H3C開局AC配置指導(dǎo)課件_第1頁
H3C開局AC配置指導(dǎo)課件_第2頁
H3C開局AC配置指導(dǎo)課件_第3頁
H3C開局AC配置指導(dǎo)課件_第4頁
H3C開局AC配置指導(dǎo)課件_第5頁
已閱讀5頁,還剩4頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

1、行號配置解釋備注1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331

2、341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332

3、342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333

4、34335336337338339340341342343344345346347348349350351<UBJZO-MB-WLAN-AC21-01>dis cur# version 5.20, Release 2308# sysname UBJZO-MB-WLAN-AC21-01# clock timezone GMT add 08:00:00# super password level 3 cipher X7A'-%9#+WZ/3:L02.;!Q!# nas device-id 1# domain default enable cmcc# telnet server

5、enable# user-isolation vlan 1101 enable user-isolation vlan 1101 permit-mac 0000-5e00-0102 user-isolation vlan 1801 enable user-isolation vlan 1801 permit-mac 0000-5e00-0103# port-security enable# dhbk enable backup-type symmetric-path dhbk vlan 4001 # portal server cmcc-edu ip 0 url ht

6、tp:/0:8080/portal/ server-type cmcc portal server cmcc ip 40 url 40:7080/index.php server-type cmcc portal free-rule 1 source any destination ip 0 mask 55 portal free-rule 2 source any destination ip 07 mask 5

7、5 portal free-rule 3 source any destination ip mask 55 portal free-rule 4 source any destination ip mask 55 portal free-rule 5 source ip mask 55 destination any portal free-rule 7 source any destination ip mask 255.2

8、55.255.255 portal free-rule 8 source any destination ip mask 55 portal free-rule 9 source ip mask 55 destination any portal free-rule 11 source interface Bridge-Aggregation1 destination any portal free-rule 15 source any destination ip 5

9、mask 55 portal free-rule 16 source any destination ip 00 mask 55 portal free-rule 19 source any destination ip 42 mask 55 portal free-rule 20 source any destination ip 17 mask 55 portal free-rule 21 source any des

10、tination ip 40 mask 55 portal device-id 0061.0716.270.00# hot-backup enable domain 1 hot-backup vlan 4001# wlan capture file-name SnifferRecord#vlan 1#vlan 160#vlan 164 to 166#vlan 1101 description UserClient_CMCC#vlan 1801 description UserClient_CMCC-EDU#vlan 4000 descriptio

11、n Mgmt-with-IpAddress#vlan 4001 description hot-backup-vlan#vlan 4002 description DHBK-VLAN#radius scheme cmcc server-type extended primary authentication 38 1645 primary accounting 38 1646 key authentication cipher abQuGU4cQTpZL8rzyG52eg= key accounting cipher abQuGU4cQTpZL8rz

12、yG52eg= user-name-format keep-original nas-ip 8 retry stop-accounting 10radius scheme hubei server-type extended primary authentication primary accounting key authentication cipher BaZ+2npa/d8fuhywwHL0Kw= key accounting cipher BaZ+2npa/d8fuhywwHL0Kw= nas-ip 21

13、8 retry stop-accounting 10#domain cmcc authentication portal radius-scheme cmcc authorization portal radius-scheme cmcc accounting portal radius-scheme cmcc access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain edu authentication portal radius-scheme hub

14、ei authorization portal radius-scheme hubei accounting portal radius-scheme hubei access-limit disable state active idle-cut enable 15 10000 self-service-url disabledomain system access-limit disable state active idle-cut disable self-service-url disable#dhcp server ip-pool ap_dhcp_server-1 network

15、 mask #dhcp server ip-pool ap_dhcp_server-2 network mask #dhcp server ip-pool ap_dhcp_server-3 network mask #dhcp server ip-pool userclent_dhcp_server-cmcc network mask gateway-list dns-l

16、ist 0 07 expired day 0 hour 1#dhcp server ip-pool userclient_dhcp_server-cmcc-edu network mask gateway-list dns-list 0 07 expired day 0 hour 1#user-group system group-attribute allow-guest#local-user jzyd password

17、simple JZyd123! authorization-attribute level 3 service-type ssh telnet service-type web#wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan

18、 service-template 1 clear ssid CMCC bind WLAN-ESS 1 service-template enable#wlan service-template 2 clear ssid CMCC-EDU bind WLAN-ESS 2 service-template enable#interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 400

19、1 stp disable#interface NULL0#interface Vlan-interface160 ip address 6 48 vrrp vrid 1 virtual-ip 8 vrrp vrid 1 priority 110 vrrp vrid 1 track 1#interface Vlan-interface164 description Gateway_of_ap-group-1 ip address #interface Vlan-inte

20、rface165 description Gateway_of_ap-group-2 ip address #interface Vlan-interface166 description Gateway_of_ap-group-3 ip address # interface Vlan-interface1101 description GateWay_of_CMCC ip address vrrp vrid 2 virtual-ip 10

21、.104.0.1 vrrp vrid 2 priority 110 vrrp vrid 2 track 1 reduced 20 portal server cmcc method direct portal nas-port-type wireless portal backup-group 1 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10#interface Vlan-interface1801 description GateWay_of_CMCC-EDU ip addre

22、ss vrrp vrid 3 virtual-ip vrrp vrid 3 priority 110 vrrp vrid 3 track 1 reduced 20 portal nas-port-type wireless portal backup-group 2 portal nas-ip 8 access-user detect type arp retransmit 5 interval 10# interface Vlan-interface4000 ip address 192.16

23、8.100.1 #interface M-GigabitEthernet1/0/0 description MGMT ip address 54 48#interface Ten-GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface

24、Ten-GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 160 164 to 166 1101 1801 4000 to 4001 port link-aggregation group 1#interface WLAN-ESS1 port access vlan 1101#interface WLAN-ESS2 port access vlan 1801#nqa entry wlan cmcc type icmp-echo destination ip

25、 5 frequency 2000 reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trap-only source ip 6#wlan ap test model WA2100 id 1 priority level 7 serial-id 210235A22WC07B000009 backup-ac ip radio 1 service-template 1 nas-id 3700071627000460 s

26、ervice-template 2 nas-id 3700071627000460 radio enable# dhcp-snooping# ip route-static 5# info-center logfile frequency 3600 info-center logfile size-quota 10# snmp-agent snmp-agent local-engineid 800063A203C4CAD9308D94 snmp-agent community read sbzg_)(321 snmp-agent comm

27、unity write yxzl_)(123 snmp-agent sys-info version all snmp-agent target-host trap address udp-domain 20 params securityname public# track 1 nqa entry wlan cmcc reaction 1# dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip

28、dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp server forbidden-ip dhcp

29、server forbidden-ip # dhcp enable# nqa schedule wlan cmcc start-time now lifetime forever# ntp-service source-interface Vlan-interface160 ntp-service unicast-server 8 ntp-service unicast-server 5 ntp-service unicast-server 00 ntp-service unicast-server 6

30、4# ssh server enable# load xml-configuration#user-interface con 0user-interface aux 0 authentication-mode none user privilege level 3user-interface vty 0 4 authentication-mode scheme user privilege level 3#return系統(tǒng)名稱,根據(jù)規(guī)劃配置時區(qū)及時間配置超級密碼配置主AC的device-id配為1,備用配為2默認(rèn)認(rèn)證域,配置為cmcc開啟telnet服務(wù)器端,便于遠(yuǎn)程登錄

31、開啟VLAN 1101的用戶隔離允許所有的用戶與網(wǎng)關(guān)通信,該MAC地址為CMCC或者CMCC-EDU網(wǎng)關(guān)接口的VRRP組MAC。開啟主備AC之間的DHCP地址池備份,不同AC板卡的主備需要采用不同的VLAN,以防止廣播風(fēng)暴。例如第二塊板卡的dhbk vlan為4002Cmcc-edu的portal server地址,該處全省配置都一樣,不用更改,注意server-type配置為cmcc(默認(rèn)type為imc)Cmcc的portal server地址,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,IP地址需要變更,變成主備

32、AC之間所屬CMCC認(rèn)證接口的VRRP虛地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCCEDU認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成備AC所屬CMCC認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成主備AC之間所屬CMCC認(rèn)證接口的VRRP虛地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCC認(rèn)證接口地址。免認(rèn)證名單,IP地址需要變更,變成主AC所屬CMCC認(rèn)證接口地址。允許AC內(nèi)聯(lián)接口免認(rèn)證免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配置全省一樣,不用更改。免認(rèn)證名單,該處配

33、置全省一樣,不用更改。配置portal device-id,按照規(guī)劃統(tǒng)一配置,主備AC相同,不同AC不同。主備AC之間的熱備,不同AC之間熱備 域應(yīng)配置為不同。AC的上行接口VLAN,按照規(guī)劃配置即可AP的通道VLAN,按照規(guī)劃配置CMCC用戶網(wǎng)關(guān)VLANCMCC-EDU用戶網(wǎng)關(guān)VLAN帶地址的管理VLAN,用于AC及交換板之間通信,不透傳到外網(wǎng)主備AC之間熱備VLANDHCP server之間的熱備VLANCMCC RADIUS配置,除nas-ip地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外,其他不做變更。Cmcc認(rèn)證接入密碼為:88-89Cmcc計費(fèi)接入密碼為:88-89除nas-i

34、p地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外CMCC-EDU RADIUS配置,除nas-ip地址變更為AC與上行設(shè)備互聯(lián)的VRRP虛擬地址之外,其他不做變更。CMCC-EDU認(rèn)證接入密碼為:Ha2f%c6*lCMCC-EDU計費(fèi)接入密碼為:Ha2f%c6*lNAS-IP與CMCC配置相同CMCC認(rèn)證域,用于綁定CMMC的RADIUS配置,開局不用變動。CMCC-EDU認(rèn)證域,用于綁定CMCC-EDU與RADUIS配置,開局不做變動。AP的第一個地址池,按照規(guī)劃配置即可AP的第二個地址池,按照規(guī)劃配置即可AP的第三個地址池,按照規(guī)劃配置即可CMCC用戶的地址池,按照規(guī)劃配置即可CMCC-EDU用戶地址池,按照規(guī)劃配置即可創(chuàng)建本地用戶用戶的授權(quán)級別,3為最大服務(wù)類型為

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

最新文檔

評論

0/150

提交評論