無線網路安全的配置
一、實驗目的
1)掌握無線網路安全策略的配置
2)掌握mac認證---黑白名單配置,使用者隔離等相關配置
二、實驗儀器裝置及軟體
儀器裝置:一臺AC,兩臺AP,一臺AR,一臺LSW
軟體:ENSP
三、實驗原理
四、實驗內容與步驟
1. AC配置: (基於旁掛組網隧道轉發實驗的基礎配置)
AC:
配置無線網路密碼:
<AC6005>sys
[AC6005]wlan
[AC6005-wlan-view]security-profile id 0
[AC6005-wlan-sec-prof-test]quit
[AC6005-wlan-view]security-profile name xw id 1
[AC6005-wlan-sec-prof-xw]security-policy wep
[AC6005-wlan-sec-prof-xw]wep authentication-method share-key
[AC6005-wlan-sec-prof-xw]wep key wep-40 pass-phrase 0 simple 12345
[AC6005-wlan-sec-prof-xw]wep default-key 0
[AC6005-wlan-sec-prof-xw]quit
[AC6005-wlan-view]security-profile id 1
[AC6005-wlan-sec-prof-xw]quit
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]security-profile id 1
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
mac認證---黑白名單之安全模式白名單:
[AC6005-wlan-view]sta-access-mode ap 0 whitelist
[AC6005-wlan-view]sta-whitelist 5489-98CF-526A
使用者隔離:同一個 AP 上的使用者不能互訪,但能訪問上層網路-isolate技術
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]user-isolate
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]undo user-isolate
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]quit
Traffic-Filter(ACL)---靈活控制全無線網路的訪問控制,及無線的訪問控制列表(當然也可以不使用無線訪問控制列表,而在有線裝置中使用常規訪問控制列表,但在無線網路中做好控制會更加直接)
[AC6005]acl number 3000
[AC6005-acl-adv-3000]rule 5 deny ip destination 100.100.100.100 0
[AC6005-acl-adv-3000]quit
[AC6005]wlan
[AC6005-wlan-view]service-set id 0
[AC6005-wlan-service-set-vlan101]traffic-filter inbound acl 3000
[AC6005-wlan-service-set-vlan101]quit
[AC6005-wlan-view]commit all
五、實驗結果與分析
1. 客戶機通過密碼連線無線網路:
2. ping包: