示例模板
已知该无线拓扑如图所示,其中要求如下:
互访网段:VLAN10
设备管理网段:VLAN4000
有线业务网段:VLAN11 -12
无线网段:VLAN16-31
无线管理网段:VLAN20
IP使用:192.168.0.0 255.255.0.0
VLAN10::192.168.10.0
VLAN4000:192.168.250.0
VLAN11:192.168.11.0
VLAN12:192.168.12.0
无线:192.168.16.0-192.168.31.0
核心交换机配置如下:
#
sysname Huawei
#
vlan batch 10 to 12 16 to 31 4000
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
#
interface Vlanif11
ip address 192.168.11.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 8.8.8.8
#
interface Vlanif12
ip address 192.168.12.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 223.5.5.5
#
interface Vlanif4000
ip address 192.168.250.254 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 16 to 31 100
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 11 to 12 4000
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 192.168.16.0 255.255.240.0 192.168.10.3
#
user-interface con 0
user-interface vty 0 4
#
return
LSW1交换机配置如下:
#
sysname Huawei
#
vlan batch 11 to 12 4000
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif4000
ip address 192.168.250.3 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12
#
interface Ethernet0/0/2
port link-type access
port default vlan 11
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
LSW2交换机配置如下:
#
sysname Huawei
#
vlan batch 11 to 12 4000
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif4000
ip address 192.168.250.3 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12
#
interface Ethernet0/0/2
port link-type access
port default vlan 11
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 11 to 12
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
路由器配置如下:
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 192.168.0.0 255.255.0.0 192.168.10.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AC配置如下:
[V200R007C10SPC300]
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 10 16 to 31 200 4000
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user root password irreversible-cipher $1a$IR@-($ZQ74$u]ut<:PW!+r[!uX-U9BWeD5″%/m+ZW\3L#8Xy<0P$
local-user root privilege level 3
local-user root service-type telnet ssh ftp http
local-user admin password irreversible-cipher $1a$H*FPH:@\#1$9#XOUlhzt!5f1V#q$KJ”\-Z`3″e!yHiM<rf=}o~0$
</rf=}o~0$
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif10
ip address 192.168.10.3 255.255.255.0
#
interface Vlanif16
ip address 192.168.16.1 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 8.8.8.8
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select interface
#
interface Vlanif200
ip address 192.168.186.2 255.255.255.0
#
interface Vlanif4000
ip address 192.168.250.250 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 20
port trunk allow-pass vlan 16 to 31
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/8
undo negotiation auto
duplex half
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 192.168.16.0 255.255.240.0 192.168.10.2
#
capwap source interface vlanif20
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name ssid11
security wpa-wpa2 psk pass-phrase %^%#BPzBBpUy3N}^}NE\]sQ7($MgY[y5M4pH&z>”M39/%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name ssid11
ssid ssid-1
ssid-profile name default
vap-profile name ssid11
service-vlan vlan-id 16
ssid-profile ssid11
security-profile ssid11
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name ap-z1
radio 0
vap-profile ssid11 wlan 1
radio 1
vap-profile ssid11 wlan 1
radio 2
vap-profile ssid11 wlan 1
ap-group name default
ap-id 0 type-id 69 ap-mac 00e0-fc37-4ab0 ap-sn 2102354483109117D95D
ap-group ap-z1
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return
此时的AC可采用命令行和web界面方式进行配置,节省配置时间,简化过程。待AC中 使用dis ap all命令可以查看到ap上线后配置完成,且 笔记本可以连通放射WiFi。