一、实验目的
1)掌握无线网络安全策略的配置
2)掌握mac认证---黑白名单配置,用户隔离等相关配置
二、实验仪器设备及软件
仪器设备:一台AC,两台AP,一台AR,一台LSW
软件:ENSP
三、实验原理
四、实验内容与步骤
1. AC配置: (基于旁挂组网隧道转发实验的基础配置)
AC:
配置无线网络密码:
<AC6005>sys
[AC6005]wlan
[AC6005-wlan-view]security-profile id 0
[AC6005-wlan-sec-prof-test]quit
[AC6005-wlan-view]security-profile name xw id 1
[AC6005-wlan-sec-prof-xw]security-policy wep
[AC6005-wlan-sec-prof-xw]wep authentication-method share-key
[AC6005-wlan-sec-prof-xw]wep key wep-40 pass-phrase 0 simple 12345
[AC6005-wlan-sec-prof-xw]wep default-key 0
[AC6005-wlan-sec-prof-xw]quit
[AC6005-wlan-view]security-profile id 1
[AC6005-wlan-sec-prof-xw]quit
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]security-profile id 1
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
mac认证---黑白名单之安全模式白名单:
[AC6005-wlan-view]sta-access-mode ap 0 whitelist
[AC6005-wlan-view]sta-whitelist 5489-98CF-526A
用户隔离:同一个 AP 上的用户不能互访,但能访问上层网络-isolate技术
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]user-isolate
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]undo user-isolate
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]quit
Traffic-Filter(ACL)---灵活控制全无线网络的访问控制,及无线的访问控制列表(当然也可以不使用无线访问控制列表,而在有线设备中使用常规访问控制列表,但在无线网络中做好控制会更加直接)
[AC6005]acl number 3000
[AC6005-acl-adv-3000]rule 5 deny ip destination 100.100.100.100 0
[AC6005-acl-adv-3000]quit
[AC6005]wlan
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]traffic-filter inbound acl 3000
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
五、实验结果与分析
1. 客户机通过密码连接无线网络:
2. ping包:
