版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)
文檔簡介
1、行號配置解釋備注1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331
2、341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332
3、342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333
4、34335336337338339340341342343344345346347348349350351<UBJZO-MB-WLAN-AC21-01>dis cur# version 5.20, Release 2308# sysname UBJZO-MB-WLAN-AC21-01# clock timezone GMT add 08:00:00# super password level 3 cipher X7A'-%9#+WZ/3:L02.;!Q!# nas device-id 1# domain default enable cmcc# telnet server
5、enable# user-isolation vlan 1101 enable user-isolation vlan 1101 permit-mac 0000-5e00-0102 user-isolation vlan 1801 enable user-isolation vlan 1801 permit-mac 0000-5e00-0103# port-security enable# dhbk enable backup-type symmetric-path dhbk vlan 4001 # portal server cmcc-edu ip 0 url ht
6、tp:/0:8080/portal/ server-type cmcc portal server cmcc ip 40 url 40:7080/index.php server-type cmcc portal free-rule 1 source any destination ip 0 mask 55 portal free-rule 2 source any destination ip 07 mask 5
7、5 portal free-rule 3 source any destination ip mask 55 portal free-rule 4 source any destination ip mask 55 portal free-rule 5 source ip mask 55 destination any portal free-rule 7 source any destination ip mask 255.2
8、55.255.255 portal free-rule 8 source any destination ip mask 55 portal free-rule 9 source ip mask 55 destination any portal free-rule 11 source interface Bridge-Aggregation1 destination any portal free-rule 15 source any destination ip 5
9、mask 55 portal free-rule 16 source any destination ip 00 mask 55 portal free-rule 19 source any destination ip 42 mask 55 portal free-rule 20 source any destination ip 17 mask 55 portal free-rule 21 source any des
10、tination ip 40 mask 55 portal device-id 0061.0716.270.00# hot-backup enable domain 1 hot-backup vlan 4001# wlan capture file-name SnifferRecord#vlan 1#vlan 160#vlan 164 to 166#vlan 1101 description UserClient_CMCC#vlan 1801 description UserClient_CMCC-EDU#vlan 4000 descriptio
11、n Mgmt-with-IpAddress#vlan 4001 description hot-backup-vlan#vlan 4002 description DHBK-VLAN#radius scheme cmcc server-type extended primary authentication 38 1645 primary accounting 38 1646 key authentication cipher abQuGU4cQTpZL8rzyG52eg= key accounting cipher abQuGU4cQTpZL8rz
12、yG52eg= user-name-format keep-original nas-ip 8 retry stop-accounting 10radius scheme hubei server-type extended primary authentication primary accounting key authentication cipher BaZ+2npa/d8fuhywwHL0Kw= key accounting cipher BaZ+2npa/d8fuhywwHL0Kw= nas-ip 21
13、8 retry stop-accounting 10#domain cmcc authentication portal radius-scheme cmcc authorization portal radius-scheme cmcc accounting portal radius-scheme cmcc access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain edu authentication portal radius-scheme hub
14、ei authorization portal radius-scheme hubei accounting portal radius-scheme hubei access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain system access-limit disable state active idle-cut disable self-service-url disable#dhcp server ip-pool ap_dhcp_server-1 network
15、 mask #dhcp server ip-pool ap_dhcp_server-2 network mask #dhcp server ip-pool ap_dhcp_server-3 network mask #dhcp server ip-pool userclent_dhcp_server-cmcc network mask gateway-list dns-l
16、ist 0 07 expired day 0 hour 1#dhcp server ip-pool userclient_dhcp_server-cmcc-edu network mask gateway-list dns-list 0 07 expired day 0 hour 1#user-group system group-attribute allow-guest#local-user jzyd password
17、simple JZyd123! authorization-attribute level 3 service-type ssh telnet service-type web#wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan
18、 service-template 1 clear ssid CMCC bind WLAN-ESS 1 service-template enable#wlan service-template 2 clear ssid CMCC-EDU bind WLAN-ESS 2 service-template enable#interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 400
19、1 stp disable#interface NULL0#interface Vlan-interface160 ip address 6 48 vrrp vrid 1 virtual-ip 8 vrrp vrid 1 priority 110 vrrp vrid 1 track 1#interface Vlan-interface164 description Gateway_of_ap-group-1 ip address #interface Vlan-inte
20、rface165 description Gateway_of_ap-group-2 ip address #interface Vlan-interface166 description Gateway_of_ap-group-3 ip address # interface Vlan-interface1101 description GateWay_of_CMCC ip address vrrp vrid 2 virtual-ip 10
21、.104.0.1 vrrp vrid 2 priority 110 vrrp vrid 2 track 1 reduced 20 portal server cmcc method direct portal nas-port-type wireless portal backup-group 1 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10#interface Vlan-interface1801 description GateWay_of_CMCC-EDU ip addre
22、ss vrrp vrid 3 virtual-ip vrrp vrid 3 priority 110 vrrp vrid 3 track 1 reduced 20 portal nas-port-type wireless portal backup-group 2 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10# interface Vlan-interface4000 ip address 192.16
23、8.100.1 #interface M-GigabitEthernet1/0/0 description MGMT ip address 54 48#interface Ten-GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface
24、Ten-GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface WLAN-ESS1 port access vlan 1101#interface WLAN-ESS2 port access vlan 1801#nqa entry wlan cmcc type icmp-echo destination ip
25、 5 frequency 2000 reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trap-only source ip 6#wlan ap test model WA2100 id 1 priority level 7 serial-id 210235A22WC07B000009 backup-ac ip radio 1 service-template 1 nas-id 3700071627000460 s
26、ervice-template 2 nas-id 3700071627000460 radio enable# dhcp-snooping# ip route-static 5# info-center logfile frequency 3600 info-center logfile size-quota 10# snmp-agent snmp-agent local-engineid 800063A203C4CAD9308D94 snmp-agent community read sbzg_)(321 snmp-agent comm
27、unity write yxzl_)(123 snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 20 params securityname public# track 1 nqa entry wlan cmcc reaction 1# dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip
28、dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp
29、server forbidden-ip # dhcp enable# nqa schedule wlan cmcc start-time now lifetime forever# ntp-service source-interface Vlan-interface160 ntp-service unicast-server 8 ntp-service unicast-server 5 ntp-service unicast-server 00 ntp-service unicast-server 6
30、4# ssh server enable# load xml-configuration#user-interface con 0user-interface aux 0 authentication-mode none user privilege level 3user-interface vty 0 4 authentication-mode scheme user privilege level 3#return系統(tǒng)名稱,根據(jù)規(guī)劃配置時區(qū)及時間配置超級密碼配置主AC的device-id配為1,備用配為2默認(rèn)認(rèn)證域,配置為cmcc開啟telnet服務(wù)器端,便于遠(yuǎn)程登錄
31、開啟VLAN 1101的用戶隔離允許所有的用戶與網(wǎng)關(guān)通信,該MAC地址為CMCC或者CMCC-EDU網(wǎng)關(guān)接口的VRRP組MAC。開啟主備AC之間的DHCP地址池備份,不同AC板卡的主備需要采用不同的VLAN,以防止廣播風(fēng)暴。例如第二塊板卡的dhbk vlan為4002Cmcc-edu的portal server地址,該處全省配置都一樣,不用更改,注意server-type配置為cmcc(默認(rèn)type為imc)Cmcc的portal server地址,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,IP地址需要變更,變成主備
32、AC之間所屬CMCC認(rèn)證接口的VRRP虛地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCCEDU認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成備AC所屬CMCC認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成主備AC之間所屬CMCC認(rèn)證接口的VRRP虛地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCC認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCC認(rèn)證接口地址。允許AC內(nèi)聯(lián)接口免認(rèn)證免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配
33、置全省一樣,不用更改。配置portal device-id,按照規(guī)劃統(tǒng)一配置,主備AC相同,不同AC不同。主備AC之間的熱備,不同AC之間熱備 域應(yīng)配置為不同。AC的上行接口VLAN,按照規(guī)劃配置即可AP的通道VLAN,按照規(guī)劃配置CMCC用戶網(wǎng)關(guān)VLANCMCC-EDU用戶網(wǎng)關(guān)VLAN帶地址的管理VLAN,用于AC及交換板之間通信,不透傳到外網(wǎng)主備AC之間熱備VLANDHCP server之間的熱備VLANCMCC RADIUS配置,除nas-ip地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外,其他不做變更。Cmcc認(rèn)證接入密碼為:88-89Cmcc計費(fèi)接入密碼為:88-89除nas-i
34、p地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外CMCC-EDU RADIUS配置,除nas-ip地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外,其他不做變更。CMCC-EDU認(rèn)證接入密碼為:Ha2f%c6*lCMCC-EDU計費(fèi)接入密碼為:Ha2f%c6*lNAS-IP與CMCC配置相同CMCC認(rèn)證域,用于綁定CMMC的RADIUS配置,開局不用變動。CMCC-EDU認(rèn)證域,用于綁定CMCC-EDU與RADUIS配置,開局不做變動。AP的第一個地址池,按照規(guī)劃配置即可AP的第二個地址池,按照規(guī)劃配置即可AP的第三個地址池,按照規(guī)劃配置即可CMCC用戶的地址池,按照規(guī)劃配置即可CMCC-EDU用戶地址池,按照規(guī)劃配置即可創(chuàng)建本地用戶用戶的授權(quán)級別,3為最大服務(wù)類型為
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 上海思博職業(yè)技術(shù)學(xué)院《環(huán)境監(jiān)測與分析》2023-2024學(xué)年第一學(xué)期期末試卷
- 上海師范大學(xué)《國際人力資源管理(雙語)》2023-2024學(xué)年第一學(xué)期期末試卷
- 上海師范大學(xué)《材料化學(xué)專業(yè)實(shí)驗(yàn)》2023-2024學(xué)年第一學(xué)期期末試卷
- 水渠項(xiàng)目績效報告范文
- 課題申報書:公司債券發(fā)行審核反饋意見的經(jīng)濟(jì)影響、作用機(jī)制和政策評估研究
- 課題申報書:風(fēng)險傳染下繳費(fèi)確定型養(yǎng)老金投資決策問題研究
- 上海杉達(dá)學(xué)院《遏制與共存-冷戰(zhàn)史》2023-2024學(xué)年第一學(xué)期期末試卷
- 上海農(nóng)林職業(yè)技術(shù)學(xué)院《稅法(一)》2023-2024學(xué)年第一學(xué)期期末試卷
- 專項(xiàng)10:文言文-【中職專用】2025年職教高考學(xué)業(yè)考試語文二輪專項(xiàng)突破(福建專用)
- 六年級語文上冊第七單元習(xí)作 我的拿手好戲 公開課一等獎創(chuàng)新教學(xué)設(shè)計-1
- 《金融學(xué)原理》期末考試復(fù)習(xí)題庫(含答案)
- 企業(yè)公司簡介模板課件
- 南京信息工程大學(xué)《高等代數(shù)》2023-2024學(xué)年第一學(xué)期期末試卷
- 口腔診所耗材管理制度實(shí)施細(xì)則
- 保護(hù)環(huán)境志愿活動
- Unit1復(fù)合不定代詞專項(xiàng)練習(xí) 人教版八年級英語上冊
- 《工程施工組織與概預(yù)算》綜合測試四及答案
- 信息素養(yǎng)通識教程:數(shù)字化生存的必修課學(xué)習(xí)通超星期末考試答案章節(jié)答案2024年
- 醫(yī)療器械經(jīng)營企業(yè)醫(yī)療器械銷售記錄制度
- 政府采購體育服務(wù)合同
- 二十屆三中全會精神學(xué)習(xí)題庫及答案
評論
0/150
提交評論