。IEEE802.3：以太网有线标准；IEEE802.4：令牌总线网；IEEE802.5：令牌环网。（2）答案：B解析安全性排序：WPA>WEP>MAC过滤>开放验证WEP加密漏洞多，极易被破解；WPA相比WEP做了加密和认证升级，安全性更高；MAC地址过滤只是接入控制，易伪造，加密安全性远不如WPA；开放系统验证无任何加密，完全不设防。（3）答案：B解析无线AC+AP组网中，DHCPOption43专门用于给AP下发AC控制器IP地址，实现AP发现AC。其他选项都不是AP获取AC地址的标准Option字段。2．实训题某公司的无线网络原来采用的是一台AC对全网的AP进行控制，但随着公司业务的发展，无线网络已承载公司部分生产业务。因此，为了保证生产业务的稳定运行，该公司决定采用双AC+双AP的设计方案。网络拓扑如图6-14所示，AC数据规划表如表6-12所示，设备的端口和IP地址规划表如表6-13所示。图6-14实训题的网络拓扑图表6-12AC数据规划表配置项数据AP管理VLANVLAN99L2SW管理VLANVLAN100STA业务VLANVLAN10DHCP服务器汇聚交换机（L3SW）作为AP和STA的DHCP服务器；STA的默认网关为172.16.10.254/24AP的IP地址池172.16.99.3~172.16.99.253/24STA的IP地址池172.16.10.1~172.16.10.253/24AC1的源端口IP地址VLANIF99:172.16.99.1/24AC2的源端口IP地址VLANIF99:172.16.99.2/24AP组名称：ap-group；引用模板：VAP模板wlan-net、域管理模板default安全模板名称：wlan-net；安全策略：WPA-WPA2+PSK+AES；密码：a1234567域管理模板名称：wlan-net；国家码：CNSSID模板名称：wlan-net；SSID的名称：wlan-netVAP模板名称：wlan-net；转发模式：直接转发；业务VLAN：VLAN10；引用模板：SSID模板wlan-net、安全模板wlan-net表6-13设备的端口和IP地址规划表设备端口IP地址备注L3SWVLAN99172.16.99.254/24AP管理IP地址的网关172.16.99.3~172.16.99.253DHCP分配VLAN100172.16.100.254/24L2SW管理地址VLAN101172.16.101.3/24与AC互联地址段VLAN10172.16.10.254/24无线用户网关L2SWVLAN100172.16.100.2/24与L3SW互联地址AC1VLAN99172.16.99.1/24CAPWAP隧道源地址VLAN101172.16.101.1/24与L3SW互联地址AC2VLAN99172.16.99.2/24CAPWAP隧道源地址VLAN101172.16.101.2/24与L3SW互联地址AP1VLAN99DHCPAP管理地址AP2VLAN99DHCPAP管理地址STA1无线端口DHCP网关为172.16.10.254/24STA2无线端口DHCP网关为172.16.10.254/24关键步骤提示如下：（1）实现各设备的基础配置。（2）配置WLAN业务参数。（3）配置AP上线。（4）配置DHCP服务。（5）配置高可用AC的热备。（6）配置高可用AP的负载均衡功能。配置步骤如下：子任务一网络的基础配置1、在L3SW交换机上配置<Huawei><Huawei>system-view[Huawei]sysnameL3SW[L3SW]undoinfo-centerenable[L3SW]vlanbatch1099100101[L3SW]interfaceGigabitEthernet0/0/1[L3SW-GigabitEthernet0/0/1]portlink-typetrunk[L3SW-GigabitEthernet0/0/1]porttrunkallow-passvlan1099101[L3SW-GigabitEthernet0/0/1]quit[L3SW]interfaceGigabitEthernet0/0/2[L3SW-GigabitEthernet0/0/2]portlink-typetrunk[L3SW-GigabitEthernet0/0/2]porttrunkallow-passvlan1099101[L3SW-GigabitEthernet0/0/2]quit[L3SW]interfaceGigabitEthernet0/0/24[L3SW-GigabitEthernet0/0/24]portlink-typetrunk[L3SW-GigabitEthernet0/0/24]porttrunkallow-passvlan1099100[L3SW-GigabitEthernet0/0/24]quit[L3SW]dhcpenable[L3SW]interfaceVlanif10[L3SW-Vlanif10]ipaddress172.16.10.254255.255.255.0[L3SW-Vlanif10]dhcpselectinterface[L3SW-Vlanif10]quit[L3SW]interfaceVlanif99[L3SW-Vlanif99]ipaddress172.16.99.254255.255.255.0[L3SW-Vlanif99]dhcpselectinterface[L3SW-Vlanif99]quit[L3SW]interfaceVlanif100[L3SW-Vlanif100]ipaddress172.16.100.254255.255.255.0[L3SW-Vlanif100]quit[L3SW]interfaceVlanif101[L3SW-Vlanif101]ipaddress172.16.101.3255.255.255.0[L3SW-Vlanif101]quit<L3SW>save2、在L2SW交换机上配置<Huawei>system-view[Huawei]sysnameL2SW[L2SW]vlanbatch1099100[L2SW]interfaceGigabitEthernet0/0/1[L2SW-GigabitEthernet0/0/1]portlink-typetrunk[L2SW-GigabitEthernet0/0/1]porttrunkallow-passvlan1099100[L2SW-GigabitEthernet0/0/1]quit[L2SW]interfaceEthernet0/0/1[L2SW-Ethernet0/0/1]portlink-typetrunk[L2SW-Ethernet0/0/1]porttrunkpvidvlan99[L2SW-Ethernet0/0/1]porttrunkallow-passvlan1099[L2SW-Ethernet0/0/1]quit[L2SW]interfaceEthernet0/0/2[L2SW-Ethernet0/0/2]portlink-typetrunk[L2SW-Ethernet0/0/2]porttrunkpvidvlan99[L2SW-Ethernet0/0/2]porttrunkallow-passvlan1099[L2SW-Ethernet0/0/2]quit[L2SW]interfaceVlanif100[L2SW-Vlanif100]ipaddress172.16.100.2255.255.255.0[L2SW-Vlanif100]quit[L2SW]iproute-static0.0.0.00.0.0.0172.16.100.254<L2SW>save3、在AC1上配置<AC6605>system-view[AC6605]undoinfo-centerenable[AC6605]sysnameAC1[AC1]vlanbatch1099101[AC1]interfaceGigabitEthernet0/0/1[AC1-GigabitEthernet0/0/1]portlink-typetrunk[AC1-GigabitEthernet0/0/1]porttrunkallow-passvlan1099101[AC1-GigabitEthernet0/0/1]quit[AC1]interfaceVlanif101[AC1-Vlanif101]ipaddress172.16.101.1255.255.255.0[AC1-Vlanif101]quit[AC1]interfaceVlanif99[AC1-Vlanif99]ipaddress172.16.99.1255.255.255.0[AC1-Vlanif99]quit[AC1]iproute-static0.0.0.00.0.0.0172.16.101.3[AC1]quit<AC1>save在AC2上配置<AC6005>system-view[AC6005]undoinfo-centerenable[AC6005]sysnameAC2[AC2]vlanbatch1099101[AC2]interfaceGigabitEthernet0/0/2[AC2-GigabitEthernet0/0/2]portlink-typetrunk[AC2-GigabitEthernet0/0/2]porttrunkallow-passvlan1099101[AC2-GigabitEthernet0/0/2]quit[AC2]interfaceVlanif101[AC2-Vlanif101]ipaddress172.16.101.2255.255.255.0[AC2-Vlanif101]quit[AC2]interfaceVlanif99[AC2-Vlanif99]ipaddress172.16.99.2255.255.255.0[AC2-Vlanif99]quit[AC2]iproute-static0.0.0.00.0.0.0172.16.101.35、子任务1验证（1）在L3SW上查看接口信息。确认三层交换机VLANIF接口IP配置正确、物理与协议状态均为UP，确保网络层互通基础正常。Vlanif10、Vlanif99、Vlanif100、Vlanif101接口IP地址与规划一致，且Physical、Protocol均为UP，接口工作正常。在L3SW上查看DHCP服务状态。确认DHCP服务已启用，地址池正常接收客户端请求并分配IP。DHCP服务正常运行，可正常为AP与STA分配IP地址。（3）测试L2SW管理地址的连通性确认L3SW与L2SW管理网段路由可达、二层Trunk正常。L3SW可以正常Ping通L2SW管理地址172.16.100.2，二层互通正常，路由配置正确。（4）在L2SW上用“displayportvlan”命令查看VLAN信息确认端口链路类型、PVID、Trunk允许通过的VLAN与规划一致。AP端口Ethernet0/0/1、0/0/2：Trunk类型，PVID99，放通VLAN10、99上联口GigabitEthernet0/0/1：放通VLAN10、99、100端口配置完全符合规划。在L2SW上使用“displayiprouting-table”命令查看路由表。确认默认路由正确指向L3SW，确保跨网段访问正常。存在默认路由0.0.0.0/0，下一跳为172.16.100.254（L3SW），路由配置正确。（6）在AC2上使用“displayipinterfacebrief”命令查看接口信息。确认AC2的Vlanif99、Vlanif101IP配置正确、接口UP。AC2管理地址与互联地址配置正确，接口状态全UP。（7）在AC2上查看路由表。确认AC2默认路由指向L3SW，确保能到达AP管理网段与用户网段。默认路由指向172.16.101.3（L3SW），AC路由配置正确。AC2pingAP网关(172.16.99.254)。确认AC与AP管理网段互通，CAPWAP隧道可正常建立。AC2与AP管理网关互通正常，CAPWAP隧道建立条件满足。（9）用同样的方法在AC1上验证子任务二WLAN配置1、在AC1上配置[AC1]wlan[AC1-wlan-view]apauth-modeno-auth[AC1-wlan-view]regulatory-domain-profilenamedefault[AC1-wlan-regulate-domain-default]country-codecn[AC1-wlan-regulate-domain-default]quit[AC1-wlan-view]ssid-profilenamewlan-net[AC1-wlan-ssid-prof-wlan-net]ssidwlan-net[AC1-wlan-ssid-prof-wlan-net]quit[AC1-wlan-view]security-profilenamewlan-net[AC1-wlan-sec-prof-wlan-net]securitywpa-wpa2pskpass-phrasea1234567aes[AC1-wlan-sec-prof-wlan-net]quit[AC1-wlan-view]vap-profilenamewlan-net[AC1-wlan-vap-prof-wlan-net]forward-modedirect-forward[AC1-wlan-vap-prof-wlan-net]service-vlanvlan-id10[AC1-wlan-vap-prof-wlan-net]ssid-profilewlan-net[AC1-wlan-vap-prof-wlan-net]security-profilewlan-net[AC1-wlan-vap-prof-wlan-net]quit[AC1-wlan-view]ap-groupnameap-group[AC1-wlan-ap-group-ap-group]regulatory-domain-profiledefault[AC1-wlan-ap-group-ap-group]vap-profilewlan-netwlan1radio0[AC1-wlan-ap-group-ap-group]vap-profilewlan-netwlan1radio1[AC1-wlan-ap-group-ap-group]quit[AC1-wlan-view]quit[AC1]capwapsourceinterfacevlanif99[AC1-wlan-view]ap-id1[AC1-wlan-ap-1]ap-nameAp1[AC1-wlan-ap-1]ap-groupap-group[AC1-wlan-ap-1]quit[AC1-wlan-view]ap-id0[AC1-wlan-ap-0]ap-nameAP2[AC1-wlan-ap-0]ap-groupap-group[AC1-wlan-ap-0]return2、在AC2上配置[AC2]wlan[AC2-wlan-view]apauth-modeno-auth[AC2-wlan-view]regulatory-domain-profilenamedefault[AC2-wlan-regulate-domain-default]country-codecn[AC2-wlan-regulate-domain-default]quit[AC2-wlan-view]ssid-profilenamewlan-net[AC2-wlan-ssid-prof-wlan-net]ssidwlan-net[AC2-wlan-ssid-prof-wlan-net]quit[AC2-wlan-view]security-profilenamewlan-net[AC2-wlan-sec-prof-wlan-net]securitywpa-wpa2pskpass-phrasea1234567aes[AC2-wlan-sec-prof-wlan-net]quit[AC2-wlan-view]vap-profilenamewlan-net[AC2-wlan-vap-prof-wlan-net]forward-modedirect-forward[AC2-wlan-vap-prof-wlan-net]service-vlanvlan-id10[AC2-wlan-vap-prof-wlan-net]ssid-profilewlan-net[AC2-wlan-vap-prof-wlan-net]security-profilewlan-net[AC2-wlan-vap-prof-wlan-net]quit[AC2-wlan-view]ap-groupnameap-group[AC2-wlan-ap-group-ap-group]regulatory-domain-profiledefault[AC2-wlan-ap-group-ap-group]vap-profilewlan-netwlan1radio0[AC2-wlan-ap-group-ap-group]vap-profilewlan-netwlan1radio1[AC2-wlan-ap-group-ap-group]quit[AC2-wlan-view]quit[AC2]capwapsourceinterfacevlanif99#关闭AC，重启AP1和AP2[AC2]wlan[AC2-wlan-view]ap-id0[AC2-wlan-ap-0]ap-nameAP1[AC2-wlan-ap-0]ap-groupap-group[AC2-wlan-ap-0]quit[AC2-wlan-view]ap-id1[AC2-wlan-ap-1]ap-nameAP2[AC2-wlan-ap-1]ap-groupap-group[AC2-wlan-ap-1]quit3、子任务2验证（1）在AC1使用“displayapall”命令查看已注册的AP信息。确认AP1、AP2成功与AC1建立CAPWAP隧道，AP状态正常，可被AC统一管理。AP1、AP2均成功上线，状态为normal，已加入AP组ap-group，CAPWAP隧道建立正常。（2）在AC1上使用“displayvap-profileall”命令查看VAP文件信息确认WLAN业务所需的VAP模板已创建，并被AP正常引用。VAP模板wlan-net已创建成功，被2次引用，模板配置生效。在AC1查看AP2配置信息。确认AP2已加入指定AP组，参数下发正确。AP2已成功加入ap-group，国家码、VAP模板等配置均与规划一致。（4）用同样的方法在AC2上验证。（5）检查WLAN配置下发结果。确认SSID、安全策略、转发模式、业务VLAN已正确下发至AP。WLAN配置全部正确下发：直接转发、业务VLAN10、SSID:wlan-net、安全策略正常绑定。（6）STA查看IP地址（ipconfig）确认无线终端从DHCP获取到正确的业务网段IP、网关、掩码。STA成功获取172.16.10.0/24网段IP，网关、掩码正确，DHCP与WLAN业务正常。（7）AC1ping无线用户网关172.16.10.254。验证AC到无线用户网关三层路由可达，业务流量转发通路正常。<AC1>ping172.16.10.254PING172.16.10.254:56databytes,pressCTRL_CtobreakReplyfrom172.16.10.254:bytes=56Sequence=1ttl=255time=30msReplyfrom172.16.10.254:bytes=56Sequence=2ttl=255time=20msReplyfrom172.16.10.254:bytes=56Sequence=3ttl=255time=20msReplyfrom172.16.10.254:bytes=56Sequence=4ttl=255time=10msReplyfrom172.16.10.254:bytes=56Sequence=5ttl=255time=10msAC1到无线用户网关连通性正常、无丢包，三层路由与业务转发通路无误。子任务3高可用AC热备的配置1、双链路备份的配置[AC1]wlan [AC1-wlan-view]acprotectenable[AC1-wlan-view]acprotectprotect-ac172.16.101.2[AC1-wlan-view]acprotectpriority0[AC1-wlan-view]quit[AC1][AC2]wlan[AC2-wlan-view]acprotectenable[AC2-wlan-view]acprotectprotect-ac172.16.101.1[AC2-wlan-view]acprotectpriority5[AC2-wlan-view]quit[AC1-wlan-view]ap-resetall[AC1-wlan-view]quit2、双机热备功能配置[AC1]hsb-service0[AC1-hsb-service-0]service-ip-portlocal-ip172.16.101.1peer-ip172.16.101.2local-data-port10241peer-data-port10241[AC1-hsb-service-0]quit[AC1]hsb-service-typeaphsb-service0[AC1]hsb-service-typeaccess-userhsb-service0[AC2]hsb-service0[AC2-hsb-service-0]service-ip-portlocal-ip172.16.101.2peer-ip172.16.101.1local-data-port10241peer-data-port10241[AC2-hsb-service-0]quit[AC2]hsb-service-typeaphsb-service0[AC2]hsb-service-typeaccess-userhsb-service03、子任务3验证（1）在AC1上使用displayacprotect命令查看双链路备份的配置信息。确认AC双链路备份功能已开启，备份AC地址、优先级、自动回切配置正确。<AC1>displayacprotect------------------------------------------------------------Protectstate:enableProtectAC:172.16.101.2Priority:0Protectrestore:enableColdbackupkickoffstation:disable------------------------------------------------------------<AC1>AC1双链路备份已启用，备份AC为172.16.101.2，优先级0（备用），自动回切开启。（2）在AC2上使用displayacprotect命令查看双链路备份的配置信息。<AC2>displayacprotect------------------------------------------------------------Protectstate:enableProtectAC:172.16.101.1Priority:5Protectrestore:enableColdbackupkickoffstation:disable------------------------------------------------------------<AC2>AC2双链路备份已启用，备份AC为172.16.101.1，优先级5（主用），自动回切开启。（3）在AC1使用“displayhsb-service0”命令查看HSB主备服务状态。确认AC1与AC2的热备通道建立成功，服务状态为Connected。[AC1]displayhsb-service0HotStandbyServiceInformation:LocalIPAddress:172.16.101.1PeerIPAddress:172.16.101.2SourcePort:10241DestinationPort:10241KeepAliveTimes:5KeepAliveInterval:3ServiceState:ConnectedServiceBatchModules:APAccess-user[AC1]AC1的HSB服务已与AC2建立连接，通道正常，绑定AP与用户同步模块。（4）在AC2使用“displayhsb-service0”命令查看HSB主备服务状态。确认AC2侧HSB服务正常，与AC1主备通道双向连通。[AC2]displayhsb-service0HotStandbyServiceInformation:----------------------------------------------------------LocalIPAddress:172.16.101.2PeerIPAddress:172.16.101.1SourcePort:10241DestinationPort:10241KeepAliveTimes:5KeepAliveInterval:3ServiceState:ConnectedServiceBatchModules:APAccess-user----------------------------------------------------------[AC2]AC2的HSB服务状态为Connected，主备通道正常，可实时同步AP与用户信息。子任务4高可用AP负载均衡验证1、在AC1上配置[AC1]wlan[AC1-wlan-view]sta-load-balancestatic-groupnametest[AC1-wlan-sta-lb-static-test]memberap-id0[AC1-wlan-sta-lb-static-test]memberap-id1[AC1-wlan-sta-lb-static-test]start-threshold7[AC1-wlan-sta-lb-static-test]gap-threshold1[AC1-wlan-sta-lb-static-test]quit2、在AC2上配置[AC2]wlan[AC2-wlan-v