H3C开局AC配置指导课件_第1页
H3C开局AC配置指导课件_第2页
H3C开局AC配置指导课件_第3页
H3C开局AC配置指导课件_第4页
H3C开局AC配置指导课件_第5页
已阅读5页,还剩4页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、行号配置解释备注1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331

2、341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332

3、342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333

4、34335336337338339340341342343344345346347348349350351<UBJZO-MB-WLAN-AC21-01>dis cur# version 5.20, Release 2308# sysname UBJZO-MB-WLAN-AC21-01# clock timezone GMT add 08:00:00# super password level 3 cipher X7A'-%9#+WZ/3:L02.;!Q!# nas device-id 1# domain default enable cmcc# telnet server

5、enable# user-isolation vlan 1101 enable user-isolation vlan 1101 permit-mac 0000-5e00-0102 user-isolation vlan 1801 enable user-isolation vlan 1801 permit-mac 0000-5e00-0103# port-security enable# dhbk enable backup-type symmetric-path dhbk vlan 4001 # portal server cmcc-edu ip 0 url ht

6、tp:/0:8080/portal/ server-type cmcc portal server cmcc ip 40 url 40:7080/index.php server-type cmcc portal free-rule 1 source any destination ip 0 mask 55 portal free-rule 2 source any destination ip 07 mask 5

7、5 portal free-rule 3 source any destination ip mask 55 portal free-rule 4 source any destination ip mask 55 portal free-rule 5 source ip mask 55 destination any portal free-rule 7 source any destination ip mask 255.2

8、55.255.255 portal free-rule 8 source any destination ip mask 55 portal free-rule 9 source ip mask 55 destination any portal free-rule 11 source interface Bridge-Aggregation1 destination any portal free-rule 15 source any destination ip 5

9、mask 55 portal free-rule 16 source any destination ip 00 mask 55 portal free-rule 19 source any destination ip 42 mask 55 portal free-rule 20 source any destination ip 17 mask 55 portal free-rule 21 source any des

10、tination ip 40 mask 55 portal device-id 0061.0716.270.00# hot-backup enable domain 1 hot-backup vlan 4001# wlan capture file-name SnifferRecord#vlan 1#vlan 160#vlan 164 to 166#vlan 1101 description UserClient_CMCC#vlan 1801 description UserClient_CMCC-EDU#vlan 4000 descriptio

11、n Mgmt-with-IpAddress#vlan 4001 description hot-backup-vlan#vlan 4002 description DHBK-VLAN#radius scheme cmcc server-type extended primary authentication 38 1645 primary accounting 38 1646 key authentication cipher abQuGU4cQTpZL8rzyG52eg= key accounting cipher abQuGU4cQTpZL8rz

12、yG52eg= user-name-format keep-original nas-ip 8 retry stop-accounting 10radius scheme hubei server-type extended primary authentication primary accounting key authentication cipher BaZ+2npa/d8fuhywwHL0Kw= key accounting cipher BaZ+2npa/d8fuhywwHL0Kw= nas-ip 21

13、8 retry stop-accounting 10#domain cmcc authentication portal radius-scheme cmcc authorization portal radius-scheme cmcc accounting portal radius-scheme cmcc access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain edu authentication portal radius-scheme hub

14、ei authorization portal radius-scheme hubei accounting portal radius-scheme hubei access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain system access-limit disable state active idle-cut disable self-service-url disable#dhcp server ip-pool ap_dhcp_server-1 network

15、 mask #dhcp server ip-pool ap_dhcp_server-2 network mask #dhcp server ip-pool ap_dhcp_server-3 network mask #dhcp server ip-pool userclent_dhcp_server-cmcc network mask gateway-list dns-l

16、ist 0 07 expired day 0 hour 1#dhcp server ip-pool userclient_dhcp_server-cmcc-edu network mask gateway-list dns-list 0 07 expired day 0 hour 1#user-group system group-attribute allow-guest#local-user jzyd password

17、simple JZyd123! authorization-attribute level 3 service-type ssh telnet service-type web#wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan

18、 service-template 1 clear ssid CMCC bind WLAN-ESS 1 service-template enable#wlan service-template 2 clear ssid CMCC-EDU bind WLAN-ESS 2 service-template enable#interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 400

19、1 stp disable#interface NULL0#interface Vlan-interface160 ip address 6 48 vrrp vrid 1 virtual-ip 8 vrrp vrid 1 priority 110 vrrp vrid 1 track 1#interface Vlan-interface164 description Gateway_of_ap-group-1 ip address #interface Vlan-inte

20、rface165 description Gateway_of_ap-group-2 ip address #interface Vlan-interface166 description Gateway_of_ap-group-3 ip address # interface Vlan-interface1101 description GateWay_of_CMCC ip address vrrp vrid 2 virtual-ip 10

21、.104.0.1 vrrp vrid 2 priority 110 vrrp vrid 2 track 1 reduced 20 portal server cmcc method direct portal nas-port-type wireless portal backup-group 1 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10#interface Vlan-interface1801 description GateWay_of_CMCC-EDU ip addre

22、ss vrrp vrid 3 virtual-ip vrrp vrid 3 priority 110 vrrp vrid 3 track 1 reduced 20 portal nas-port-type wireless portal backup-group 2 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10# interface Vlan-interface4000 ip address 192.16

23、8.100.1 #interface M-GigabitEthernet1/0/0 description MGMT ip address 54 48#interface Ten-GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface

24、Ten-GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface WLAN-ESS1 port access vlan 1101#interface WLAN-ESS2 port access vlan 1801#nqa entry wlan cmcc type icmp-echo destination ip

25、 5 frequency 2000 reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trap-only source ip 6#wlan ap test model WA2100 id 1 priority level 7 serial-id 210235A22WC07B000009 backup-ac ip radio 1 service-template 1 nas-id 3700071627000460 s

26、ervice-template 2 nas-id 3700071627000460 radio enable# dhcp-snooping# ip route-static 5# info-center logfile frequency 3600 info-center logfile size-quota 10# snmp-agent snmp-agent local-engineid 800063A203C4CAD9308D94 snmp-agent community read sbzg_)(321 snmp-agent comm

27、unity write yxzl_)(123 snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 20 params securityname public# track 1 nqa entry wlan cmcc reaction 1# dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip

28、dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp

29、server forbidden-ip # dhcp enable# nqa schedule wlan cmcc start-time now lifetime forever# ntp-service source-interface Vlan-interface160 ntp-service unicast-server 8 ntp-service unicast-server 5 ntp-service unicast-server 00 ntp-service unicast-server 6

30、4# ssh server enable# load xml-configuration#user-interface con 0user-interface aux 0 authentication-mode none user privilege level 3user-interface vty 0 4 authentication-mode scheme user privilege level 3#return系统名称,根据规划配置时区及时间配置超级密码配置主AC的device-id配为1,备用配为2默认认证域,配置为cmcc开启telnet服务器端,便于远程登录

31、开启VLAN 1101的用户隔离允许所有的用户与网关通信,该MAC地址为CMCC或者CMCC-EDU网关接口的VRRP组MAC。开启主备AC之间的DHCP地址池备份,不同AC板卡的主备需要采用不同的VLAN,以防止广播风暴。例如第二块板卡的dhbk vlan为4002Cmcc-edu的portal server地址,该处全省配置都一样,不用更改,注意server-type配置为cmcc(默认type为imc)Cmcc的portal server地址,该处配置全省一样,不用更改。免认证名单,该处配置全省一样,不用更改。免认证名单,该处配置全省一样,不用更改。免认证名单,IP地址需要变更,变成主备

32、AC之间所属CMCC认证接口的VRRP虚地址。免认证名单,IP地址需要变更,变成主AC所属CMCCEDU认证接口地址。免认证名单,IP地址需要变更,变成备AC所属CMCC认证接口地址。免认证名单,IP地址需要变更,变成主备AC之间所属CMCC认证接口的VRRP虚地址。免认证名单,IP地址需要变更,变成主AC所属CMCC认证接口地址。免认证名单,IP地址需要变更,变成主AC所属CMCC认证接口地址。允许AC内联接口免认证免认证名单,该处配置全省一样,不用更改。免认证名单,该处配置全省一样,不用更改。免认证名单,该处配置全省一样,不用更改。免认证名单,该处配置全省一样,不用更改。免认证名单,该处配

33、置全省一样,不用更改。配置portal device-id,按照规划统一配置,主备AC相同,不同AC不同。主备AC之间的热备,不同AC之间热备 域应配置为不同。AC的上行接口VLAN,按照规划配置即可AP的通道VLAN,按照规划配置CMCC用户网关VLANCMCC-EDU用户网关VLAN带地址的管理VLAN,用于AC及交换板之间通信,不透传到外网主备AC之间热备VLANDHCP server之间的热备VLANCMCC RADIUS配置,除nas-ip地址变更为AC与上行设备互联的VRRP虚拟地址之外,其他不做变更。Cmcc认证接入密码为:88-89Cmcc计费接入密码为:88-89除nas-i

34、p地址变更为AC与上行设备互联的VRRP虚拟地址之外CMCC-EDU RADIUS配置,除nas-ip地址变更为AC与上行设备互联的VRRP虚拟地址之外,其他不做变更。CMCC-EDU认证接入密码为:Ha2f%c6*lCMCC-EDU计费接入密码为:Ha2f%c6*lNAS-IP与CMCC配置相同CMCC认证域,用于绑定CMMC的RADIUS配置,开局不用变动。CMCC-EDU认证域,用于绑定CMCC-EDU与RADUIS配置,开局不做变动。AP的第一个地址池,按照规划配置即可AP的第二个地址池,按照规划配置即可AP的第三个地址池,按照规划配置即可CMCC用户的地址池,按照规划配置即可CMCC-EDU用户地址池,按照规划配置即可创建本地用户用户的授权级别,3为最大服务类型为

人人文库> 全部分类> 教育资料 > 辅导培训

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论